Use the same case everywhere

2019-07-01 11:30:05 +02:00 · 2019-07-01 11:30:05 +02:00 · c7d336f958
parent f6436663eb
commit c7d336f958
179 changed files with 5118 additions and 4436 deletions
--- a/docs/content/contributing/data-collection.md
+++ b/docs/content/contributing/data-collection.md
@ -14,9 +14,9 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
 ??? example "Enabling Data Collection with TOML"
    ```toml
-    [Global]
+    [global]
-        # Send anonymous usage data
+      # Send anonymous usage data
-        sendAnonymousUsage = true
+      sendAnonymousUsage = true
    ```
 ??? example "Enabling Data Collection with the CLI"
@ -51,24 +51,23 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
    ```toml
    [entryPoints]
-        [entryPoints.web]
+      [entryPoints.web]
-           address = ":80"
+         address = ":80"
    [api]
-    [Docker]
+    [providers.docker]
      endpoint = "tcp://10.10.10.10:2375"
      domain = "foo.bir"
      exposedByDefault = true
      swarmMode = true
-      [Docker.TLS]
+      [providers.docker.TLS]
        ca = "dockerCA"
        cert = "dockerCert"
        key = "dockerKey"
        insecureSkipVerify = true
-    [ECS]
+    [providers.ecs]
      domain = "foo.bar"
      exposedByDefault = true
      clusters = ["foo-bar"]
@ -81,24 +80,24 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
    ```toml
    [entryPoints]
-        [entryPoints.web]
+      [entryPoints.web]
-           address = ":80"
+        address = ":80"
    [api]
-    [Docker]
+    [providers.docker]
      endpoint = "xxxx"
      domain = "xxxx"
      exposedByDefault = true
      swarmMode = true
-      [Docker.TLS]
+      [providers.docker.TLS]
        ca = "xxxx"
        cert = "xxxx"
        key = "xxxx"
        insecureSkipVerify = false
-    [ECS]
+    [providers.ecs]
      domain = "xxxx"
      exposedByDefault = true
      clusters = []
--- a/docs/content/getting-started/configuration-overview.md
+++ b/docs/content/getting-started/configuration-overview.md
@ -6,7 +6,7 @@ How the Magic Happens
 ![Configuration](../assets/img/static-dynamic-configuration.png)
 Configuration in Traefik can refer to two different things:
-   
+
 - The fully dynamic routing configuration (referred to as the _dynamic configuration_)
 - The startup configuration (referred to as the _static configuration_)
@ -24,7 +24,7 @@ This configuration can change and is seamlessly hot-reloaded, without any reques
 Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file. Since this configuration is specific to your infrastructure choices, we invite you to refer to the [dedicated section of this documentation](../providers/overview.md).
 !!! Note 
-   
+
    In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers.
 !!! Note
--- a/docs/content/getting-started/quick-start.md
+++ b/docs/content/getting-started/quick-start.md
@ -14,13 +14,18 @@ version: '3'
 services:
  reverse-proxy:
-    image: traefik:v2.0 # The official v2.0 Traefik docker image
+    # The official v2.0 Traefik docker image
-    command: --api --providers.docker # Enables the web UI and tells Traefik to listen to docker
+    image: traefik:v2.0
    # Enables the web UI and tells Traefik to listen to docker
    command: --api --providers.docker
    ports:
-      - "80:80"     # The HTTP port
+      # The HTTP port
-      - "8080:8080" # The Web UI (enabled by --api)
+      - "80:80"
      # The Web UI (enabled by --api)
      - "8080:8080"
    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
+      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
 ```
 **That's it. Now you can launch Traefik!**
@ -42,7 +47,8 @@ Edit your `docker-compose.yml` file and add the following at the end of your fil
 ```yaml
 # ...
  whoami:
-    image: containous/whoami # A container that exposes an API to show its IP address
+    # A container that exposes an API to show its IP address
    image: containous/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
 ```
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@ -12,56 +12,103 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
 ??? example "Enabling ACME"
-    ```toml
+    ```toml tab="TOML"
    [entryPoints]
      [entryPoints.web]
         address = ":80"
      [entryPoints.http-tls]
         address = ":443"
    [acme] # every router with TLS enabled will now be able to use ACME for its certificates
       email = "your-email@your-domain.org"
       storage = "acme.json"
       onHostRule = true # dynamic generation based on the Host() & HostSNI() matchers
       [acme.httpChallenge]
          entryPoint = "web" # used during the challenge
    ```
 ??? example "Configuring Wildcard Certificates"
    ```toml
    [entryPoints]
      [entryPoints.web]
        address = ":80"
-
+    
      [entryPoints.http-tls]
        address = ":443"
    # every router with TLS enabled will now be able to use ACME for its certificates
    [acme]
      email = "your-email@your-domain.org"
      storage = "acme.json"
      # dynamic generation based on the Host() & HostSNI() matchers
      onHostRule = true
      [acme.httpChallenge]
        # used during the challenge
        entryPoint = "web"
    ```
    ```yaml tab="YAML"
    entryPoints:
      web:
        address: ":80"
      http-tls:
        address: ":443"
    # every router with TLS enabled will now be able to use ACME for its certificates
    acme:
      email: your-email@your-domain.org
      storage: acme.json
      # dynamic generation based on the Host() & HostSNI() matchers
      onHostRule: true
      httpChallenge:
        # used during the challenge
        entryPoint: web
    ```
 ??? example "Configuring Wildcard Certificates"
    ```toml tab="TOML"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
      [entryPoints.http-tls]
        address = ":443"
    [acme]
      email = "your-email@your-domain.org"
      storage = "acme.json"
      [acme.dnsChallenge]
        provider = "xxx"
-
+    
      [[acme.domains]]
        main = "*.mydomain.com"
        sans = ["mydomain.com"]
    ```
    ```yaml tab="YAML"
    entryPoints:
      web:
        address: ":80"
      http-tls:
        address: ":443"
    acme:
      email: your-email@your-domain.org
      storage: acme.json
      dnsChallenge:
        provide: xxx
      domains:
        - main: "*.mydomain.com"
          sans:
            - mydomain.com
    ```
 ??? note "Configuration Reference"
-    There are many available options for ACME. For a quick glance at what's possible, browse the configuration reference:
+    There are many available options for ACME.
    For a quick glance at what's possible, browse the configuration reference:
-    ```toml
+    ```toml tab="TOML"
    --8<-- "content/https/ref-acme.toml"
    ```
    ```yaml tab="YAML"
    --8<-- "content/https/ref-acme.yaml"
    ```
 ## Automatic Renewals
 Traefik automatically tracks the expiry date of ACME certificates it generates.
-If there are less than 30 days remaining before the certificate expires, Traefik will attempt to rewnew it automatically.
+If there are less than 30 days remaining before the certificate expires, Traefik will attempt to renew it automatically.
 !!! note
    Certificates that are no longer used may still be renewed, as Traefik does not currently check if the certificate is being used before renewing.
@ -77,9 +124,14 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
 ??? example "Configuring the `tlsChallenge`"
-    ```toml
+    ```toml tab="TOML"
    [acme]
-       [acme.tlsChallenge]
+      [acme.tlsChallenge]
    ```
    ```yaml tab="YAML"
    acme:
      tlsChallenge: {}
    ```
 ### `httpChallenge`
@ -91,11 +143,18 @@ when using the `HTTP-01` challenge, `acme.httpChallenge.entryPoint` must be reac
 ??? example "Using an EntryPoint Called http for the `httpChallenge`"
-    ```toml
+    ```toml tab="TOML"
    [acme]
-       # ...
+      # ...
-       [acme.httpChallenge]
+      [acme.httpChallenge]
-          entryPoint = "http"
+        entryPoint = "http"
    ```
    ```yaml tab="YAML"
    acme:
      # ...
      httpChallenge:
        entryPoint: http
    ```
 !!! note
@ -107,12 +166,21 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
 ??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
-    ```toml
+    ```toml tab="TOML"
    [acme]
-       # ...
+      # ...
-       [acme.dnsChallenge]
+      [acme.dnsChallenge]
-          provider = "digitalocean"
+        provider = "digitalocean"
-          delayBeforeCheck = 0
+        delayBeforeCheck = 0
    # ...
    ```
    ```yaml tab="YAML"
    acme:
      # ...
      dnsChallenge:
        provider: digitalocean
        delayBeforeCheck: 0
    # ...
    ```
@ -200,12 +268,22 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 Use custom DNS servers to resolve the FQDN authority.
-```toml
+```toml tab="TOML"
 [acme]
-   # ...
+  # ...
-   [acme.dnsChallenge]
+  [acme.dnsChallenge]
-      # ...
+    # ...
-      resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
+    resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
 ```
 ```yaml tab="YAML"
 acme:
  # ...
  dnsChallenge:
    # ...
    resolvers:
    - "1.1.1.1:53"
    - "8.8.8.8:53"
 ```
 #### Wildcard Domains
@ -213,12 +291,23 @@ Use custom DNS servers to resolve the FQDN authority.
 [ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
 As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](#dnschallenge).
-```toml
+```toml tab="TOML"
 [acme]
-   # ...
+  # ...
-   [[acme.domains]]
+  [[acme.domains]]
-      main = "*.local1.com"
+    main = "*.local1.com"
-      sans = ["local1.com"]
+    sans = ["local1.com"]
 # ...
 ```
 ```yaml tab="YAML"
 acme:
  # ...
  domains:
    - main: "*.local1.com"
      sans:
      - local1.com
 # ...
 ```
@ -240,17 +329,33 @@ You can set SANs (alternative domains) for each main domain.
 Every domain must have A/AAAA records pointing to Traefik.
 Each domain & SAN will lead to a certificate request.
-```toml
+```toml tab="TOML"
 [acme]
-   # ...
+  # ...
-   [[acme.domains]]
+  [[acme.domains]]
-      main = "local1.com"
+    main = "local1.com"
-      sans = ["test1.local1.com", "test2.local1.com"]
+    sans = ["test1.local1.com", "test2.local1.com"]
-   [[acme.domains]]
+  [[acme.domains]]
-      main = "local2.com"
+    main = "local2.com"
-   [[acme.domains]]
+  [[acme.domains]]
-      main = "*.local3.com"
+    main = "*.local3.com"
-      sans = ["local3.com", "test1.test1.local3.com"]
+    sans = ["local3.com", "test1.test1.local3.com"]
 # ...
 ```
 ```yaml tab="YAML"
 acme:
  # ...
  domains:
    - main: "local1.com"
      sans:
      - "test1.local1.com"
      - "test2.local1.com"
    - main: "local2.com"
    - main: "*.local3.com"
      sans:
      - "local3.com"
      - "test1.test1.local3.com"
 # ...
 ```
@ -264,11 +369,18 @@ Each domain & SAN will lead to a certificate request.
 ??? example "Using the Let's Encrypt staging server"
-    ```toml
+    ```toml tab="TOML"
    [acme]
-       # ...
+      # ...
-       caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
-       # ...
+      # ...
    ```
    ```yaml tab="YAML"
    acme:
      # ...
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      # ...
    ```
 ## `onHostRule`
@ -277,11 +389,18 @@ Enable certificate generation on [routers](../routing/routers/index.md) `Host` &
 This will request a certificate from Let's Encrypt for each router with a Host rule.
-```toml
+```toml tab="TOML"
 [acme]
-   # ...
+  # ...
-   onHostRule = true
+  onHostRule = true
-   # ...
+  # ...
 ```
 ```yaml tab="YAML"
 acme:
  # ...
  onHostRule: true
  # ...
 ```
 !!! note "Multiple Hosts in a Rule"
@ -294,17 +413,23 @@ This will request a certificate from Let's Encrypt for each router with a Host r
 The `storage` option sets the location where your ACME certificates are saved to.
-```toml
+```toml tab="TOML"
 [acme]
-   # ...
+  # ...
-   storage = "acme.json"
+  storage = "acme.json"
-   # ...
+  # ...
 ```
-The value can refer to two kinds of storage:
+```yaml tab="YAML"
 acme
  # ...
  storage: acme.json
  # ...
 ```
 The value can refer to some kinds of storage:
 - a JSON file
 - a KV store entry
 ### In a File
@ -323,19 +448,6 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
 !!! warning
    For concurrency reason, this file cannot be shared across multiple instances of Traefik. Use a key value store entry instead.
 ### In a a Key Value Store Entry
 ACME certificates can be stored in a key-value store entry.
 ```toml
 storage = "traefik/acme/account"
 ```
 !!! note "Storage Size"
    Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved.
    For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul.
 ## Fallback
 If Let's Encrypt is not reachable, the following certificates will apply:
--- a/docs/content/https/ref-acme.toml
+++ b/docs/content/https/ref-acme.toml
@ -7,31 +7,11 @@
 #
 email = "test@traefik.io"
 # File used for certificates storage.
 #
 # Optional (Deprecated)
 #
 #storageFile = "acme.json"
 # File or key used for certificates storage.
 #
 # Required
 #
 storage = "acme.json"
 # or `storage = "traefik/acme/account"` if using KV store.
 # Deprecated, replaced by [acme.dnsChallenge].
 #
 # Optional.
 #
 # dnsProvider = "digitalocean"
 # Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck].
 #
 # Optional
 # Default: 0
 #
 # delayDontCheckDNS = 0
 # If true, display debug log messages from the acme client library.
 #
@ -47,14 +27,7 @@ storage = "acme.json"
 #
 # overrideCertificates = true
-# Deprecated. Enable on demand certificate generation.
+# Enable certificate generation on routers host rules.
 #
 # Optional
 # Default: false
 #
 # onDemand = true
 # Enable certificate generation on frontends host rules.
 #
 # Optional
 # Default: false
@ -95,7 +68,7 @@ storage = "acme.json"
  #
  # Required
  #
-  # entryPoint = "http"
+  # entryPoint = "web"
 # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
 # Note: mandatory for wildcard certificate generation.
--- a/docs/content/https/ref-acme.yaml
+++ b/docs/content/https/ref-acme.yaml
@ -0,0 +1,127 @@
 # Enable ACME (Let's Encrypt): automatic SSL.
 acme:
  # Email address used for registration.
  #
  # Required
  #
  email: "test@traefik.io"
  # File or key used for certificates storage.
  #
  # Required
  #
  storage: "acme.json"
  # If true, display debug log messages from the acme client library.
  #
  # Optional
  # Default: false
  #
  # acmeLogging: true
  # If true, override certificates in key-value store when using storeconfig.
  #
  # Optional
  # Default: false
  #
  # overrideCertificates: true
  # Enable certificate generation on routers host rules.
  #
  # Optional
  # Default: false
  #
  # onHostRule: true
  # CA server to use.
  # Uncomment the line to use Let's Encrypt's staging server,
  # leave commented to go to prod.
  #
  # Optional
  # Default: "https://acme-v02.api.letsencrypt.org/directory"
  #
  # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
  # KeyType to use.
  #
  # Optional
  # Default: "RSA4096"
  #
  # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
  #
  # KeyType: RSA4096
  # Use a TLS-ALPN-01 ACME challenge.
  #
  # Optional (but recommended)
  #
  tlsChallenge:
  # Use a HTTP-01 ACME challenge.
  #
  # Optional
  #
  # httpChallenge:
    # EntryPoint to use for the HTTP-01 challenges.
    #
    # Required
    #
    # entryPoint: web
  # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
  # Note: mandatory for wildcard certificate generation.
  #
  # Optional
  #
  # dnsChallenge:
    # DNS provider used.
    #
    # Required
    #
    # provider: digitalocean
    # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
    # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
    # Useful if internal networks block external DNS queries.
    #
    # Optional
    # Default: 0
    #
    # delayBeforeCheck: 0
    # Use following DNS servers to resolve the FQDN authority.
    #
    # Optional
    # Default: empty
    #
    # resolvers
    # - "1.1.1.1:53"
    # - "8.8.8.8:53"
    # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
    #
    # NOT RECOMMENDED:
    # Increase the risk of reaching Let's Encrypt's rate limits.
    #
    # Optional
    # Default: false
    #
    # disablePropagationCheck: true
  # Domains list.
  # Only domains defined here can generate wildcard certificates.
  # The certificates for these domains are negotiated at traefik startup only.
  #
  # domains:
  # - main: "local1.com"
  #   sans:
  #   - "test1.local1.com"
  #   - "test2.local1.com"
  # - main: "local2.com"
  # - main: "*.local3.com"
  #   sans:
  #   - "local3.com"
  #   - "test1.test1.local3.com"
--- a/docs/content/https/tls.md
+++ b/docs/content/https/tls.md
@ -13,7 +13,7 @@ See the [Let's Encrypt](./acme.md) page.
 To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section:
-```toml
+```toml tab="TOML"
 [[tls.certificates]]
  certFile = "/path/to/domain.cert"
  keyFile = "/path/to/domain.key"
@ -23,6 +23,15 @@ To add / remove TLS certificates, even when Traefik is already running, their de
  keyFile = "/path/to/other-domain.key"
 ```
 ```yaml tab="YAML"
 tls:
  certificates:
  - certFile: /path/to/domain.cert
    keyFile: /path/to/domain.key
  - certFile: /path/to/other-domain.cert
    keyFile: /path/to/other-domain.key
 ```
 !!! important "File Provider Only"
    In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
@ -32,23 +41,29 @@ To add / remove TLS certificates, even when Traefik is already running, their de
 In Traefik, certificates are grouped together in certificates stores, which are defined as such:
-```toml
+```toml tab="TOML"
 [tls.stores]
  [tls.stores.default]
 ```
 ```yaml tab="YAML"
 tls:
  stores:
    default: {}
 ```
 !!! important "Alpha restriction"
    During the alpha version, any store definition other than the default one (named `default`) will be ignored,
    and there is thefore only one globally available TLS store.
-In the `[[tls.certificates]]` section, a list of stores can then be specified to indicate where the certificates should be stored:
+In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
-```toml
+```toml tab="TOML"
 [[tls.certificates]]
  stores = ["default"]
  certFile = "/path/to/domain.cert"
  keyFile = "/path/to/domain.key"
  stores = ["default"]
 [[tls.certificates]]
  # Note that since no store is defined,
@ -57,6 +72,19 @@ In the `[[tls.certificates]]` section, a list of stores can then be specified to
  keyFile = "/path/to/other-domain.key"
 ```
 ```yaml tab="YAML"
 tls:
  certificates:
  - certFile: /path/to/domain.cert
    keyFile: /path/to/domain.key
    stores:
    - default
  # Note that since no store is defined,
  # the certificate below will be stored in the `default` store.
  - certFile: /path/to/other-domain.cert
    keyFile: /path/to/other-domain.key
 ```
 !!! important "Alpha restriction"
    During the alpha version, the `stores` list will actually be ignored and automatically set to `["default"]`.
@ -66,7 +94,7 @@ In the `[[tls.certificates]]` section, a list of stores can then be specified to
 Traefik can use a default certificate for connections without a SNI, or without a matching domain.
 This default certificate should be defined in a TLS store:
-```toml
+```toml tab="TOML"
 [tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
@ -74,6 +102,15 @@ This default certificate should be defined in a TLS store:
      keyFile  = "path/to/cert.key"
 ```
 ```yaml tab="YAML"
 tls:
  stores:
    default:
      defaultCertificate:
        certFile: path/to/cert.crt
        keyFile: path/to/cert.key
 ```
 If no default certificate is provided, Traefik generates and uses a self-signed certificate.
 ## TLS Options
@ -82,7 +119,7 @@ The TLS options allow one to configure some parameters of the TLS connection.
 ### Minimum TLS Version
-```toml
+```toml tab="TOML"
 [tls.options]
  [tls.options.default]
@ -92,6 +129,16 @@ The TLS options allow one to configure some parameters of the TLS connection.
    minVersion = "VersionTLS13"
 ```
 ```yaml tab="YAML"
 tls:
  options:
    default:
      minVersion: VersionTLS12
    mintls13:
      minVersion: VersionTLS13
 ```
 ### Mutual Authentication
 Traefik supports both optional and strict (which is the default) mutual authentication, though the `ClientCA.files` section.
@ -102,20 +149,32 @@ For clients with a certificate, the `optional` option governs the behaviour as f
 - When `optional = false`, Traefik accepts connections only from clients presenting a certificate signed by a CA listed in `ClientCA.files`.
 - When `optional = true`, Traefik authorizes connections from clients presenting a certificate signed by an unknown CA.
-```toml
+```toml tab="TOML"
 [tls.options]
  [tls.options.default]
-    [tls.options.default.ClientCA]
+    [tls.options.default.clientCA]
      # in PEM format. each file can contain multiple CAs.
      files = ["tests/clientca1.crt", "tests/clientca2.crt"]
      optional = false
 ```
 ```yaml tab="YAML"
 tls:
  options:
    default:
      clientCA:
        # in PEM format. each file can contain multiple CAs.
        files:
        - tests/clientca1.crt
        - tests/clientca2.crt
        optional: false
 ```
 ### Cipher Suites
 See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
-```toml
+```toml tab="TOML"
 [tls.options]
  [tls.options.default]
    cipherSuites = [
@ -124,13 +183,29 @@ See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more informat
    ]
 ```
 ```yaml tab="YAML"
 tls:
  options:
    default:
      cipherSuites:
      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      - TLS_RSA_WITH_AES_256_GCM_SHA384
 ```
 ### Strict SNI Checking
 With strict SNI checking, Traefik won't allow connections from clients connections
 that do not specify a server_name extension.
-```toml
+```toml tab="TOML"
 [tls.options]
  [tls.options.default]
    sniStrict = true
 ```
 ```yaml tab="YAML"
 tls:
  options:
    default:
      sniStrict: true
 ```
--- a/docs/content/middlewares/addprefix.md
+++ b/docs/content/middlewares/addprefix.md
@ -41,8 +41,8 @@ labels:
 ```toml tab="File"
 # Prefixing with /foo
 [http.middlewares]
-  [http.middlewares.add-foo.AddPrefix]
+  [http.middlewares.add-foo.addPrefix]
-     prefix = "/foo"
+    prefix = "/foo"
 ```
 ## Configuration Options
--- a/docs/content/middlewares/basicauth.md
+++ b/docs/content/middlewares/basicauth.md
@ -47,7 +47,7 @@ labels:
 ```toml tab="File"
 # Declaring the user list
 [http.middlewares]
-  [http.middlewares.test-auth.basicauth]
+  [http.middlewares.test-auth.basicAuth]
  users = [
    "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", 
    "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
@ -61,7 +61,7 @@ labels:
 Passwords must be encoded using MD5, SHA1, or BCrypt.
 !!! tip 
-   
+
    Use `htpasswd` to generate the passwords.
 ### `users`
@ -120,7 +120,7 @@ spec:
 ```
 ```toml tab="File"
-[http.middlewares.my-auth.basicauth]
+[http.middlewares.my-auth.basicAuth]
  # ...
  headerField = "X-WebAuth-User"
 ```
--- a/docs/content/middlewares/buffering.md
+++ b/docs/content/middlewares/buffering.md
@ -46,7 +46,7 @@ labels:
 # Sets the maximum request body to 2Mb
 [http.middlewares]
  [http.middlewares.limit.buffering]
-      maxRequestBodyBytes = 250000
+    maxRequestBodyBytes = 250000
 ```
 ## Configuration Options
--- a/docs/content/middlewares/chain.md
+++ b/docs/content/middlewares/chain.md
@ -111,27 +111,27 @@ labels:
 ```toml tab="File"
 # ...    
 [http.routers]
-    [http.routers.router1]
+  [http.routers.router1]
-        service = "service1"
+    service = "service1"
-        middlewares = ["secured"]
+    middlewares = ["secured"]
-        rule = "Host(`mydomain`)"
+    rule = "Host(`mydomain`)"
 [http.middlewares]
-    [http.middlewares.secured.Chain]
+  [http.middlewares.secured.chain]
-        middlewares = ["https-only", "known-ips", "auth-users"]
+    middlewares = ["https-only", "known-ips", "auth-users"]
-    [http.middlewares.auth-users.BasicAuth]
+  [http.middlewares.auth-users.basicAuth]
-        users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
+    users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
-    [http.middlewares.https-only.redirectScheme]
+  [http.middlewares.https-only.redirectScheme]
-        scheme = "https"
+    scheme = "https"
-    [http.middlewares.known-ips.ipWhiteList]
+  [http.middlewares.known-ips.ipWhiteList]
-        sourceRange = ["192.168.1.7", "127.0.0.1/32"]
+    sourceRange = ["192.168.1.7", "127.0.0.1/32"]
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:80"
+        url = "http://127.0.0.1:80"
 ```
--- a/docs/content/middlewares/circuitbreaker.md
+++ b/docs/content/middlewares/circuitbreaker.md
@ -55,8 +55,8 @@ labels:
 ```toml tab="File"
 # Latency Check
 [http.middlewares]
-   [http.middlewares.latency-check.circuitBreaker]
+  [http.middlewares.latency-check.circuitBreaker]
-      expression = "LatencyAtQuantileMS(50.0) > 100"
+    expression = "LatencyAtQuantileMS(50.0) > 100"
 ```
 ## Possible States
@ -66,7 +66,7 @@ There are three possible states for your circuit breaker:
 - Close (your service operates normally)
 - Open (the fallback mechanism takes over your service)
 - Recovering (the circuit breaker tries to resume normal operations by progressively sending requests to your service)
-   
+
 ### Close
 While close, the circuit breaker only collects metrics to analyze the behavior of the requests.
@ -95,7 +95,7 @@ The `expression` can check three different metrics:
 - The network error ratio (`NetworkErrorRatio`)
 - The status code ratio (`ResponseCodeRatio`)
 - The latency at quantile, in milliseconds (`LatencyAtQuantileMS`)
-   
+
 #### `NetworkErrorRatio`
 If you want the circuit breaker to trigger at a 30% ratio of network errors, the expression will be `NetworkErrorRatio() > 0.30`
@ -151,7 +151,7 @@ Here is the list of supported operators:
 ### Fallback mechanism
 The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client (instead of calling the target service). This behavior cannot be configured. 
-   
+
 ### `CheckPeriod`
 The interval used to evaluate `expression` and decide if the state of the circuit breaker must change. By default, `CheckPeriod` is 100Ms. This value cannot be configured.
--- a/docs/content/middlewares/compress.md
+++ b/docs/content/middlewares/compress.md
@ -40,7 +40,7 @@ labels:
 ```toml tab="File"
 # Enable gzip compression
 [http.middlewares]
-  [http.middlewares.test-compress.Compress]
+  [http.middlewares.test-compress.compress]
 ```
 ## Notes
--- a/docs/content/middlewares/digestauth.md
+++ b/docs/content/middlewares/digestauth.md
@ -53,7 +53,7 @@ labels:
 ## Configuration Options
-### `Users`
+### `users`
 The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
@ -61,7 +61,7 @@ The `users` option is an array of authorized users. Each user will be declared u
    If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
-### `UsersFile`
+### `usersFile`
 The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@ -78,11 +78,11 @@ The file content is a list of `name:realm:encoded-password`.
    If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
-### `Realm`
+### `realm`
 You can customize the realm for the authentication with the `realm` option. The default value is `traefik`. 
-### `HeaderField`
+### `headerField`
 You can customize the header field for the authenticated user using the `headerField`option.
@ -121,6 +121,6 @@ labels:
  headerField = "X-WebAuth-User"
 ```
-### `RemoveHeader`
+### `removeHeader`
 Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
--- a/docs/content/middlewares/errorpages.md
+++ b/docs/content/middlewares/errorpages.md
@ -52,7 +52,7 @@ labels:
 ```toml tab="File"
 # Custom Error Page for 5XX
 [http.middlewares]
-  [http.middlewares.test-errorpage.Errors]
+  [http.middlewares.test-errorpage.errors]
    status = ["500-599"]
    service = "serviceError"
    query = "/{status}.html"
--- a/docs/content/middlewares/forwardauth.md
+++ b/docs/content/middlewares/forwardauth.md
@ -14,14 +14,14 @@ Otherwise, the response from the authentication server is returned.
 ```yaml tab="Docker"
 # Forward authentication to authserver.com
 labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
+- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
+- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
+- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
 ```
 ```yaml tab="Kubernetes"
@ -45,28 +45,28 @@ spec:
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-auth.ForwardAuth.Address": "https://authserver.com/auth",
+  "traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth",
-  "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders": "X-Auth-User,X-Secret",
+  "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders": "X-Auth-User,X-Secret",
-  "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA": "path/to/local.crt",
+  "traefik.http.middlewares.test-auth.forwardauth.tls.ca": "path/to/local.crt",
-  "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional": "true",
+  "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional": "true",
-  "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert": "path/to/foo.cert",
+  "traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
-  "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify": "true",
+  "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify": "true",
-  "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key": "path/to/foo.key",
+  "traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key",
-  "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader": "true"
+  "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader": "true"
 }
 ```
 ```yaml tab="Rancher"
 # Forward authentication to authserver.com
 labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
+- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
+- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.InisecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
+- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
+- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
 ```
 ```toml tab="File"
@ -77,7 +77,7 @@ labels:
    trustForwardHeader = true
    authResponseHeaders = ["X-Auth-User", "X-Secret"]
-    [http.middlewares.test-auth.forwardauth.tls]
+    [http.middlewares.test-auth.forwardAuth.tls]
      ca = "path/to/local.crt"
      caOptional = true
      cert = "path/to/foo.cert"
@ -92,7 +92,7 @@ The `address` option defines the authentication server address.
 ### `trustForwardHeader`
-Set the `trustForwardHeader` option to true to trust all the existing X-Forwarded-* headers.
+Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwarded-*` headers.
 ### `authResponseHeaders`
@ -100,4 +100,4 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut
 ### `tls`
-The `tls` option is the tls configuration from Traefik to the authentication server.
+The `tls` option is the TLS configuration from Traefik to the authentication server.
--- a/docs/content/middlewares/headers.md
+++ b/docs/content/middlewares/headers.md
@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
 ```yaml tab="Docker"
 labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
+- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
+- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=True"
 ```
 ```yaml tab="Kubernetes"
@ -34,23 +34,23 @@ spec:
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
+  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
-  "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header": "True"
+  "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "True"
 }
 ```
 ```yaml tab="Rancher"
 labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
+- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
+- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=True"
 ```
 ```toml tab="File"
 [http.middlewares]
  [http.middlewares.testHeader.headers]
-    [http.middlewares.testHeader.headers.CustomRequestHeaders]
+    [http.middlewares.testHeader.headers.customRequestHeaders]
        X-Script-Name = "test"
-    [http.middlewares.testHeader.headers.CustomResponseHeaders]
+    [http.middlewares.testHeader.headers.customResponseHeaders]
        X-Custom-Response-Header = "True"
 ```
@ -77,22 +77,22 @@ spec:
 ```yaml tab="Rancher"
 labels:
-  - "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
+  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
 ```
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
+  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
 }
 ```
 ```toml tab="File"    
 [http.middlewares]
  [http.middlewares.testHeader.headers]
-    [http.middlewares.testHeader.headers.CustomRequestHeaders]
+    [http.middlewares.testHeader.headers.customRequestHeaders]
        X-Script-Name = "test" # Adds
        X-Custom-Request-Header = "" # Removes
-    [http.middlewares.testHeader.headers.CustomResponseHeaders]
+    [http.middlewares.testHeader.headers.customResponseHeaders]
        X-Custom-Response-Header = "" # Removes
 ```
@ -103,8 +103,8 @@ This functionality allows for some easy security features to quickly be set.
 ```yaml tab="Docker"
 labels:
-  - "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
+  - "traefik.http.middlewares.testHeader.headers.framedeny=true"
-  - "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
+  - "traefik.http.middlewares.testHeader.headers.sslredirect=true"
 ```
 ```yaml tab="Kubernetes"
@ -120,14 +120,14 @@ spec:
 ```yaml tab="Rancher"
 labels:
-  - "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
+  - "traefik.http.middlewares.testheader.headers.framedeny=true"
-  - "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
+  - "traefik.http.middlewares.testheader.headers.sslredirect=true"
 ```
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.testHeader.Headers.FrameDeny": "true",
+  "traefik.http.middlewares.testheader.headers.framedeny": "true",
-  "traefik.http.middlewares.testHeader.Headers.SSLRedirect": "true"
+  "traefik.http.middlewares.testheader.headers.sslredirect": "true"
 }
 ```
@ -145,10 +145,10 @@ This functionality allows for more advanced security features to quickly be set.
 ```yaml tab="Docker"
 labels:
-  - "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
-  - "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
-  - "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
-  - "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
+  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
 ```yaml tab="Kubernetes"
@ -158,39 +158,39 @@ metadata:
  name: testHeader
 spec:
  headers:
-    AccessControlAllowMethods:
+    accessControlAllowMethods:
      - "GET"
      - "OPTIONS"
      - "PUT"
-    AccessControlAllowOrigin: "origin-list-or-null"
+    accessControlAllowOrigin: "origin-list-or-null"
-    AccessControlMaxAge: 100
+    accessControlMaxAge: 100
-    AddVaryHeader: "true"
+    addVaryHeader: "true"
 ```
 ```yaml tab="Rancher"
 labels:
-  - "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
-  - "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
-  - "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
-  - "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
+  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods": "GET,OPTIONS,PUT",
+  "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
-  "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin": "origin-list-or-null",
+  "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin": "origin-list-or-null",
-  "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge": "100",
+  "traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
-  "traefik.http.middlewares.testHeader.Headers.AddVaryHeader": "true"
+  "traefik.http.middlewares.testheader.headers.addvaryheader": "true"
 }
 ```
 ```toml tab="File"    
 [http.middlewares]
  [http.middlewares.testHeader.headers]
-    AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
+    accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
-    AccessControlAllowOrigin = "origin-list-or-null"
+    accessControlAllowOrigin = "origin-list-or-null"
-    AccessControlMaxAge = 100
+    accessControlMaxAge = 100
-    AddVaryHeader = true
+    addVaryHeader = true
 ```
 ## Configuration Options
@ -225,7 +225,8 @@ The  `accessControlAllowMethods` indicates which methods can be used during requ
 ### `accessControlAllowOrigin`
-The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values. The three options for this value are:
+The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values.
 The three options for this value are:
 - `origin-list-or-null`
 - `*`
@ -261,11 +262,12 @@ Set the `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302
 ### `sslHost` 
-The `SSLHost` option is the host name that is used to redirect http requests to https.
+The `sslHost` option is the host name that is used to redirect http requests to https.
 ### `sslProxyHeaders` 
-The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request. Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
+The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request.
 Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
 ### `sslForceHost` 
@ -273,7 +275,8 @@ Set `sslForceHost` to true and set SSLHost to forced requests to use `SSLHost` e
 ### `stsSeconds` 
-The `stsSeconds` is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header.
+The `stsSeconds` is the max-age of the Strict-Transport-Security header.
 If set to 0, would NOT include the header.
 ### `stsIncludeSubdomains` 
@ -281,11 +284,11 @@ The `stsIncludeSubdomains` is set to true, the `includeSubdomains` will be appen
 ### `stsPreload` 
-Set `STSPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
+Set `stsPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
 ### `forceSTSHeader`
-Set `ForceSTSHeader` to true, to add the STS header even when the connection is HTTP.
+Set `forceSTSHeader` to true, to add the STS header even when the connection is HTTP.
 ### `frameDeny` 
@ -293,7 +296,8 @@ Set `frameDeny` to true to add the `X-Frame-Options` header with the value of `D
 ### `customFrameOptionsValue` 
-The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value. This overrides the FrameDeny option.
+The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value.
 This overrides the FrameDeny option.
 ### `contentTypeNosniff`
@ -301,11 +305,12 @@ Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with
 ### `browserXssFilter`
-Set `BrowserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
+Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
 ### `customBrowserXSSValue`
-The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the BrowserXssFilter option.
+The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value.
 This overrides the BrowserXssFilter option.
 ### `contentSecurityPolicy`
@ -321,5 +326,7 @@ The `referrerPolicy` allows sites to control when browsers will pass the Referer
 ### `isDevelopment`
-Set `isDevelopment` to true when developing. The AllowedHosts, SSL, and STS options can cause some unwanted effects. Usually testing happens on http, not https, and on localhost, not your production domain.  
+Set `isDevelopment` to true when developing.
 The AllowedHosts, SSL, and STS options can cause some unwanted effects.
 Usually testing happens on http, not https, and on localhost, not your production domain.  
 If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as false.
--- a/docs/content/middlewares/ipwhitelist.md
+++ b/docs/content/middlewares/ipwhitelist.md
@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP.
 ```yaml tab="Docker"
 # Accepts request from defined IP
 labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="Kubernetes"
@ -29,14 +29,14 @@ spec:
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange": "127.0.0.1/32,192.168.1.7"
+  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
 }
 ```
 ```yaml tab="Rancher"
 # Accepts request from defined IP
 labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```toml tab="File"
@ -75,7 +75,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
    ```yaml tab="Docker"
    # Whitelisting Based on `X-Forwarded-For` with `depth=2`
    labels:
-        - "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+        - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
        - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
    ```
@ -87,23 +87,23 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
      name: testIPwhitelist
    spec:
      ipWhiteList:
-        SourceRange:
+        sourceRange:
        - 127.0.0.1/32
        - 192.168.1.7
-        ipstrategy:
+        ipStrategy:
          depth: 2
    ```
    ```yaml tab="Rancher"
    # Whitelisting Based on `X-Forwarded-For` with `depth=2`
    labels:
-        - "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
+        - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
        - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
    ```
    ```json tab="Marathon"
    "labels": {
-        "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange": "127.0.0.1/32, 192.168.1.7",
+        "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
        "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
    }
    ```
@ -114,7 +114,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
      [http.middlewares.test-ipwhitelist.ipWhiteList]
        sourceRange = ["127.0.0.1/32", "192.168.1.7"]
        [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
-            depth = 2
+          depth = 2
    ```
 !!! note
@ -142,7 +142,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
 ```yaml tab="Docker"
 # Exclude from `X-Forwarded-For`
 labels:
-    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
+    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="Kubernetes"
@ -153,7 +153,7 @@ metadata:
  name: test-ipwhitelist
 spec:
  ipWhiteList:
-    ipstrategy:
+    ipStrategy:
      excludedIPs:
      - 127.0.0.1/32
      - 192.168.1.7
@ -162,12 +162,12 @@ spec:
 ```yaml tab="Rancher"
 # Exclude from `X-Forwarded-For`
 labels:
-    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
+    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```json tab="Marathon"
 "labels": {
-    "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs": "127.0.0.1/32, 192.168.1.7"
+    "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
--- a/docs/content/middlewares/maxconnection.md
+++ b/docs/content/middlewares/maxconnection.md
@ -40,8 +40,8 @@ labels:
 ```toml tab="File"
 # Limiting to 10 simultaneous connections
 [http.middlewares]
-  [http.middlewares.test-maxconn.maxconn]
+  [http.middlewares.test-maxconn.maxConn]
-  amount = 10 
+    amount = 10 
 ```
 ## Configuration Options
--- a/docs/content/middlewares/overview.md
+++ b/docs/content/middlewares/overview.md
@ -22,7 +22,7 @@ whoami:
    # Create a middleware named `foo-add-prefix`
    - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
    # Apply the middleware named `foo-add-prefix` to the router named `router1`
-    - "traefik.http.router.router1.Middlewares=foo-add-prefix@docker"
+    - "traefik.http.router.router1.middlewares=foo-add-prefix@docker"
 ```
 ```yaml tab="Kubernetes"
@ -46,7 +46,7 @@ kind: Middleware
 metadata:
  name: stripprefix
 spec:
-  stripprefix:
+  stripPrefix:
    prefixes:
      - /stripit
@ -66,7 +66,7 @@ spec:
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
-  "traefik.http.router.router1.Middlewares": "foo-add-prefix@marathon"
+  "traefik.http.router.router1.middlewares": "foo-add-prefix@marathon"
 }
 ```
@ -76,30 +76,30 @@ labels:
  # Create a middleware named `foo-add-prefix`
  - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
  # Apply the middleware named `foo-add-prefix` to the router named `router1`
-  - "traefik.http.router.router1.Middlewares=foo-add-prefix@rancher"
+  - "traefik.http.router.router1.middlewares=foo-add-prefix@rancher"
 ```
 ```toml tab="File"
 # As Toml Configuration File
 [providers]
-   [providers.file]
+  [providers.file]
 [http.routers]
  [http.routers.router1]
-    Service = "myService"
+    service = "myService"
-    Middlewares = ["foo-add-prefix"]
+    middlewares = ["foo-add-prefix"]
-    Rule = "Host(`example.com`)"
+    rule = "Host(`example.com`)"
 [http.middlewares]
-  [http.middlewares.foo-add-prefix.AddPrefix]
+  [http.middlewares.foo-add-prefix.addPrefix]
    prefix = "/foo"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:80"
+        url = "http://127.0.0.1:80"
 ```
 ## Provider Namespace
@ -132,7 +132,7 @@ and therefore this specification would be ignored even if present.
      [providers.file]
    [http.middlewares]
-      [http.middlewares.add-foo-prefix.AddPrefix]
+      [http.middlewares.add-foo-prefix.addPrefix]
        prefix = "/foo"
    ```
--- a/docs/content/middlewares/passtlsclientcert.md
+++ b/docs/content/middlewares/passtlsclientcert.md
@ -23,7 +23,7 @@ kind: Middleware
 metadata:
  name: addprefix
 spec:
-  passtlsclientcert:
+  passTLSClientCert:
    pem: true
 ```
@ -42,7 +42,7 @@ labels:
 ```toml tab="File"
 # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
 [http.middlewares]
-  [http.middlewares.test-passtlsclientcert.passtlsclientcert]
+  [http.middlewares.test-passtlsclientcert.passTLSClientCert]
    pem = true
 ```
@ -77,7 +77,7 @@ labels:
    metadata:
      name: test-passtlsclientcert
    spec:
-      passtlsclientcert:
+      passTLSClientCert:
        info:
          notAfter: true
          notBefore: true
@ -147,12 +147,12 @@ labels:
    ```toml tab="File"
    # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    [http.middlewares]
-      [http.middlewares.test-passtlsclientcert.passtlsclientcert]
+      [http.middlewares.test-passtlsclientcert.passTLSClientCert]
-        [http.middlewares.test-passtlsclientcert.passtlsclientcert.info]
+        [http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
          notAfter = true
          notBefore = true
          sans = true
-          [http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject]
+          [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
            country = true
            province = true
            locality = true
@ -160,7 +160,7 @@ labels:
            commonName = true
            serialNumber = true
            domainComponent = true
-          [http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer]
+          [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
            country = true
            province = true
            locality = true
@ -360,9 +360,9 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
    If there are more than one certificate, they are separated by a `;`.
-#### `info.notafter`
+#### `info.notAfter`
-Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part.
+Set the `info.notAfter` option to `true` to add the `Not After` information from the `Validity` part.
 The data are taken from the following certificate part:      
@ -371,15 +371,15 @@ The data are taken from the following certificate part:
        Not After : Dec  5 11:10:16 2020 GMT            
 ```
-The escape `notafter` info part will be like:
+The escape `notAfter` info part will be like:
 ```text
 NA=1607166616
 ```
-#### `info.notbefore`
+#### `info.notBefore`
-Set the `info.notafter` option to `true` to add the `Not Before` information from the `Validity` part.
+Set the `info.notBefore` option to `true` to add the `Not Before` information from the `Validity` part.
 The data are taken from the following certificate part:
@ -388,7 +388,7 @@ Validity
    Not Before: Dec  6 11:10:16 2018 GMT
 ```
-The escape `notafter` info part will be like:
+The escape `notBefore` info part will be like:
 ```text
 NB=1544094616
@ -471,9 +471,9 @@ The escape organization info in the subject part will be like :
 O=Cheese,O=Cheese 2
 ```
-##### `info.subject.commonname`
+##### `info.subject.commonName`
-Set the `info.subject.commonname` option to true to add the `commonname` information into the subject.
+Set the `info.subject.commonName` option to true to add the `commonName` information into the subject.
 The data are taken from the subject part with the `CN` key.
@ -483,9 +483,9 @@ The escape common name info in the subject part will be like :
 CN=*.cheese.com
 ```
-##### `info.subject.serialnumber`
+##### `info.subject.serialNumber`
-Set the `info.subject.serialnumber` option to true to add the `serialnumber` information into the subject.
+Set the `info.subject.serialNumber` option to true to add the `serialNumber` information into the subject.
 The data are taken from the subject part with the `SN` key.
@ -495,9 +495,9 @@ The escape serial number info in the subject part will be like :
 SN=1234567890
 ```
-##### `info.subject.domaincomponent`
+##### `info.subject.domainComponent`
-Set the `info.subject.domaincomponent` option to true to add the `domaincomponent` information into the subject.
+Set the `info.subject.domainComponent` option to true to add the `domainComponent` information into the subject.
 The data are taken from the subject part with the `DC` key.
@ -563,9 +563,9 @@ The escape organization info in the issuer part will be like :
 O=Cheese,O=Cheese 2
 ```
-##### `info.issuer.commonname`
+##### `info.issuer.commonName`
-Set the `info.issuer.commonname` option to true to add the `commonname` information into the issuer.
+Set the `info.issuer.commonName` option to true to add the `commonName` information into the issuer.
 The data are taken from the issuer part with the `CN` key.
@ -575,9 +575,9 @@ The escape common name info in the issuer part will be like :
 CN=Simple Signing CA 2
 ```
-##### `info.issuer.serialnumber`
+##### `info.issuer.serialNumber`
-Set the `info.issuer.serialnumber` option to true to add the `serialnumber` information into the issuer.
+Set the `info.issuer.serialNumber` option to true to add the `serialNumber` information into the issuer.
 The data are taken from the issuer part with the `SN` key.
@ -587,9 +587,9 @@ The escape serial number info in the issuer part will be like :
 SN=1234567890
 ```
-##### `info.issuer.domaincomponent`
+##### `info.issuer.domainComponent`
-Set the `info.issuer.domaincomponent` option to true to add the `domaincomponent` information into the issuer.
+Set the `info.issuer.domainComponent` option to true to add the `domainComponent` information into the issuer.
 The data are taken from the issuer part with the `DC` key.
--- a/docs/content/middlewares/ratelimit.md
+++ b/docs/content/middlewares/ratelimit.md
@ -33,7 +33,7 @@ metadata:
 spec:
  rateLimit:
    extractorFunc: client.ip
-    rateset:
+    rateSet:
      rate0:
          period: 10s
          average: 100
@ -74,15 +74,15 @@ labels:
 # Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
 # These can "burst" up to 10 and 200 in each period, respectively.
 [http.middlewares]
-  [http.middlewares.test-ratelimit.ratelimit]
+  [http.middlewares.test-ratelimit.rateLimit]
    extractorfunc = "client.ip"
-    [http.middlewares.test-ratelimit.ratelimit.rateset.rate0]
+    [http.middlewares.test-ratelimit.rateLimit.rateSet.rate0]
      period = "10s"
      average = 100
      burst = 200
-    [http.middlewares.test-ratelimit.ratelimit.rateset.rate1]
+    [http.middlewares.test-ratelimit.rateLimit.rateSet.rate1]
      period = "3s"
      average = 5
      burst = 10
@ -100,7 +100,7 @@ The possible values are:
 - `client.ip` categorizes requests based on the client ip.
 - `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
-### `ratelimit`
+### `rateSet`
 You can combine multiple rate limits. 
 The rate limit will trigger with the first reached limit.
--- a/docs/content/middlewares/redirectregex.md
+++ b/docs/content/middlewares/redirectregex.md
@ -45,7 +45,7 @@ labels:
 ```toml tab="File"
 # Redirect with domain replacement
 [http.middlewares]
-  [http.middlewares.test-redirectregex.redirectregex]
+  [http.middlewares.test-redirectregex.redirectRegex]
    regex = "^http://localhost/(.*)"
    replacement = "http://mydomain/$1"
 ```
@ -58,7 +58,7 @@ Set the `permanent` option to `true` to apply a permanent redirection.
 ### `regex`
-The `Regex` option is the regular expression to match and capture elements from the request URL.
+The `regex` option is the regular expression to match and capture elements from the request URL.
 !!! warning
--- a/docs/content/middlewares/redirectscheme.md
+++ b/docs/content/middlewares/redirectscheme.md
@ -41,7 +41,7 @@ labels:
 ```toml tab="File"
 # Redirect to https
 [http.middlewares]
-  [http.middlewares.test-redirectscheme.redirectscheme]
+  [http.middlewares.test-redirectscheme.redirectScheme]
    scheme = "https"
 ```
--- a/docs/content/middlewares/replacepath.md
+++ b/docs/content/middlewares/replacepath.md
@ -41,8 +41,8 @@ labels:
 ```toml tab="File"
 # Replace the path by /foo
 [http.middlewares]
-  [http.middlewares.test-replacepath.ReplacePath]
+  [http.middlewares.test-replacepath.replacePath]
-     path = "/foo"
+    path = "/foo"
 ```
 ## Configuration Options
--- a/docs/content/middlewares/replacepathregex.md
+++ b/docs/content/middlewares/replacepathregex.md
@ -61,7 +61,7 @@ The ReplacePathRegex middleware will:
 ### `regex`
-The `Regex` option is the regular expression to match and capture the path from the request URL.
+The `regex` option is the regular expression to match and capture the path from the request URL.
 !!! warning
--- a/docs/content/middlewares/retry.md
+++ b/docs/content/middlewares/retry.md
@ -41,7 +41,7 @@ labels:
 ```toml tab="File"
 # Retry to send request 4 times
 [http.middlewares]
-  [http.middlewares.test-retry.Retry]
+  [http.middlewares.test-retry.retry]
     attempts = 4
 ```
--- a/docs/content/middlewares/stripprefix.md
+++ b/docs/content/middlewares/stripprefix.md
@ -43,8 +43,8 @@ labels:
 ```toml tab="File"
 # Strip prefix /foobar and /fiibar
 [http.middlewares]
-  [http.middlewares.test-stripprefix.StripPrefix]
+  [http.middlewares.test-stripprefix.stripPrefix]
-     prefixes = ["/foobar", "/fiibar"]
+    prefixes = ["/foobar", "/fiibar"]
 ```
 ## Configuration Options
--- a/docs/content/middlewares/stripprefixregex.md
+++ b/docs/content/middlewares/stripprefixregex.md
@ -41,7 +41,7 @@ labels:
 ```toml tab="File"
 # Replace the path by /foo
 [http.middlewares]
-  [http.middlewares.test-stripprefixregex.StripPrefixRegex]
+  [http.middlewares.test-stripprefixregex.stripPrefixRegex]
     regex: "^/foo/(.*)"
 ```
@ -56,7 +56,7 @@ The StripPrefixRegex middleware will:
 !!! tip
-    Use a `StripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
+    Use a `stripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
 ### `regex`
--- a/docs/content/observability/tracing/datadog.md
+++ b/docs/content/observability/tracing/datadog.md
@ -4,7 +4,7 @@ To enable the DataDog:
 ```toml tab="File"
 [tracing]
-  [tracing.datadog]
+  [tracing.dataDog]
 ```
 ```bash tab="CLI"
@ -20,7 +20,7 @@ Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent
 ```toml tab="File"
 [tracing]
-  [tracing.datadog]
+  [tracing.dataDog]
    localAgentHostPort = "127.0.0.1:8126"
 ```
@ -37,7 +37,7 @@ Enable DataDog debug.
 ```toml tab="File"
 [tracing]
-  [tracing.datadog]
+  [tracing.dataDog]
    debug = true
 ```
@ -54,7 +54,7 @@ Apply shared tag in a form of Key:Value to all the traces.
 ```toml tab="File"
 [tracing]
-  [tracing.datadog]
+  [tracing.dataDog]
    globalTag = "sample"
 ```
@ -72,7 +72,7 @@ this option must be enabled in order to get all the parts of a distributed trace
 ```toml tab="File"
 [tracing]
-  [tracing.datadog]
+  [tracing.dataDog]
    prioritySampling = true
 ```
--- a/docs/content/operations/api.md
+++ b/docs/content/operations/api.md
@ -128,19 +128,19 @@ You can define a custom address/port like this:
 ```toml
 [entryPoints]
  [entryPoints.web]
-  address = ":80"
+    address = ":80"
  [entryPoints.foo]
-  address = ":8082"
+    address = ":8082"
  [entryPoints.bar]
-  address = ":8083"
+    address = ":8083"
 [ping]
-entryPoint = "foo"
+  entryPoint = "foo"
 [api]
-entryPoint = "bar"
+  entryPoint = "bar"
 ```
 In the above example, you would access a service at /foo, an api endpoint, or the health-check as follows:
@ -160,9 +160,9 @@ To restrict access to the API handler, one can add authentication with the [basi
 ```toml
 [http.middlewares]
-  [http.middlewares.api-auth.basicauth]
+  [http.middlewares.api-auth.basicAuth]
-  users = [
+    users = [
-    "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
+      "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
-    "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
+      "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
-  ]
+    ]
 ```
--- a/docs/content/operations/dashboard.md
+++ b/docs/content/operations/dashboard.md
@ -10,13 +10,13 @@ The dashboard is the central place that shows you the current active routes hand
    Therefore, the dashboard is currently not working.
 <figure>
-   <img src="../../assets/img/dashboard-main.png" alt="Dashboard - Providers" />
+    <img src="../../assets/img/dashboard-main.png" alt="Dashboard - Providers" />
-   <figcaption>The dashboard in action with Traefik listening to 3 different providers</figcaption>
+    <figcaption>The dashboard in action with Traefik listening to 3 different providers</figcaption>
 </figure>
 <figure>
-   <img src="../../assets/img/dashboard-health.png" alt="Dashboard - Health" />
+    <img src="../../assets/img/dashboard-health.png" alt="Dashboard - Health" />
-   <figcaption>The dashboard shows the health of the system.</figcaption>
+    <figcaption>The dashboard shows the health of the system.</figcaption>
 </figure>
 By default, the dashboard is available on `/` on port `:8080`.
--- a/docs/content/operations/ping.md
+++ b/docs/content/operations/ping.md
@ -22,7 +22,7 @@ Checking the Health of Your Traefik Instances
        address = ":8082"
    [ping]
-        entryPoint = "ping"
+      entryPoint = "ping"
    ```
 | Path    | Method        | Description                                                                                         |
--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@ -18,7 +18,7 @@ Attach labels to your containers and let Traefik do the rest!
    ```toml
    [providers.docker]
-    endpoint = "unix:///var/run/docker.sock"
+      endpoint = "unix:///var/run/docker.sock"
    ```
    Attaching labels to containers (in your docker compose file)
@ -136,8 +136,8 @@ Traefik requires access to the docker socket to get its dynamic configuration.
    ```toml
    # ...
    [providers]
-       [providers.docker]
+      [providers.docker]
-          endpoint = "unix:///var/run/docker.sock"
+        endpoint = "unix:///var/run/docker.sock"
    ```
 ### `usebindportip`
@ -194,8 +194,8 @@ and the template has access to all the labels defined on this container.
 ```toml tab="File"
 [providers.docker]
-defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
+  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
-# ...
+  # ...
 ```
 ```txt tab="CLI"
--- a/docs/content/providers/file.md
+++ b/docs/content/providers/file.md
@ -45,7 +45,7 @@ You can write these configuration elements:
        # Add the middleware
        [http.middlewares]    
-          [http.middlewares.my-basic-auth.BasicAuth]
+          [http.middlewares.my-basic-auth.basicAuth]
            users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", 
                      "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
            usersFile = "etc/traefik/.htpasswd"
@ -53,37 +53,42 @@ You can write these configuration elements:
        # Add the service
        [http.services]
          [http.services.service-foo]
-            [http.services.service-foo.LoadBalancer]
+            [http.services.service-foo.loadBalancer]
-              [[http.services.service-foo.LoadBalancer.Servers]]
+              [[http.services.service-foo.loadBalancer.servers]]
                url = "http://foo/"
-              [[http.services.service-foo.LoadBalancer.Servers]]
+              [[http.services.service-foo.loadBalancer.servers]]
                url = "http://bar/"
    ```
    ```yaml tab="YAML"
    http:
      # Add the router
      routers:
        router0:
-          entrypoints:
+          entryPoints:
          - web
          middlewares:
          - my-basic-auth
          service: service-foo
          rule: Path(`foo`)
      # Add the middleware
      middlewares:
        my-basic-auth:
          basicAuth:
            users:
            - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
            - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
-            usersfile: etc/traefik/.htpasswd
+            usersFile: etc/traefik/.htpasswd
-            headerfield: ""
+      
      # Add the service
      services:
        service-foo:
-          loadbalancer:
+          loadBalancer:
            servers:
            - url: http://foo/
            - url: http://bar/
            passHostHeader: false
    ```
 ## Provider Configuration Options
@ -170,7 +175,7 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
      {{ end }}  
-      [http.Services]
+      [http.services]
      {{ range $i, $e := until 100 }}
          [http.services.service{{ $e }}]
          # ...
@ -185,7 +190,7 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
      {{ end }}  
-      [tcp.Services]
+      [tcp.services]
      {{ range $i, $e := until 100 }}
          [http.services.service{{ $e }}]
          # ...
@ -193,9 +198,9 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
    {{ range $i, $e := until 10 }}
    [[tls.certificates]]
-      CertFile = "/etc/traefik/cert-{{ $e }}.pem"
+      certFile = "/etc/traefik/cert-{{ $e }}.pem"
-      KeyFile = "/etc/traefik/cert-{{ $e }}.key"
+      keyFile = "/etc/traefik/cert-{{ $e }}.key"
-      Store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
+      store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
    {{ end }}
    [tls.config]
@ -237,8 +242,8 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
    {{ range $i, $e := until 10 }}
    tls:
      certificates:
-      - certfile: "/etc/traefik/cert-{{ $e }}.pem"
+      - certFile: "/etc/traefik/cert-{{ $e }}.pem"
-        keyfile: "/etc/traefik/cert-{{ $e }}.key"
+        keyFile: "/etc/traefik/cert-{{ $e }}.key"
        store:
        - "my-store-foo-{{ $e }}"
        - "my-store-bar-{{ $e }}"
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@ -33,7 +33,7 @@ In this case, the endpoint is required.
 Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
 ```toml tab="File"
-[Providers.KubernetesCRD]
+[providers.kubernetesCRD]
  endpoint = "http://localhost:8080"
  # ...
 ```
@ -50,7 +50,7 @@ _Optional, Default=empty_
 Bearer token used for the Kubernetes client configuration.
 ```toml tab="File"
-[Providers.KubernetesCRD]
+[providers.kubernetesCRD]
  token = "mytoken"
  # ...
 ```
@ -68,7 +68,7 @@ Path to the certificate authority file.
 Used for the Kubernetes client configuration.
 ```toml tab="File"
-[Providers.KubernetesCRD]
+[providers.kubernetesCRD]
  certAuthFilePath = "/my/ca.crt"
  # ...
 ```
@ -85,7 +85,7 @@ _Optional, Default: all namespaces (empty array)_
 Array of namespaces to watch.
 ```toml tab="File"
-[Providers.KubernetesCRD]
+[providers.kubernetesCRD]
  namespaces = ["default", "production"]
  # ...
 ```
@ -105,7 +105,7 @@ A label selector can be defined to filter on specific Ingress objects only.
 See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
 ```toml tab="File"
-[Providers.KubernetesCRD]
+[providers.kubernetesCRD]
  labelselector = "A and not B"
  # ...
 ```
@ -125,7 +125,7 @@ If the parameter is non-empty, only Ingresses containing an annotation with the
 Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
 ```toml tab="File"
-[Providers.KubernetesCRD]
+[providers.kubernetesCRD]
  ingressClass = "traefik-internal"
  # ...
 ```
--- a/docs/content/providers/marathon.md
+++ b/docs/content/providers/marathon.md
@ -13,7 +13,7 @@ See also [Marathon user guide](../user-guides/marathon.md).
    ```toml tab="File"
    [providers.marathon]
-    endpoint = "http://127.0.0.1:8080"
+      endpoint = "http://127.0.0.1:8080"
    ```
    ```txt tab="CLI"
@ -58,9 +58,9 @@ _Optional_
 Enables Marathon basic authentication.
 ```toml tab="File"
-[marathon.basic]
+[providers.marathon.basic]
-httpBasicAuthUser = "foo"
+  httpBasicAuthUser = "foo"
-httpBasicPassword = "bar"
+  httpBasicPassword = "bar"
 ```
 ```txt tab="CLI"
@ -79,8 +79,8 @@ If set, it overrides the Authorization header.
 ```toml tab="File"
 [providers.marathon]
-dcosToken = "xxxxxx"
+  dcosToken = "xxxxxx"
-# ...
+  # ...
 ```
 ```txt tab="CLI"
@ -102,8 +102,8 @@ and the template has access to all the labels defined on this Marathon applicati
 ```toml tab="File"
 [providers.marathon]
-defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
+  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
-# ...
+  # ...
 ```
 ```txt tab="CLI"
@ -133,8 +133,8 @@ You can optionally specify multiple endpoints:
 ```toml tab="File"
 [providers.marathon]
-endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
+  endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
-# ...
+  # ...
 ```
 ```txt tab="CLI"
@ -247,11 +247,11 @@ _Optional_
 TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
 ```toml tab="File"
-[marathon.TLS]
+[providers.marathon.tls]
-CA = "/etc/ssl/ca.crt"
+  ca = "/etc/ssl/ca.crt"
-Cert = "/etc/ssl/marathon.cert"
+  cert = "/etc/ssl/marathon.cert"
-Key = "/etc/ssl/marathon.key"
+  key = "/etc/ssl/marathon.key"
-insecureSkipVerify = true
+  insecureSkipVerify = true
 ```
 ```txt tab="CLI"
@ -296,23 +296,23 @@ and the router automatically gets a rule defined by defaultRule (if no rule for
 ### Routers
 To update the configuration of the Router automatically attached to the application,
-add labels starting with `traefik.HTTP.Routers.{router-name-of-your-choice}.` and followed by the option you want to change.
+add labels starting with `traefik.http.routers.{router-name-of-your-choice}.` and followed by the option you want to change.
-For example, to change the routing rule, you could add the label ```traefik.HTTP.Routers.Routername.Rule=Host(`my-domain`)```.
+For example, to change the routing rule, you could add the label ```traefik.http.routers.routername.rule=Host(`my-domain`)```.
 Every [Router](../routing/routers/index.md) parameter can be updated this way.
 ### Services
 To update the configuration of the Service automatically attached to the container,
-add labels starting with `traefik.HTTP.Services.{service-name-of-your-choice}.`, followed by the option you want to change.
+add labels starting with `traefik.http.services.{service-name-of-your-choice}.`, followed by the option you want to change.
-For example, to change the passhostheader behavior, you'd add the label `traefik.HTTP.Services.Servicename.LoadBalancer.PassHostHeader=false`.
+For example, to change the passHostHeader behavior, you'd add the label `traefik.http.services.servicename.loadbalancer.passhostheader=false`.
 Every [Service](../routing/services/index.md) parameter can be updated this way.
 ### Middleware
-You can declare pieces of middleware using labels starting with `traefik.HTTP.Middlewares.{middleware-name-of-your-choice}.`, followed by the middleware type/options.
+You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{middleware-name-of-your-choice}.`, followed by the middleware type/options.
-For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.HTTP.Middlewares.my-redirect.RedirectScheme.Scheme: https`.
+For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.redirectscheme.scheme: https`.
 ??? example "Declaring and Referencing a Middleware"
--- a/docs/content/providers/rancher.md
+++ b/docs/content/providers/rancher.md
@ -19,7 +19,7 @@ Attach labels to your services and let Traefik do the rest!
    Enabling the rancher provider
    ```toml
-    [Providers.Rancher]
+    [providers.rancher]
    ```
    Attaching labels to services
@ -58,9 +58,9 @@ The service name can be accessed as the `Name` identifier,
 and the template has access to all the labels defined on this container.
 ```toml tab="File"
-[Providers.Rancher]
+[providers.rancher]
-defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
+  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
-# ...
+  # ...
 ```
 ```txt tab="CLI"
--- a/docs/content/providers/rancher.toml
+++ b/docs/content/providers/rancher.toml
@ -1,20 +1,20 @@
 # Enable Rancher Provider.
-[Providers.Rancher]
+[providers.rancher]
  # Expose Rancher services by default in Traefik.
-  ExposedByDefault = true
+  exposedByDefault = true
  # Enable watch Rancher changes.
-  Watch = true
+  watch = true
  # Filter services with unhealthy states and inactive states.
-  EnableServiceHealthFilter = true
+  enableServiceHealthFilter = true
  # Defines the polling interval (in seconds).
-  RefreshSeconds = true
+  refreshSeconds = true
  # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
-  IntervalPoll = false
+  intervalPoll = false
  # Prefix used for accessing the Rancher metadata service
-  Prefix = "/latest"
+  prefix = "/latest"
--- a/docs/content/reference/dynamic-configuration/docker.md
+++ b/docs/content/reference/dynamic-configuration/docker.md
@ -3,6 +3,8 @@
 Dynamic configuration with Docker Labels
 {: .subtitle }
 The labels are case insensitive.
 ```yaml
 --8<-- "content/reference/dynamic-configuration/labels.yml"
 ```
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@ -1,259 +1,248 @@
-[HTTP]
+[http]
-
+  [http.routers]
-  [HTTP.Routers]
+    [http.routers.Router0]
-
+      entryPoints = ["foobar", "foobar"]
-    [HTTP.Routers.Router0]
+      middlewares = ["foobar", "foobar"]
-      EntryPoints = ["foobar", "foobar"]
+      service = "foobar"
-      Middlewares = ["foobar", "foobar"]
+      rule = "foobar"
      Service = "foobar"
      Rule = "foobar"
      priority = 42
-      [HTTP.Routers.Router0.tls]
+      [http.routers.Router0.tls]
        options = "TLS0"
-
+  [http.middlewares]
-  [HTTP.Middlewares]
+    [http.middlewares.Middleware0]
-
+      [http.middlewares.Middleware0.addPrefix]
-      [HTTP.Middlewares.Middleware0.AddPrefix]
+        prefix = "foobar"
-        Prefix = "foobar"
+    [http.middlewares.Middleware1]
-
+      [http.middlewares.Middleware1.stripPrefix]
-      [HTTP.Middlewares.Middleware1.StripPrefix]
+        prefixes = ["foobar", "foobar"]
-        Prefixes = ["foobar", "foobar"]
+    [http.middlewares.Middleware10]
-
+      [http.middlewares.Middleware10.rateLimit]
-      [HTTP.Middlewares.Middleware2.StripPrefixRegex]
+        extractorFunc = "foobar"
-        Regex = ["foobar", "foobar"]
+        [http.middlewares.Middleware10.rateLimit.rateSet]
-
+          [http.middlewares.Middleware10.rateLimit.rateSet.Rate0]
-      [HTTP.Middlewares.Middleware3.ReplacePath]
+            period = 42
-        Path = "foobar"
+            average = 42
-
+            burst = 42
-      [HTTP.Middlewares.Middleware4.ReplacePathRegex]
+          [http.middlewares.Middleware10.rateLimit.rateSet.Rate1]
-        Regex = "foobar"
+            period = 42
-        Replacement = "foobar"
+            average = 42
-
+            burst = 42
-      [HTTP.Middlewares.Middleware5.Chain]
+    [http.middlewares.Middleware11]
-        Middlewares = ["foobar", "foobar"]
+      [http.middlewares.Middleware11.redirectRegex]
-
+        regex = "foobar"
-      [HTTP.Middlewares.Middleware6.IPWhiteList]
+        replacement = "foobar"
-        SourceRange = ["foobar", "foobar"]
+        permanent = true
-
+    [http.middlewares.Middleware12]
-        [HTTP.Middlewares.Middleware7.IPWhiteList.IPStrategy]
+      [http.middlewares.Middleware12.redirectScheme]
-          Depth = 42
+        scheme = "foobar"
-          ExcludedIPs = ["foobar", "foobar"]
+        port = "foobar"
-
+        permanent = true
-      [HTTP.Middlewares.Middleware8.Headers]
+    [http.middlewares.Middleware13]
-        AccessControlAllowCredentials = true
+      [http.middlewares.Middleware13.basicAuth]
-        AccessControlAllowHeaders = ["foobar", "foobar"]
+        users = ["foobar", "foobar"]
-        AccessControlAllowMethods = ["foobar", "foobar"]
+        usersFile = "foobar"
-        AccessControlAllowOrigin = "foobar"
+        realm = "foobar"
-        AccessControlExposeHeaders = ["foobar", "foobar"]
+        removeHeader = true
-        AccessControlMaxAge = 42
+        headerField = "foobar"
-        AddVaryHeader = true
+    [http.middlewares.Middleware14]
-        AllowedHosts = ["foobar", "foobar"]
+      [http.middlewares.Middleware14.digestAuth]
-        HostsProxyHeaders = ["foobar", "foobar"]
+        users = ["foobar", "foobar"]
-        SSLRedirect = true
+        usersFile = "foobar"
-        SSLTemporaryRedirect = true
+        removeHeader = true
-        SSLHost = "foobar"
+        realm = "foobar"
-        SSLForceHost = true
+        headerField = "foobar"
-        STSSeconds = 42
+    [http.middlewares.Middleware15]
-        STSIncludeSubdomains = true
+      [http.middlewares.Middleware15.forwardAuth]
-        STSPreload = true
+        address = "foobar"
-        ForceSTSHeader = true
+        trustForwardHeader = true
-        FrameDeny = true
+        authResponseHeaders = ["foobar", "foobar"]
-        CustomFrameOptionsValue = "foobar"
+        [http.middlewares.Middleware15.forwardAuth.tls]
-        ContentTypeNosniff = true
+          ca = "foobar"
-        BrowserXSSFilter = true
+          caOptional = true
-        CustomBrowserXSSValue = "foobar"
+          cert = "foobar"
-        ContentSecurityPolicy = "foobar"
+          key = "foobar"
-        PublicKey = "foobar"
+          insecureSkipVerify = true
-        ReferrerPolicy = "foobar"
+    [http.middlewares.Middleware16]
-        IsDevelopment = true
+      [http.middlewares.Middleware16.maxConn]
-        [HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders]
+        amount = 42
        extractorFunc = "foobar"
    [http.middlewares.Middleware17]
      [http.middlewares.Middleware17.buffering]
        maxRequestBodyBytes = 42
        memRequestBodyBytes = 42
        maxResponseBodyBytes = 42
        memResponseBodyBytes = 42
        retryExpression = "foobar"
    [http.middlewares.Middleware18]
      [http.middlewares.Middleware18.circuitBreaker]
        expression = "foobar"
    [http.middlewares.Middleware19]
      [http.middlewares.Middleware19.compress]
    [http.middlewares.Middleware2]
      [http.middlewares.Middleware2.stripPrefixRegex]
        regex = ["foobar", "foobar"]
    [http.middlewares.Middleware20]
      [http.middlewares.Middleware20.passTLSClientCert]
        pem = true
        [http.middlewares.Middleware20.passTLSClientCert.info]
          notAfter = true
          notBefore = true
          sans = true
          [http.middlewares.Middleware20.passTLSClientCert.info.subject]
            country = true
            province = true
            locality = true
            organization = true
            commonName = true
            serialNumber = true
            domainComponent = true
          [http.middlewares.Middleware20.passTLSClientCert.info.issuer]
            country = true
            province = true
            locality = true
            organization = true
            commonName = true
            serialNumber = true
            domainComponent = true
    [http.middlewares.Middleware21]
      [http.middlewares.Middleware21.retry]
        attemps = 42
    [http.middlewares.Middleware3]
      [http.middlewares.Middleware3.replacePath]
        path = "foobar"
    [http.middlewares.Middleware4]
      [http.middlewares.Middleware4.replacePathRegex]
        regex = "foobar"
        replacement = "foobar"
    [http.middlewares.Middleware5]
      [http.middlewares.Middleware5.chain]
        middlewares = ["foobar", "foobar"]
    [http.middlewares.Middleware6]
      [http.middlewares.Middleware6.ipWhiteList]
        sourceRange = ["foobar", "foobar"]
    [http.middlewares.Middleware7]
      [http.middlewares.Middleware7.ipWhiteList]
        [http.middlewares.Middleware7.ipWhiteList.ipStrategy]
          depth = 42
          excludedIPs = ["foobar", "foobar"]
    [http.middlewares.Middleware8]
      [http.middlewares.Middleware8.headers]
        accessControlAllowCredentials = true
        accessControlAllowHeaders = ["foobar", "foobar"]
        accessControlAllowMethods = ["foobar", "foobar"]
        accessControlAllowOrigin = "foobar"
        accessControlExposeHeaders = ["foobar", "foobar"]
        accessControlMaxAge = 42
        addVaryHeader = true
        allowedHosts = ["foobar", "foobar"]
        hostsProxyHeaders = ["foobar", "foobar"]
        sslRedirect = true
        sslTemporaryRedirect = true
        sslHost = "foobar"
        sslForceHost = true
        stsSeconds = 42
        stsIncludeSubdomains = true
        stsPreload = true
        forceSTSHeader = true
        frameDeny = true
        customFrameOptionsValue = "foobar"
        contentTypeNosniff = true
        browserXssFilter = true
        customBrowserXSSValue = "foobar"
        contentSecurityPolicy = "foobar"
        publicKey = "foobar"
        referrerPolicy = "foobar"
        isDevelopment = true
        [http.middlewares.Middleware8.headers.customRequestHeaders]
          name0 = "foobar"
          name1 = "foobar"
-        [HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders]
+        [http.middlewares.Middleware8.headers.customResponseHeaders]
          name0 = "foobar"
          name1 = "foobar"
-        [HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders]
+        [http.middlewares.Middleware8.headers.sslProxyHeaders]
          name0 = "foobar"
          name1 = "foobar"
    [http.middlewares.Middleware9]
      [http.middlewares.Middleware9.errors]
        status = ["foobar", "foobar"]
        service = "foobar"
        query = "foobar"
  [http.services]
    [http.services.Service0]
      [http.services.Service0.loadBalancer]
        passHostHeader = true
        [http.services.Service0.loadBalancer.stickiness]
          cookieName = "foobar"
-      [HTTP.Middlewares.Middleware9.Errors]
+        [[http.services.Service0.loadBalancer.servers]]
-        Status = ["foobar", "foobar"]
+          url = "foobar"
        Service = "foobar"
        Query = "foobar"
-      [HTTP.Middlewares.Middleware10.RateLimit]
+        [[http.services.Service0.loadBalancer.servers]]
-        ExtractorFunc = "foobar"
+          url = "foobar"
-        [HTTP.Middlewares.Middleware10.RateLimit.RateSet]
+        [http.services.Service0.loadBalancer.healthCheck]
-          [HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate0]
+          scheme = "foobar"
-            Period = 42
+          path = "foobar"
-            Average = 42
+          port = 42
-            Burst = 42
+          interval = "foobar"
-          [HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate1]
+          timeout = "foobar"
-            Period = 42
+          hostname = "foobar"
-            Average = 42
+          [http.services.Service0.loadBalancer.healthCheck.headers]
            Burst = 42
      [HTTP.Middlewares.Middleware11.RedirectRegex]
        Regex = "foobar"
        Replacement = "foobar"
        Permanent = true
      [HTTP.Middlewares.Middleware12.RedirectScheme]
        Scheme = "foobar"
        Port = "foobar"
        Permanent = true
      [HTTP.Middlewares.Middleware13.BasicAuth]
        Users = ["foobar", "foobar"]
        UsersFile = "foobar"
        Realm = "foobar"
        RemoveHeader = true
        HeaderField = "foobar"
      [HTTP.Middlewares.Middleware14.DigestAuth]
        Users = ["foobar", "foobar"]
        UsersFile = "foobar"
        RemoveHeader = true
        Realm = "foobar"
        HeaderField = "foobar"
      [HTTP.Middlewares.Middleware15.ForwardAuth]
        Address = "foobar"
        TrustForwardHeader = true
        AuthResponseHeaders = ["foobar", "foobar"]
        [HTTP.Middlewares.Middleware15.ForwardAuth.TLS]
          CA = "foobar"
          CAOptional = true
          Cert = "foobar"
          Key = "foobar"
          InsecureSkipVerify = true
      [HTTP.Middlewares.Middleware16.MaxConn]
        Amount = 42
        ExtractorFunc = "foobar"
      [HTTP.Middlewares.Middleware17.Buffering]
        MaxRequestBodyBytes = 42
        MemRequestBodyBytes = 42
        MaxResponseBodyBytes = 42
        MemResponseBodyBytes = 42
        RetryExpression = "foobar"
      [HTTP.Middlewares.Middleware18.CircuitBreaker]
        Expression = "foobar"
      [HTTP.Middlewares.Middleware19.Compress]
      [HTTP.Middlewares.Middleware20.PassTLSClientCert]
        PEM = true
        [HTTP.Middlewares.Middleware20.PassTLSClientCert.Info]
          NotAfter = true
          NotBefore = true
          Sans = true
          [HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Subject]
            Country = true
            Province = true
            Locality = true
            Organization = true
            CommonName = true
            SerialNumber = true
            DomainComponent = true
          [HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Issuer]
            Country = true
            Province = true
            Locality = true
            Organization = true
            CommonName = true
            SerialNumber = true
            DomainComponent = true
      [HTTP.Middlewares.Middleware21.Retry]
        Attempts = 42
  [HTTP.Services]
    [HTTP.Services.Service0]
      [HTTP.Services.Service0.LoadBalancer]
        PassHostHeader = true
        [[HTTP.Services.Service0.LoadBalancer.Servers]]
          URL = "foobar"
        [HTTP.Services.Service0.LoadBalancer.Stickiness]
          CookieName = "foobar"
        [[HTTP.Services.Service0.LoadBalancer.Servers]]
          URL = "foobar"
        [HTTP.Services.Service0.LoadBalancer.HealthCheck]
          Scheme = "foobar"
          Path = "foobar"
          Port = 42
          Interval = "foobar"
          Timeout = "foobar"
          Hostname = "foobar"
          [HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers]
            name0 = "foobar"
            name1 = "foobar"
-        [HTTP.Services.Service0.LoadBalancer.ResponseForwarding]
+        [http.services.Service0.loadBalancer.responseForwarding]
-          FlushInterval = "foobar"
+          flushInterval = "foobar"
-[TCP]
+[tcp]
-
+  [tcp.routers]
-  [TCP.Routers]
+    [tcp.routers.TCPRouter0]
-
+      entryPoints = ["foobar", "foobar"]
-    [TCP.Routers.TCPRouter0]
+      service = "foobar"
-      EntryPoints = ["foobar", "foobar"]
+      rule = "foobar"
-      Service = "foobar"
+      [tcp.routers.TCPRouter0.tls]
      Rule = "foobar"
      [TCP.Routers.TCPRouter0.tls]
        passthrough = true
        options = "TLS1"
  [tcp.services]
    [tcp.services.TCPService0]
      [tcp.services.TCPService0.loadBalancer]
-  [TCP.Services]
+        [[tcp.services.TCPService0.loadBalancer.servers]]
          address = "foobar"
-    [TCP.Services.TCPService0]
+        [[tcp.services.TCPService0.loadBalancer.servers]]
-      [TCP.Services.TCPService0.LoadBalancer]
+          address = "foobar"
-        [[TCP.Services.TCPService0.LoadBalancer.Servers]]
+[tls]
          Address = "foobar"
-        [[TCP.Services.TCPService0.LoadBalancer.Servers]]
+  [[tls.certificates]]
-          Address = "foobar"
+    certFile = "foobar"
    keyFile = "foobar"
    stores = ["foobar", "foobar"]
-[TLS]
+  [[tls.certificates]]
-
+    certFile = "foobar"
-  [[TLS.Certificates]]
+    keyFile = "foobar"
-    Stores = ["foobar", "foobar"]
+    stores = ["foobar", "foobar"]
-    CertFile = "foobar"
+  [tls.options]
-    KeyFile = "foobar"
+    [tls.options.TLS0]
-
+      minVersion = "foobar"
-  [[TLS.Certificates]]
+      cipherSuites = ["foobar", "foobar"]
-    Stores = ["foobar", "foobar"]
+      sniStrict = true
-    CertFile = "foobar"
+      [tls.options.TLS0.clientCA]
-    KeyFile = "foobar"
+        files = ["foobar", "foobar"]
-
+        optional = true
-  [TLS.Options]
+    [tls.options.TLS1]
-    [TLS.Options.TLS0]
+      minVersion = "foobar"
-      MinVersion = "foobar"
+      cipherSuites = ["foobar", "foobar"]
-      CipherSuites = ["foobar", "foobar"]
+      sniStrict = true
-      SniStrict = true
+      [tls.options.TLS1.clientCA]
-      [TLS.Options.TLS0.ClientCA]
+        files = ["foobar", "foobar"]
-        Files = ["foobar", "foobar"]
+        optional = true
-        Optional = true
+  [tls.stores]
-    [TLS.Options.TLS1]
+    [tls.stores.Store0]
-      MinVersion = "foobar"
+      [tls.stores.Store0.defaultCertificate]
-      CipherSuites = ["foobar", "foobar"]
+        certFile = "foobar"
-      SniStrict = true
+        keyFile = "foobar"
-      [TLS.Options.TLS1.ClientCA]
+    [tls.stores.Store1]
-        Files = ["foobar", "foobar"]
+      [tls.stores.Store1.defaultCertificate]
-        Optional = true
+        certFile = "foobar"
-
+        keyFile = "foobar"
  [TLS.Stores]
    [TLS.Stores.Store0]
      [TLS.Stores.Store0.DefaultCertificate]
        CertFile = "foobar"
        KeyFile = "foobar"
    [TLS.Stores.Store1]
      [TLS.Stores.Store1.DefaultCertificate]
        CertFile = "foobar"
        KeyFile = "foobar"
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@ -1,7 +1,7 @@
 http:
  routers:
    Router0:
-      entrypoints:
+      entryPoints:
        - foobar
        - foobar
      middlewares:
@ -10,8 +10,7 @@ http:
      service: foobar
      rule: foobar
      priority: 42
-      tls:
+      tls: {}
        options: TLS0
  middlewares:
    Middleware0:
      addPrefix:
@ -40,65 +39,63 @@ http:
          - foobar
    Middleware6:
      ipWhiteList:
-        sourcerange:
+        sourceRange:
          - foobar
          - foobar
        ipstrategy: null
    Middleware7:
      ipWhiteList:
-        sourcerange: []
+        ipStrategy:
        ipstrategy:
          depth: 42
-          excludedips:
+          excludedIPs:
            - foobar
            - foobar
    Middleware8:
      headers:
-        customrequestheaders:
+        customRequestHeaders:
          name0: foobar
          name1: foobar
-        customresponseheaders:
+        customResponseHeaders:
          name0: foobar
          name1: foobar
-        accesscontrolallowcredentials: true
+        accessControlAllowCredentials: true
-        accesscontrolallowheaders:
+        accessControlAllowHeaders:
          - foobar
          - foobar
-        accesscontrolallowmethods:
+        accessControlAllowMethods:
          - foobar
          - foobar
-        accesscontrolalloworigin: foobar
+        accessControlAllowOrigin: foobar
-        accesscontrolexposeheaders:
+        accessControlExposeHeaders:
          - foobar
          - foobar
-        accesscontrolmaxage: 42
+        accessControlMaxAge: 42
-        addvaryheader: true
+        addVaryHeader: true
-        allowedhosts:
+        allowedHosts:
          - foobar
          - foobar
-        hostsproxyheaders:
+        hostsProxyHeaders:
          - foobar
          - foobar
-        sslredirect: true
+        sslRedirect: true
-        ssltemporaryredirect: true
+        sslTemporaryRedirect: true
-        sslhost: foobar
+        sslHost: foobar
-        sslproxyheaders:
+        sslProxyHeaders:
          name0: foobar
          name1: foobar
-        sslforcehost: true
+        sslForceHost: true
-        stsseconds: 42
+        stsSeconds: 42
-        stsincludesubdomains: true
+        stsIncludeSubdomains: true
-        stspreload: true
+        stsPreload: true
-        forcestsheader: true
+        forceSTSHeader: true
-        framedeny: true
+        frameDeny: true
-        customframeoptionsvalue: foobar
+        customFrameOptionsValue: foobar
-        contenttypenosniff: true
+        contentTypeNosniff: true
-        browserxssfilter: true
+        browserXssFilter: true
-        custombrowserxssvalue: foobar
+        customBrowserXSSValue: foobar
-        contentsecuritypolicy: foobar
+        contentSecurityPolicy: foobar
-        publickey: foobar
+        publicKey: foobar
-        referrerpolicy: foobar
+        referrerPolicy: foobar
-        isdevelopment: true
+        isDevelopment: true
    Middleware9:
      errors:
        status:
@ -108,7 +105,7 @@ http:
        query: foobar
    Middleware10:
      rateLimit:
-        rateset:
+        rateSet:
          Rate0:
            period: 42000000000
            average: 42
@ -117,7 +114,7 @@ http:
            period: 42000000000
            average: 42
            burst: 42
-        extractorfunc: foobar
+        extractorFunc: foobar
    Middleware11:
      redirectRegex:
        regex: foobar
@ -133,43 +130,43 @@ http:
        users:
          - foobar
          - foobar
-        usersfile: foobar
+        usersFile: foobar
        realm: foobar
-        removeheader: true
+        removeHeader: true
-        headerfield: foobar
+        headerField: foobar
    Middleware14:
      digestAuth:
        users:
          - foobar
          - foobar
-        usersfile: foobar
+        usersFile: foobar
-        removeheader: true
+        removeHeader: true
        realm: foobar
-        headerfield: foobar
+        headerField: foobar
    Middleware15:
      forwardAuth:
        address: foobar
        tls:
          ca: foobar
-          caoptional: true
+          caOptional: true
          cert: foobar
          key: foobar
-          insecureskipverify: true
+          insecureSkipVerify: true
-        trustforwardheader: true
+        trustForwardHeader: true
-        authresponseheaders:
+        authResponseHeaders:
          - foobar
          - foobar
    Middleware16:
      maxConn:
        amount: 42
-        extractorfunc: foobar
+        extractorFunc: foobar
    Middleware17:
      buffering:
-        maxrequestbodybytes: 42
+        maxRequestBodyBytes: 42
-        memrequestbodybytes: 42
+        memRequestBodyBytes: 42
-        maxresponsebodybytes: 42
+        maxResponseBodyBytes: 42
-        memresponsebodybytes: 42
+        memResponseBodyBytes: 42
-        retryexpression: foobar
+        retryExpression: foobar
    Middleware18:
      circuitBreaker:
        expression: foobar
@ -179,43 +176,37 @@ http:
      passTLSClientCert:
        pem: true
        info:
-          notafter: true
+          notAfter: true
-          notbefore: true
+          notBefore: true
          sans: true
          subject:
            country: true
            province: true
            locality: true
            organization: true
-            commonname: true
+            commonName: true
-            serialnumber: true
+            serialNumber: true
-            domaincomponent: true
+            domainComponent: true
          issuer:
            country: true
            province: true
            locality: true
            organization: true
-            commonname: true
+            commonName: true
-            serialnumber: true
+            serialNumber: true
-            domaincomponent: true
+            domainComponent: true
    Middleware21:
      retry:
-        attempts: 42
+        attemps: 42
  services:
    Service0:
-      loadbalancer:
+      loadBalancer:
        stickiness:
-          cookiename: foobar
+          cookieName: foobar
          securecookie: false
          httponlycookie: false
        servers:
          - url: foobar
            scheme: ""
            port: ""
          - url: foobar
-            scheme: ""
+        healthCheck:
            port: ""
        healthcheck:
          scheme: foobar
          path: foobar
          port: 42
@ -225,70 +216,66 @@ http:
          headers:
            name0: foobar
            name1: foobar
-        passhostheader: true
+        passHostHeader: true
-        responseforwarding:
+        responseForwarding:
-          flushinterval: foobar
+          flushInterval: foobar
 tcp:
  routers:
    TCPRouter0:
-      entrypoints:
+      entryPoints:
        - foobar
        - foobar
      service: foobar
      rule: foobar
      tls:
        passthrough: true
        options: TLS1
  services:
    TCPService0:
-      loadbalancer:
+      loadBalancer:
        servers:
          - address: foobar
            port: ""
          - address: foobar
            port: ""
 tls:
-  - stores:
+  certificates:
-      - foobar
+    - certFile: foobar
-      - foobar
+      keyFile: foobar
-    certificate:
+      stores:
      certfile: foobar
      keyfile: foobar
  - stores:
      - foobar
      - foobar
    certificate:
      certfile: foobar
      keyfile: foobar
 tlsoptions:
  TLS0:
    minversion: foobar
    ciphersuites:
      - foobar
      - foobar
    clientca:
      files:
        - foobar
        - foobar
-      optional: true
+    - certFile: foobar
-    snistrict: true
+      keyFile: foobar
-  TLS1:
+      stores:
    minversion: foobar
    ciphersuites:
      - foobar
      - foobar
    clientca:
      files:
        - foobar
        - foobar
-      optional: true
+  options:
-    snistrict: true
+    TLS0:
-tlsstores:
+      minVersion: foobar
-  Store0:
+      cipherSuites:
-    defaultcertificate:
+        - foobar
-      certfile: foobar
+        - foobar
-      keyfile: foobar
+      clientCA:
-  Store1:
+        files:
-    defaultcertificate:
+          - foobar
-      certfile: foobar
+          - foobar
-      keyfile: foobar
+        optional: true
      sniStrict: true
    TLS1:
      minVersion: foobar
      cipherSuites:
        - foobar
        - foobar
      clientCA:
        files:
          - foobar
          - foobar
        optional: true
      sniStrict: true
  stores:
    Store0:
      defaultCertificate:
        certFile: foobar
        keyFile: foobar
    Store1:
      defaultCertificate:
        certFile: foobar
        keyFile: foobar
--- a/docs/content/reference/dynamic-configuration/labels.yml
+++ b/docs/content/reference/dynamic-configuration/labels.yml
@ -1,154 +1,154 @@
 labels:
- "traefik.HTTP.Middlewares.Middleware0.AddPrefix.Prefix=foobar"
+- "traefik.http.middlewares.Middleware0.addprefix.prefix=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.HeaderField=foobar"
+- "traefik.http.middlewares.Middleware1.basicauth.headerfield=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Realm=foobar"
+- "traefik.http.middlewares.Middleware1.basicauth.realm=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.RemoveHeader=true"
+- "traefik.http.middlewares.Middleware1.basicauth.removeheader=true"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Users=foobar, fiibar"
+- "traefik.http.middlewares.Middleware1.basicauth.users=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.UsersFile=foobar"
+- "traefik.http.middlewares.Middleware1.basicauth.usersfile=foobar"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxRequestBodyBytes=42"
+- "traefik.http.middlewares.Middleware2.buffering.maxrequestbodybytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxResponseBodyBytes=42"
+- "traefik.http.middlewares.Middleware2.buffering.maxresponsebodybytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemRequestBodyBytes=42"
+- "traefik.http.middlewares.Middleware2.buffering.memrequestbodybytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemResponseBodyBytes=42"
+- "traefik.http.middlewares.Middleware2.buffering.memresponsebodybytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.RetryExpression=foobar"
+- "traefik.http.middlewares.Middleware2.buffering.retryexpression=foobar"
- "traefik.HTTP.Middlewares.Middleware3.Chain.Middlewares=foobar, fiibar"
+- "traefik.http.middlewares.Middleware3.chain.middlewares=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware4.CircuitBreaker.Expression=foobar"
+- "traefik.http.middlewares.Middleware4.circuitbreaker.expression=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.HeaderField=foobar"
+- "traefik.http.middlewares.Middleware5.digestauth.headerfield=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Realm=foobar"
+- "traefik.http.middlewares.Middleware5.digestauth.realm=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.RemoveHeader=true"
+- "traefik.http.middlewares.Middleware5.digestauth.removeheader=true"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Users=foobar, fiibar"
+- "traefik.http.middlewares.Middleware5.digestauth.users=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.UsersFile=foobar"
+- "traefik.http.middlewares.Middleware5.digestauth.usersfile=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Query=foobar"
+- "traefik.http.middlewares.Middleware6.errors.query=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Service=foobar"
+- "traefik.http.middlewares.Middleware6.errors.service=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Status=foobar, fiibar"
+- "traefik.http.middlewares.Middleware6.errors.status=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.Address=foobar"
+- "traefik.http.middlewares.Middleware7.forwardauth.address=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders=foobar, fiibar"
+- "traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA=foobar"
+- "traefik.http.middlewares.Middleware7.forwardauth.tls.ca=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional=true"
+- "traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional=true"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert=foobar"
+- "traefik.http.middlewares.Middleware7.forwardauth.tls.cert=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify=true"
+- "traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify=true"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key=foobar"
+- "traefik.http.middlewares.Middleware7.forwardauth.tls.key=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TrustForwardHeader=true"
+- "traefik.http.middlewares.Middleware7.forwardauth.trustforwardheader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowCredentials=true"
+- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowcredentials=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowHeaders=X-foobar, X-fiibar"
+- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowheaders=x-foobar, x-fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowMethods=GET, PUT"
+- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowmethods=get, put"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowOrigin=foobar"
+- "traefik.http.middlewares.Middleware8.headers.accesscontrolalloworigin=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlExposeHeaders=X-foobar, X-fiibar"
+- "traefik.http.middlewares.Middleware8.headers.accesscontrolexposeheaders=x-foobar, x-fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlMaxAge=200"
+- "traefik.http.middlewares.Middleware8.headers.accesscontrolmaxage=200"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AddVaryHeader=true"
+- "traefik.http.middlewares.Middleware8.headers.addvaryheader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AllowedHosts=foobar, fiibar"
+- "traefik.http.middlewares.Middleware8.headers.allowedhosts=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.BrowserXSSFilter=true"
+- "traefik.http.middlewares.Middleware8.headers.browserxssfilter=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicy=foobar"
+- "traefik.http.middlewares.Middleware8.headers.contentsecuritypolicy=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentTypeNosniff=true"
+- "traefik.http.middlewares.Middleware8.headers.contenttypenosniff=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomBrowserXSSValue=foobar"
+- "traefik.http.middlewares.Middleware8.headers.custombrowserxssvalue=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomFrameOptionsValue=foobar"
+- "traefik.http.middlewares.Middleware8.headers.customframeoptionsvalue=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name0=foobar"
+- "traefik.http.middlewares.Middleware8.headers.customrequestheaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name1=foobar"
+- "traefik.http.middlewares.Middleware8.headers.customrequestheaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name0=foobar"
+- "traefik.http.middlewares.Middleware8.headers.customresponseheaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name1=foobar"
+- "traefik.http.middlewares.Middleware8.headers.customresponseheaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ForceSTSHeader=true"
+- "traefik.http.middlewares.Middleware8.headers.forcestsheader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.FrameDeny=true"
+- "traefik.http.middlewares.Middleware8.headers.framedeny=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.HostsProxyHeaders=foobar, fiibar"
+- "traefik.http.middlewares.Middleware8.headers.hostsproxyheaders=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment=true"
+- "traefik.http.middlewares.Middleware8.headers.isdevelopment=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey=foobar"
+- "traefik.http.middlewares.Middleware8.headers.publickey=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy=foobar"
+- "traefik.http.middlewares.Middleware8.headers.referrerpolicy=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost=true"
+- "traefik.http.middlewares.Middleware8.headers.sslforcehost=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost=foobar"
+- "traefik.http.middlewares.Middleware8.headers.sslhost=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0=foobar"
+- "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1=foobar"
+- "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect=true"
+- "traefik.http.middlewares.Middleware8.headers.sslredirect=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect=true"
+- "traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains=true"
+- "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload=true"
+- "traefik.http.middlewares.Middleware8.headers.stspreload=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds=42"
+- "traefik.http.middlewares.Middleware8.headers.stsseconds=42"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth=42"
+- "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth=42"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs=foobar, fiibar"
+- "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange=foobar, fiibar"
+- "traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.Amount=42"
+- "traefik.http.middlewares.Middleware10.maxconn.amount=42"
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.ExtractorFunc=foobar"
+- "traefik.http.middlewares.Middleware10.maxconn.extractorfunc=foobar"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotAfter=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.notafter=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotBefore=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.notbefore=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Sans=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.sans=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Country=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.country=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Province=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.province=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Locality=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.locality=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Organization=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.organization=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.CommonName=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.commonname=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.SerialNumber=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.DomainComponent=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Country=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.country=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Province=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.province=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Locality=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.locality=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Organization=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.organization=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.CommonName=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.commonname=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.SerialNumber=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.DomainComponent=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.PEM=true"
+- "traefik.http.middlewares.Middleware11.passtlsclientcert.pem=true"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.ExtractorFunc=foobar"
+- "traefik.http.middlewares.Middleware12.ratelimit.extractorfunc=foobar"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Average=42"
+- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.average=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Burst=42"
+- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.burst=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Period=42"
+- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.period=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Average=42"
+- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.average=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Burst=42"
+- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.burst=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Period=42"
+- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.period=42"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Regex=foobar"
+- "traefik.http.middlewares.Middleware13.redirectregex.regex=foobar"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Replacement=foobar"
+- "traefik.http.middlewares.Middleware13.redirectregex.replacement=foobar"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Permanent=true"
+- "traefik.http.middlewares.Middleware13.redirectregex.permanent=true"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Scheme=https"
+- "traefik.http.middlewares.Middleware13b.redirectscheme.scheme=https"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Port=80"
+- "traefik.http.middlewares.Middleware13b.redirectscheme.port=80"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Permanent=true"
+- "traefik.http.middlewares.Middleware13b.redirectscheme.permanent=true"
- "traefik.HTTP.Middlewares.Middleware14.ReplacePath.Path=foobar"
+- "traefik.http.middlewares.Middleware14.replacepath.path=foobar"
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Regex=foobar"
+- "traefik.http.middlewares.Middleware15.replacepathregex.regex=foobar"
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Replacement=foobar"
+- "traefik.http.middlewares.Middleware15.replacepathregex.replacement=foobar"
- "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts=42"
+- "traefik.http.middlewares.Middleware16.retry.attempts=42"
- "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes=foobar, fiibar"
+- "traefik.http.middlewares.Middleware17.stripprefix.prefixes=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex=foobar, fiibar"
+- "traefik.http.middlewares.Middleware18.stripprefixregex.regex=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware19.Compress=true"
+- "traefik.http.middlewares.Middleware19.compress=true"
- "traefik.HTTP.Routers.Router0.EntryPoints=foobar, fiibar"
+- "traefik.http.routers.Router0.entrypoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router0.Middlewares=foobar, fiibar"
+- "traefik.http.routers.Router0.middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router0.Priority=42"
+- "traefik.http.routers.Router0.priority=42"
- "traefik.HTTP.Routers.Router0.Rule=foobar"
+- "traefik.http.routers.Router0.rule=foobar"
- "traefik.HTTP.Routers.Router0.Service=foobar"
+- "traefik.http.routers.Router0.service=foobar"
- "traefik.HTTP.Routers.Router0.TLS=true"
+- "traefik.http.routers.Router0.tls=true"
- "traefik.HTTP.Routers.Router0.TLS.options=foo"
+- "traefik.http.routers.Router0.tls.options=foo"
- "traefik.HTTP.Routers.Router1.EntryPoints=foobar, fiibar"
+- "traefik.http.routers.Router1.entrypoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Middlewares=foobar, fiibar"
+- "traefik.http.routers.Router1.middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Priority=42"
+- "traefik.http.routers.Router1.priority=42"
- "traefik.HTTP.Routers.Router1.Rule=foobar"
+- "traefik.http.routers.Router1.rule=foobar"
- "traefik.HTTP.Routers.Router1.Service=foobar"
+- "traefik.http.routers.Router1.service=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.hostname=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.interval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Path=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.path=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Port=42"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.port=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Scheme=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Timeout=foobar"
+- "traefik.http.services.Service0.loadbalancer.healthcheck.timeout=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.PassHostHeader=true"
+- "traefik.http.services.Service0.loadbalancer.passhostheader=true"
- "traefik.HTTP.Services.Service0.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
+- "traefik.http.services.Service0.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Port=8080"
+- "traefik.http.services.Service0.loadbalancer.server.port=8080"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Scheme=foobar"
+- "traefik.http.services.Service0.loadbalancer.server.scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.Stickiness.CookieName=foobar"
+- "traefik.http.services.Service0.loadbalancer.stickiness.cookiename=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name0=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Hostname=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.hostname=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Interval=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.interval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Path=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.path=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Port=42"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.port=42"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Scheme=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.scheme=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Timeout=foobar"
+- "traefik.http.services.Service1.loadbalancer.healthcheck.timeout=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.PassHostHeader=true"
+- "traefik.http.services.Service1.loadbalancer.passhostheader=true"
- "traefik.HTTP.Services.Service1.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
+- "traefik.http.services.Service1.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Port=8080"
+- "traefik.http.services.Service1.loadbalancer.server.port=8080"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme=foobar"
+- "traefik.http.services.Service1.loadbalancer.server.scheme=foobar"
- "traefik.TCP.Routers.Router0.Rule=foobar"
+- "traefik.tcp.routers.Router0.rule=foobar"
- "traefik.TCP.Routers.Router0.EntryPoints=foobar, fiibar"
+- "traefik.tcp.routers.Router0.entrypoints=foobar, fiibar"
- "traefik.TCP.Routers.Router0.Service=foobar"
+- "traefik.tcp.routers.Router0.service=foobar"
- "traefik.TCP.Routers.Router0.TLS.Passthrough=false"
+- "traefik.tcp.routers.Router0.tls.passthrough=false"
- "traefik.TCP.Routers.Router0.TLS.options=bar"
+- "traefik.tcp.routers.Router0.tls.options=bar"
- "traefik.TCP.Routers.Router1.Rule=foobar"
+- "traefik.tcp.routers.Router1.rule=foobar"
- "traefik.TCP.Routers.Router1.EntryPoints=foobar, fiibar"
+- "traefik.tcp.routers.Router1.entrypoints=foobar, fiibar"
- "traefik.TCP.Routers.Router1.Service=foobar"
+- "traefik.tcp.routers.Router1.service=foobar"
- "traefik.TCP.Routers.Router1.TLS.Passthrough=false"
+- "traefik.tcp.routers.Router1.tls.passthrough=false"
- "traefik.TCP.Routers.Router1.TLS.options=foobar"
+- "traefik.tcp.routers.Router1.tls.options=foobar"
- "traefik.TCP.Services.Service0.LoadBalancer.server.Port=42"
+- "traefik.tcp.services.Service0.loadbalancer.server.port=42"
- "traefik.TCP.Services.Service1.LoadBalancer.server.Port=42"
+- "traefik.tcp.services.Service1.loadbalancer.server.port=42"
--- a/docs/content/reference/static-configuration/file.toml
+++ b/docs/content/reference/static-configuration/file.toml
@ -1,254 +1,232 @@
-[Global]
+[global]
-  CheckNewVersion = true
+  checkNewVersion = true
-  SendAnonymousUsage = true
+  sendAnonymousUsage = true
-[ServersTransport]
+[serversTransport]
-  InsecureSkipVerify = true
+  insecureSkipVerify = true
-  RootCAs = ["foobar", "foobar"]
+  rootCAs = ["foobar", "foobar"]
-  MaxIdleConnsPerHost = 42
+  maxIdleConnsPerHost = 42
-  [ServersTransport.ForwardingTimeouts]
+  [serversTransport.forwardingTimeouts]
-    DialTimeout = 42
+    dialTimeout = 42
-    ResponseHeaderTimeout = 42
+    responseHeaderTimeout = 42
-    IdleConnTimeout = 5
+    idleConnTimeout = 42
-[EntryPoints]
+[entryPoints]
  [entryPoints.EntryPoint0]
    address = "foobar"
    [entryPoints.EntryPoint0.transport]
      [entryPoints.EntryPoint0.transport.lifeCycle]
        requestAcceptGraceTimeout = 42
        graceTimeOut = 42
      [entryPoints.EntryPoint0.transport.respondingTimeouts]
        readTimeout = 42
        writeTimeout = 42
        idleTimeout = 42
    [entryPoints.EntryPoint0.proxyProtocol]
      insecure = true
      trustedIPs = ["foobar", "foobar"]
    [entryPoints.EntryPoint0.forwardedHeaders]
      insecure = true
      trustedIPs = ["foobar", "foobar"]
-  [EntryPoints.EntryPoint0]
+[providers]
-    Address = "foobar"
+  providersThrottleDuration = 42
-    [EntryPoints.EntryPoint0.Transport]
+  [providers.docker]
-      [EntryPoints.EntryPoint0.Transport.LifeCycle]
+    constraints = "foobar"
-        RequestAcceptGraceTimeout = 42
+    watch = true
-        GraceTimeOut = 42
+    endpoint = "foobar"
-      [EntryPoints.EntryPoint0.Transport.RespondingTimeouts]
+    defaultRule = "foobar"
-        ReadTimeout = 42
+    exposedByDefault = true
-        WriteTimeout = 42
+    useBindPortIP = true
-        IdleTimeout = 42
+    swarmMode = true
-    [EntryPoints.EntryPoint0.ProxyProtocol]
+    network = "foobar"
-      Insecure = true
+    swarmModeRefreshSeconds = 42
-      TrustedIPs = ["foobar", "foobar"]
+    [providers.docker.tls]
-    [EntryPoints.EntryPoint0.ForwardedHeaders]
+      ca = "foobar"
-      Insecure = true
+      caOptional = true
-      TrustedIPs = ["foobar", "foobar"]
+      cert = "foobar"
      key = "foobar"
      insecureSkipVerify = true
  [providers.file]
    directory = "foobar"
    watch = true
    filename = "foobar"
    debugLogGeneratedTemplate = true
    traefikFile = "foobar"
  [providers.marathon]
    constraints = "foobar"
    trace = true
    watch = true
    endpoint = "foobar"
    defaultRule = "foobar"
    exposedByDefault = true
    dcosToken = "foobar"
    dialerTimeout = 42
    responseHeaderTimeout = 42
    tlsHandshakeTimeout = 42
    keepAlive = 42
    forceTaskHostname = true
    respectReadinessChecks = true
    [providers.marathon.tls]
      ca = "foobar"
      caOptional = true
      cert = "foobar"
      key = "foobar"
      insecureSkipVerify = true
    [providers.marathon.basic]
      httpBasicAuthUser = "foobar"
      httpBasicPassword = "foobar"
  [providers.kubernetes]
    endpoint = "foobar"
    token = "foobar"
    certAuthFilePath = "foobar"
    disablePassHostHeaders = true
    namespaces = ["foobar", "foobar"]
    labelSelector = "foobar"
    ingressClass = "foobar"
    [providers.kubernetes.ingressEndpoint]
      ip = "foobar"
      hostname = "foobar"
      publishedService = "foobar"
  [providers.kubernetesCRD]
    endpoint = "foobar"
    token = "foobar"
    certAuthFilePath = "foobar"
    disablePassHostHeaders = true
    namespaces = ["foobar", "foobar"]
    labelSelector = "foobar"
    ingressClass = "foobar"
  [providers.rest]
    entryPoint = "foobar"
  [providers.rancher]
    constraints = "foobar"
    watch = true
    defaultRule = "foobar"
    exposedByDefault = true
    enableServiceHealthFilter = true
    refreshSeconds = 42
    intervalPoll = true
    prefix = "foobar"
-[Providers]
+[api]
-  ProvidersThrottleDuration = 42
+  entryPoint = "foobar"
  dashboard = true
  middlewares = ["foobar", "foobar"]
  [api.statistics]
    recentErrors = 42
-  [Providers.Docker]
+[metrics]
-    Watch = true
+  [metrics.prometheus]
-    Endpoint = "foobar"
+    buckets = [42.0, 42.0]
-    DefaultRule = "foobar"
+    entryPoint = "foobar"
-    ExposedByDefault = true
+    middlewares = ["foobar", "foobar"]
-    UseBindPortIP = true
+  [metrics.dataDog]
-    SwarmMode = true
+    address = "foobar"
-    Network = "foobar"
+    pushInterval = "10s"
-    SwarmModeRefreshSeconds = 42
+  [metrics.statsD]
-    Constraints = "foobar"
+    address = "foobar"
    pushInterval = "10s"
  [metrics.influxDB]
    address = "foobar"
    protocol = "foobar"
    pushInterval = "10s"
    database = "foobar"
    retentionPolicy = "foobar"
    username = "foobar"
    password = "foobar"
-    [Providers.Docker.TLS]
+[ping]
-      CA = "foobar"
+  entryPoint = "foobar"
-      CAOptional = true
+  middlewares = ["foobar", "foobar"]
      Cert = "foobar"
      Key = "foobar"
      InsecureSkipVerify = true
-  [Providers.File]
+[log]
-    Directory = "foobar"
+  level = "foobar"
-    Watch = true
+  filePath = "foobar"
-    Filename = "foobar"
+  format = "foobar"
    DebugLogGeneratedTemplate = true
    TraefikFile = "foobar"
-  [Providers.Marathon]
+[accessLog]
-    Trace = true
+  filePath = "foobar"
-    Watch = true
+  format = "foobar"
-    Endpoint = "foobar"
+  bufferingSize = 42
-    DefaultRule = "foobar"
+  [accessLog.filters]
-    ExposedByDefault = true
+    statusCodes = ["foobar", "foobar"]
-    DCOSToken = "foobar"
+    retryAttempts = true
-    DialerTimeout = 42
+    minDuration = 42
-    ResponseHeaderTimeout = 42
+  [accessLog.fields]
-    TLSHandshakeTimeout = 42
+    defaultMode = "foobar"
-    KeepAlive = 42
+    [accessLog.fields.names]
    ForceTaskHostname = true
    RespectReadinessChecks = true
    Constraints = "foobar"
    [Providers.Marathon.TLS]
      CA = "foobar"
      CAOptional = true
      Cert = "foobar"
      Key = "foobar"
      InsecureSkipVerify = true
    [Providers.Marathon.Basic]
      HTTPBasicAuthUser = "foobar"
      HTTPBasicPassword = "foobar"
  [Providers.Kubernetes]
    Endpoint = "foobar"
    Token = "foobar"
    CertAuthFilePath = "foobar"
    DisablePassHostHeaders = true
    Namespaces = ["foobar", "foobar"]
    LabelSelector = "foobar"
    IngressClass = "foobar"
    [Providers.Kubernetes.IngressEndpoint]
      IP = "foobar"
      Hostname = "foobar"
      PublishedService = "foobar"
  [Providers.KubernetesCRD]
    Endpoint = "foobar"
    Token = "foobar"
    CertAuthFilePath = "foobar"
    DisablePassHostHeaders = true
    Namespaces = ["foobar", "foobar"]
    LabelSelector = "foobar"
    IngressClass = "foobar"
  [Providers.Rest]
    EntryPoint = "foobar"
  [Providers.Rancher]
    Watch = true
    DefaultRule = "foobar"
    ExposedByDefault = true
    EnableServiceHealthFilter = true
    RefreshSeconds = 42
    IntervalPoll = true
    Prefix = "foobar"
    Constraints = "foobar"
 [API]
  EntryPoint = "foobar"
  Dashboard = true
  Middlewares = ["foobar", "foobar"]
  [API.Statistics]
    RecentErrors = 42
 [Metrics]
  [Metrics.Prometheus]
    Buckets = [42.0, 42.0]
    EntryPoint = "foobar"
    Middlewares = ["foobar", "foobar"]
  [Metrics.Datadog]
    Address = "foobar"
    PushInterval = "10s"
  [Metrics.StatsD]
    Address = "foobar"
    PushInterval = "10s"
  [Metrics.InfluxDB]
    Address = "foobar"
    Protocol = "foobar"
    PushInterval = "10s"
    Database = "foobar"
    RetentionPolicy = "foobar"
    Username = "foobar"
    Password = "foobar"
 [Ping]
  EntryPoint = "foobar"
  Middlewares = ["foobar", "foobar"]
 [Log]
  Level = "foobar"
  FilePath = "foobar"
  Format = "foobar"
 [AccessLog]
  FilePath = "foobar"
  Format = "foobar"
  BufferingSize = 42
  [AccessLog.Filters]
    StatusCodes = ["foobar", "foobar"]
    RetryAttempts = true
    MinDuration = 42
  [AccessLog.Fields]
    DefaultMode = "foobar"
    [AccessLog.Fields.Names]
      name0 = "foobar"
      name1 = "foobar"
-    [AccessLog.Fields.Headers]
+    [accessLog.fields.headers]
-      DefaultMode = "foobar"
+      defaultMode = "foobar"
-      [AccessLog.Fields.Headers.Names]
+      [accessLog.fields.headers.names]
        name0 = "foobar"
        name1 = "foobar"
-[Tracing]
+[tracing]
-  ServiceName = "foobar"
+  serviceName = "foobar"
-  SpanNameLimit = 42
+  spanNameLimit = 42
  [tracing.jaeger]
    samplingServerURL = "foobar"
    samplingType = "foobar"
    samplingParam = 42.0
    localAgentHostPort = "foobar"
    gen128Bit = true
    propagation = "foobar"
    traceContextHeaderName = "foobar"
  [tracing.zipkin]
    httpEndpoint = "foobar"
    sameSpan = true
    id128Bit = true
    debug = true
    sampleRate = 42.0
  [tracing.dataDog]
    localAgentHostPort = "foobar"
    globalTag = "foobar"
    debug = true
    prioritySampling = true
    traceIDHeaderName = "foobar"
    parentIDHeaderName = "foobar"
    samplingPriorityHeaderName = "foobar"
    bagagePrefixHeaderName = "foobar"
  [tracing.instana]
    localAgentHost = "foobar"
    localAgentPort = 42
    logLevel = "foobar"
  [tracing.haystack]
    localAgentHost = "foobar"
    localAgentPort = 42
    globalTag = "foobar"
    traceIDHeaderName = "foobar"
    parentIDHeaderName = "foobar"
    spanIDHeaderName = "foobar"
-  [Tracing.Jaeger]
+[hostResolver]
-    SamplingServerURL = "foobar"
+  cnameFlattening = true
-    SamplingType = "foobar"
+  resolvConfig = "foobar"
-    SamplingParam = 42.0
+  resolvDepth = 42
    LocalAgentHostPort = "foobar"
    Gen128Bit = true
    Propagation = "foobar"
    TraceContextHeaderName = "foobar"
-  [Tracing.Zipkin]
+[acme]
-    HTTPEndpoint = "foobar"
+  email = "foobar"
-    SameSpan = true
+  acmeLogging = true
-    ID128Bit = true
+  caServer = "foobar"
-    Debug = true
+  storage = "foobar"
-    SampleRate = 42.0
+  entryPoint = "foobar"
  keyType = "foobar"
  onHostRule = true
  [acme.dnsChallenge]
    provider = "foobar"
    delayBeforeCheck = 42
    resolvers = ["foobar", "foobar"]
    disablePropagationCheck = true
  [acme.httpChallenge]
    entryPoint = "foobar"
  [acme.tlsChallenge]
-  [Tracing.DataDog]
+  [[acme.domains]]
-    LocalAgentHostPort = "foobar"
+    main = "foobar"
-    GlobalTag = "foobar"
+    sans = ["foobar", "foobar"]
    Debug = true
    PrioritySampling = true
    TraceIDHeaderName = "foobar"
    ParentIDHeaderName = "foobar"
    SamplingPriorityHeaderName = "foobar"
    BagagePrefixHeaderName = "foobar"
-  [Tracing.Instana]
+  [[acme.domains]]
-    LocalAgentHost = "foobar"
+    main = "foobar"
-    LocalAgentPort = 42
+    sans = ["foobar", "foobar"]
    LogLevel = "foobar"
  [Tracing.Haystack]
    LocalAgentHost = "foobar"
    LocalAgentPort = 42
    GlobalTag = "foobar"
    ParentIDHeaderName = "foobar"
    SpanIDHeaderName = "foobar"
    TraceIDHeaderName = "foobar"
 [HostResolver]
  CnameFlattening = true
  ResolvConfig = "foobar"
  ResolvDepth = 42
 [ACME]
  Email = "foobar"
  ACMELogging = true
  CAServer = "foobar"
  Storage = "foobar"
  EntryPoint = "foobar"
  KeyType = "foobar"
  OnHostRule = true
  [ACME.DNSChallenge]
    Provider = "foobar"
    DelayBeforeCheck = 42
    Resolvers = ["foobar", "foobar"]
    DisablePropagationCheck = true
  [ACME.HTTPChallenge]
    EntryPoint = "foobar"
  [ACME.TLSChallenge]
  [[ACME.Domains]]
    Main = "foobar"
    SANs = ["foobar", "foobar"]
  [[ACME.Domains]]
    Main = "foobar"
    SANs = ["foobar", "foobar"]
--- a/docs/content/reference/static-configuration/file.yaml
+++ b/docs/content/reference/static-configuration/file.yaml
@ -1,234 +1,238 @@
 global:
-  checknewversion: true
+  checkNewVersion: true
-  sendanonymoususage: true
+  sendAnonymousUsage: true
-serverstransport:
+serversTransport:
-  insecureskipverify: true
+  insecureSkipVerify: true
-  rootcas:
+  rootCAs:
    - foobar
    - foobar
-  maxidleconnsperhost: 42
+  maxIdleConnsPerHost: 42
-  forwardingtimeouts:
+  forwardingTimeouts:
-    dialtimeout: 42000000000
+    dialTimeout: 42000000000
-    responseheadertimeout: 42000000000
+    responseHeaderTimeout: 42000000000
-entrypoints:
+    idleConnTimeout: 42000000000
 entryPoints:
  EntryPoint0:
    address: foobar
    transport:
-      lifecycle:
+      lifeCycle:
-        requestacceptgracetimeout: 42000000000
+        requestAcceptGraceTimeout: 42000000000
-        gracetimeout: 42000000000
+        graceTimeOut: 42000000000
-      respondingtimeouts:
+      respondingTimeouts:
-        readtimeout: 42000000000
+        readTimeout: 42000000000
-        writetimeout: 42000000000
+        writeTimeout: 42000000000
-        idletimeout: 42000000000
+        idleTimeout: 42000000000
-    proxyprotocol:
+    proxyProtocol:
      insecure: true
-      trustedips:
+      trustedIPs:
        - foobar
        - foobar
-    forwardedheaders:
+    forwardedHeaders:
      insecure: true
-      trustedips:
+      trustedIPs:
        - foobar
        - foobar
 providers:
-  providersthrottleduration: 42000000000
+  providersThrottleDuration: 42000000000
  docker:
    constraints: foobar
    watch: true
    endpoint: foobar
-    defaultrule: foobar
+    defaultRule: foobar
    tls:
      ca: foobar
-      caoptional: true
+      caOptional: true
      cert: foobar
      key: foobar
-      insecureskipverify: true
+      insecureSkipVerify: true
-    exposedbydefault: true
+    exposedByDefault: true
-    usebindportip: true
+    useBindPortIP: true
-    swarmmode: true
+    swarmMode: true
    network: foobar
-    swarmmoderefreshseconds: 42000000000
+    swarmModeRefreshSeconds: 42000000000
  file:
    directory: foobar
    watch: true
    filename: foobar
-    debugloggeneratedtemplate: true
+    debugLogGeneratedTemplate: true
-    traefikfile: foobar
+    traefikFile: foobar
  marathon:
    constraints: foobar
    trace: true
    watch: true
    endpoint: foobar
-    defaultrule: foobar
+    defaultRule: foobar
-    exposedbydefault: true
+    exposedByDefault: true
-    dcostoken: foobar
+    dcosToken: foobar
    tls:
      ca: foobar
-      caoptional: true
+      caOptional: true
      cert: foobar
      key: foobar
-      insecureskipverify: true
+      insecureSkipVerify: true
-    dialertimeout: 42000000000
+    dialerTimeout: 42000000000
-    responseheadertimeout: 42000000000
+    responseHeaderTimeout: 42000000000
-    tlshandshaketimeout: 42000000000
+    tlsHandshakeTimeout: 42000000000
-    keepalive: 42000000000
+    keepAlive: 42000000000
-    forcetaskhostname: true
+    forceTaskHostname: true
    basic:
-      httpbasicauthuser: foobar
+      httpBasicAuthUser: foobar
-      httpbasicpassword: foobar
+      httpBasicPassword: foobar
-    respectreadinesschecks: true
+    respectReadinessChecks: true
  kubernetes:
    endpoint: foobar
    token: foobar
-    certauthfilepath: foobar
+    certAuthFilePath: foobar
-    disablepasshostheaders: true
+    disablePassHostHeaders: true
    namespaces:
      - foobar
      - foobar
-    labelselector: foobar
+    labelSelector: foobar
-    ingressclass: foobar
+    ingressClass: foobar
-    ingressendpoint:
+    ingressEndpoint:
      ip: foobar
      hostname: foobar
-      publishedservice: foobar
+      publishedService: foobar
-  kubernetescrd:
+  kubernetesCRD:
    endpoint: foobar
    token: foobar
-    certauthfilepath: foobar
+    certAuthFilePath: foobar
-    disablepasshostheaders: true
+    disablePassHostHeaders: true
    namespaces:
      - foobar
      - foobar
-    labelselector: foobar
+    labelSelector: foobar
-    ingressclass: foobar
+    ingressClass: foobar
  rest:
-    entrypoint: foobar
+    entryPoint: foobar
  rancher:
    constraints: foobar
    watch: true
-    defaultrule: foobar
+    defaultRule: foobar
-    exposedbydefault: true
+    exposedByDefault: true
-    enableservicehealthfilter: true
+    enableServiceHealthFilter: true
-    refreshseconds: 42
+    refreshSeconds: 42
-    intervalpoll: true
+    intervalPoll: true
    prefix: foobar
 api:
-  entrypoint: foobar
+  entryPoint: foobar
  dashboard: true
  debug: false
  statistics:
-    recenterrors: 42
+    recentErrors: 42
  middlewares:
    - foobar
    - foobar
  dashboardassets: null
 metrics:
  prometheus:
    buckets:
      - 42
      - 42
-    entrypoint: foobar
+    entryPoint: foobar
    middlewares:
      - foobar
      - foobar
-  datadog:
+  dataDog:
    address: foobar
-    pushinterval: 10000000000
+    pushInterval: 10000000000
-  statsd:
+  statsD:
    address: foobar
-    pushinterval: 10000000000
+    pushInterval: 10000000000
-  influxdb:
+  influxDB:
    address: foobar
    protocol: foobar
-    pushinterval: 10000000000
+    pushInterval: 10000000000
    database: foobar
-    retentionpolicy: foobar
+    retentionPolicy: foobar
    username: foobar
    password: foobar
 ping:
-  entrypoint: foobar
+  entryPoint: foobar
  middlewares:
    - foobar
    - foobar
 log:
  level: foobar
-  filepath: foobar
+  filePath: foobar
  format: foobar
-accesslog:
+accessLog:
-  filepath: foobar
+  filePath: foobar
  format: foobar
  filters:
-    statuscodes:
+    statusCodes:
      - foobar
      - foobar
-    retryattempts: true
+    retryAttempts: true
-    minduration: 42000000000
+    minDuration: 42000000000
  fields:
-    defaultmode: foobar
+    defaultMode: foobar
    names:
      name0: foobar
      name1: foobar
    headers:
-      defaultmode: foobar
+      defaultMode: foobar
      names:
        name0: foobar
        name1: foobar
-  bufferingsize: 42
+  bufferingSize: 42
 tracing:
-  backend: foobar
+  serviceName: foobar
-  servicename: foobar
+  spanNameLimit: 42
  spannamelimit: 42
  jaeger:
-    samplingserverurl: foobar
+    samplingServerURL: foobar
-    samplingtype: foobar
+    samplingType: foobar
-    samplingparam: 42
+    samplingParam: 42
-    localagenthostport: foobar
+    localAgentHostPort: foobar
-    gen128bit: true
+    gen128Bit: true
    propagation: foobar
-    tracecontextheadername: foobar
+    traceContextHeaderName: foobar
  zipkin:
-    httpendpoint: foobar
+    httpEndpoint: foobar
-    samespan: true
+    sameSpan: true
-    id128bit: true
+    id128Bit: true
    debug: true
-    samplerate: 42
+    sampleRate: 42
-  datadog:
+  dataDog:
-    localagenthostport: foobar
+    localAgentHostPort: foobar
-    globaltag: foobar
+    globalTag: foobar
    debug: true
-    prioritysampling: true
+    prioritySampling: true
-    traceidheadername: foobar
+    traceIDHeaderName: foobar
-    parentidheadername: foobar
+    parentIDHeaderName: foobar
-    samplingpriorityheadername: foobar
+    samplingPriorityHeaderName: foobar
-    bagageprefixheadername: foobar
+    bagagePrefixHeaderName: foobar
  instana:
-    localagenthost: foobar
+    localAgentHost: foobar
-    localagentport: 42
+    localAgentPort: 42
-    loglevel: foobar
+    logLevel: foobar
-  haystack: null
+  haystack:
-hostresolver:
+    localAgentHost: foobar
-  cnameflattening: true
+    localAgentPort: 42
-  resolvconfig: foobar
+    globalTag: foobar
-  resolvdepth: 42
+    traceIDHeaderName: foobar
    parentIDHeaderName: foobar
    spanIDHeaderName: foobar
 hostResolver:
  cnameFlattening: true
  resolvConfig: foobar
  resolvDepth: 42
 acme:
  email: foobar
-  acmelogging: true
+  acmeLogging: true
-  caserver: foobar
+  caServer: foobar
  storage: foobar
-  entrypoint: foobar
+  entryPoint: foobar
-  keytype: foobar
+  keyType: foobar
-  onhostrule: true
+  onHostRule: true
-  dnschallenge:
+  dnsChallenge:
    provider: foobar
-    delaybeforecheck: 42000000000
+    delayBeforeCheck: 42000000000
    resolvers:
      - foobar
      - foobar
-    disablepropagationcheck: true
+    disablePropagationCheck: true
-  httpchallenge:
+  httpChallenge:
-    entrypoint: foobar
+    entryPoint: foobar
-  tlschallenge: {}
+  tlsChallenge: {}
  domains:
    - main: foobar
      sans:
--- a/docs/content/routing/entrypoints.md
+++ b/docs/content/routing/entrypoints.md
@ -3,7 +3,7 @@
 Opening Connections for Incoming Requests
 {: .subtitle }
-![EntryPoints](../assets/img/entrypoints.png)
+![entryPoints](../assets/img/entrypoints.png)
 EntryPoints are the network entry points into Traefik.
 They define the port which will receive the requests (whether HTTP or TCP).
@ -12,17 +12,27 @@ They define the port which will receive the requests (whether HTTP or TCP).
 ??? example "Port 80 only"
-    ```toml
+    ```toml tab="File (TOML)"
    [entryPoints]
      [entryPoints.web]
-         address = ":80"
+        address = ":80"
    ```
    ```yaml tab="File (YAML)"
    entryPoints:
      web:
       address: ":80"
    ```
    ```ini tab="CLI"
    --entryPoints.web.address=:80
    ```
    We define an `entrypoint` called `web` that will listen on port `80`.
 ??? example "Port 80 & 443" 
-    ```toml
+    ```toml tab="File (TOML)"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
@ -30,6 +40,20 @@ They define the port which will receive the requests (whether HTTP or TCP).
      [entryPoints.web-secure]
        address = ":443"
    ```
    ```yaml tab="File (YAML)"
    entryPoints:
      web:
        address: ":80"
      web-secure:
        address: ":443"
    ```
    ```ini tab="CLI"
    --entryPoints.web.address=:80
    --entryPoints.web-secure.address=:443
    ```
    - Two entrypoints are defined: one called `web`, and the other called `web-secure`.
    - `web` listens on port `80`, and `web-secure` on port `443`. 
@ -43,38 +67,63 @@ You can define them using a toml file, CLI arguments, or a key-value store.
 See the complete reference for the list of available options:
-```toml tab="File"
+```toml tab="File (TOML)"
 [entryPoints]
  [entryPoints.EntryPoint0]
-    Address = ":8888"
+    address = ":8888"
-    [entryPoints.EntryPoint0.Transport]
+    [entryPoints.EntryPoint0.transport]
-      [entryPoints.EntryPoint0.Transport.LifeCycle]
+      [entryPoints.EntryPoint0.transport.lifeCycle]
-        RequestAcceptGraceTimeout = 42
+        requestAcceptGraceTimeout = 42
-        GraceTimeOut = 42
+        graceTimeOut = 42
-      [entryPoints.EntryPoint0.Transport.RespondingTimeouts]
+      [entryPoints.EntryPoint0.transport.respondingTimeouts]
-        ReadTimeout = 42
+        readTimeout = 42
-        WriteTimeout = 42
+        writeTimeout = 42
-        IdleTimeout = 42
+        idleTimeout = 42
-    [entryPoints.EntryPoint0.ProxyProtocol]
+    [entryPoints.EntryPoint0.proxyProtocol]
-      Insecure = true
+      insecure = true
-      TrustedIPs = ["foobar", "foobar"]
+      trustedIPs = ["foobar", "foobar"]
-    [entryPoints.EntryPoint0.ForwardedHeaders]
+    [entryPoints.EntryPoint0.forwardedHeaders]
-      Insecure = true
+      insecure = true
-      TrustedIPs = ["foobar", "foobar"]
+      trustedIPs = ["foobar", "foobar"]
 ```
 ```yaml tab="File (YAML)"
 entryPoints:
  EntryPoint0:
    address: ":8888"
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42
        graceTimeOut: 42
      respondingTimeouts:
        readTimeout: 42
        writeTimeout: 42
        idleTimeout: 42
    proxyProtocol:
      insecure: true
      trustedIPs:
      - "foobar"
      - "foobar"
    forwardedHeaders:
      insecure: true
      trustedIPs:
      - "foobar"
      - "foobar"
 ```
 ```ini tab="CLI"
--entryPoints.EntryPoint0.Address=:8888
+--entryPoints.EntryPoint0.address=:8888
--entryPoints.EntryPoint0.Transport.LifeCycle.RequestAcceptGraceTimeout=42
+--entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.Transport.LifeCycle.GraceTimeOut=42
+--entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42
--entryPoints.EntryPoint0.Transport.RespondingTimeouts.ReadTimeout=42
+--entryPoints.EntryPoint0.transport.respondingTimeouts.readTimeout=42
--entryPoints.EntryPoint0.Transport.RespondingTimeouts.WriteTimeout=42
+--entryPoints.EntryPoint0.transport.respondingTimeouts.writeTimeout=42
--entryPoints.EntryPoint0.Transport.RespondingTimeouts.IdleTimeout=42
+--entryPoints.EntryPoint0.transport.respondingTimeouts.idleTimeout=42
--entryPoints.EntryPoint0.ProxyProtocol.Insecure=true
+--entryPoints.EntryPoint0.proxyProtocol.insecure=true
--entryPoints.EntryPoint0.ProxyProtocol.TrustedIPs=foobar,foobar
+--entryPoints.EntryPoint0.proxyProtocol.trustedIPs=foobar,foobar
--entryPoints.EntryPoint0.ForwardedHeaders.Insecure=true
+--entryPoints.EntryPoint0.forwardedHeaders.insecure=true
--entryPoints.EntryPoint0.ForwardedHeaders.TrustedIPs=foobar,foobar
+--entryPoints.EntryPoint0.forwardedHeaders.trustedIPs=foobar,foobar
 ```
 ## ProxyProtocol
@ -83,7 +132,7 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
 ??? example "Enabling Proxy Protocol with Trusted IPs" 
-    ```toml
+    ```toml tab="File (TOML)"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
@ -92,6 +141,21 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
          trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
    ```
    ```yaml tab="File (YAML)"
    entryPoints:
      web:
        address: ":80"
        proxyProtocol
          trustedIPs:
          - "127.0.0.1/32"
          - "192.168.1.7"
    ```
    ```ini tab="CLI"
    --entryPoints.web.address=:80
    --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
    ```
    IPs in `trustedIPs` only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here.
 ??? example "Insecure Mode -- Testing Environment Only"
@ -99,7 +163,7 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
    In a test environments, you can configure Traefik to trust every incoming connection.
    Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
-    ```toml
+    ```toml tab="File (TOML)"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
@ -107,7 +171,20 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
        [entryPoints.web.proxyProtocol]
          insecure = true
    ```
-         
+    
    ```yaml tab="File (YAML)"
    entryPoints:
      web:
        address: ":80"
        proxyProtocol:
          insecure: true
    ```
    ```ini tab="CLI"
    --entryPoints.web.address=:80
    --entryPoints.web.proxyProtocol.insecure
    ```
 !!! warning "Queuing Traefik behind Another Load Balancer"
    When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides.
@ -119,7 +196,7 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
 ??? example "Trusting Forwarded Headers from specific IPs"
-    ```toml
+    ```toml tab="File (TOML)"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
@ -128,13 +205,41 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
          trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
    ```
    ```yaml tab="File (YAML)"
    entryPoints:
      web:
        address: ":80"
        forwardedHeaders
          trustedIPs:
          - "127.0.0.1/32"
          - "192.168.1.7"
    ```
    ```ini tab="CLI"
    --entryPoints.web.address=:80
    --entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
    ```
 ??? example "Insecure Mode -- Always Trusting Forwarded Headers"
-    ```toml
+    ```toml tab="File (TOML)"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
        [entryPoints.web.forwardedHeaders]
-           insecure = true
+          insecure = true
    ```
    ```yaml tab="File (YAML)"
    entryPoints:
      web:
        address: ":80"
        forwardedHeaders:
          insecure: true
    ```
    ```ini tab="CLI"
    --entryPoints.web.address=:80
    --entryPoints.web.forwardedHeaders.insecure
    ```
--- a/docs/content/routing/overview.md
+++ b/docs/content/routing/overview.md
@ -38,10 +38,11 @@ Static configuration:
 ```
 ```yaml tab="YAML"
-entrypoints:
+entryPoints:
  web:
    # Listen on port 8081 for incoming requests
    address: :8081
 providers:
  # Enable the file provider to define routers / middlewares / services in a file
  file: {}
@ -63,13 +64,13 @@ Dynamic configuration:
  [http.middlewares]
    # Define an authentication mechanism
-    [http.middlewares.test-user.basicauth]
+    [http.middlewares.test-user.basicAuth]
      users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
  [http.services]
    # Define how to reach an existing service on our infrastructure
-    [http.services.whoami.loadbalancer]
+    [http.services.whoami.loadBalancer]
-      [[http.services.whoami.loadbalancer.servers]]
+      [[http.services.whoami.loadBalancer.servers]]
        url = "http://private/whoami-service"
 ```
@ -85,16 +86,18 @@ http:
      - test-user
      # If the rule matches, forward to the whoami service (declared below)
      service: whoami
  middlewares:
    # Define an authentication mechanism
    test-user:
      basicAuth:
        users:
        - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
  services:
    # Define how to reach an existing service on our infrastructure
    whoami:
-      loadbalancer:
+      loadBalancer:
        servers:
        - url: http://private/whoami-service
 ```
@ -115,17 +118,17 @@ http:
        ```toml tab="TOML"
        [entryPoints]
-           [entryPoints.web]
+          [entryPoints.web]
-              # Listen on port 8081 for incoming requests
+            # Listen on port 8081 for incoming requests
-              address = ":8081"
+            address = ":8081"
        [providers]
-           # Enable the file provider to define routers / middlewares / services in a file
+          # Enable the file provider to define routers / middlewares / services in a file
-           [providers.file]
+          [providers.file]
        ```
        ```yaml tab="YAML"
-        entrypoints:
+        entryPoints:
          web:
            # Listen on port 8081 for incoming requests
            address: :8081
@ -139,42 +142,43 @@ http:
        ```toml tab="TOML"
        # http routing section
        [http]
-            [http.routers]
+          [http.routers]
-               # Define a connection between requests and services
+            # Define a connection between requests and services
-               [http.routers.to-whoami]
+            [http.routers.to-whoami]
-                  rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
+              rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
-                  # If the rule matches, applies the middleware
+              # If the rule matches, applies the middleware
-                  middlewares = ["test-user"]
+              middlewares = ["test-user"]
-                  # If the rule matches, forward to the whoami service (declared below)
+              # If the rule matches, forward to the whoami service (declared below)
-                  service = "whoami"
+              service = "whoami"
-            [http.middlewares]
+          [http.middlewares]
-               # Define an authentication mechanism
+             # Define an authentication mechanism
-               [http.middlewares.test-user.basicauth]
+             [http.middlewares.test-user.basicAuth]
-                  users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
+               users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
-            [http.services]
+          [http.services]
-               # Define how to reach an existing service on our infrastructure
+             # Define how to reach an existing service on our infrastructure
-               [http.services.whoami.loadbalancer]
+             [http.services.whoami.loadBalancer]
-                  [[http.services.whoami.loadbalancer.servers]]
+               [[http.services.whoami.loadBalancer.servers]]
-                     url = "http://private/whoami-service"
+                 url = "http://private/whoami-service"
-           [tcp]
+        [tcp]
-              [tcp.routers]
+          [tcp.routers]
-                 [tcp.routers.to-whoami-tcp]
+            [tcp.routers.to-whoami-tcp]
-                     rule = "HostSNI(`whoami-tcp.traefik.io`)"
+              rule = "HostSNI(`whoami-tcp.traefik.io`)"
-                     service = "whoami-tcp"
+              service = "whoami-tcp"
-                     [tcp.routers.to-whoami-tcp.tls]
+              [tcp.routers.to-whoami-tcp.tls]
-              [tcp.services]
+          [tcp.services]
-                 [tcp.services.whoami-tcp.loadbalancer]
+            [tcp.services.whoami-tcp.loadBalancer]
-                    [[tcp.services.whoami-tcp.loadbalancer.servers]]
+              [[tcp.services.whoami-tcp.loadBalancer.servers]]
-                       address = "xx.xx.xx.xx:xx"
+                address = "xx.xx.xx.xx:xx"
        ```
        ```yaml tab="YAML"
        # http routing section
        http:
          routers:
            # Define a connection between requests and services
            to-whoami:
@ -184,26 +188,30 @@ http:
              - test-user
              # If the rule matches, forward to the whoami service (declared below)
              service: whoami
          middlewares:
            # Define an authentication mechanism
            test-user:
              basicAuth:
                users:
                - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
          services:
            # Define how to reach an existing service on our infrastructure
            whoami:
-              loadbalancer:
+              loadBalancer:
                servers:
                - url: http://private/whoami-service
        tcp:
          routers:
            to-whoami-tcp:
              service: whoami-tcp
              rule: HostSNI(`whoami-tcp.traefik.io`)
          services:
            whoami-tcp:
-              loadbalancer:
+              loadBalancer:
                servers:
                - address: xx.xx.xx.xx:xx
        ```
--- a/docs/content/routing/routers/index.md
+++ b/docs/content/routing/routers/index.md
@ -12,40 +12,84 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie
 ??? example "Requests /foo are Handled by service-foo -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
      [http.routers]
        [http.routers.my-router]
-        rule = "Path(`/foo`)"
+          rule = "Path(`/foo`)"
-        service = "service-foo"
+          service = "service-foo"
    ```
    ```yaml tab="YAML"
      http:
        routers:
          my-router:
            rule: "Path(`/foo`)"
            service: service-foo
    ```
 ??? example "With a [middleware](../../middlewares/overview.md) -- using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
      [http.routers]
        [http.routers.my-router]
-        rule = "Path(`/foo`)"
+          rule = "Path(`/foo`)"
-        middlewares = ["authentication"] # declared elsewhere
+          # declared elsewhere
-        service = "service-foo"
+          middlewares = ["authentication"]
          service = "service-foo"
    ```
    ```yaml tab="YAML"
      http:
        routers:
          my-router:
            rule: "Path(`/foo`)"
            # declared elsewhere
            middlewares:
            - authentication
            service: service-foo
    ```
 ??? example "Forwarding all (non-tls) requests on port 3306 to a database service"
-
+    
-    ```toml
+    ```toml tab="TOML"
-      [entryPoints]
+    ## Static configuration ##
-        [entryPoints.mysql-default]
+    
-          address = ":80"
+    [entryPoints]
-        [entryPoints.mysql-default]
+      [entryPoints.web]
-          address = ":3306"   
+        address = ":80"
      [entryPoints.mysql-default]
        address = ":3306"   
    ## Dynamic configuration ##
    [tcp]
      [tcp.routers]
        [tcp.routers.to-database]
          entryPoints = ["mysql-default"]
          # Catch every request (only available rule for non-tls routers. See below.)
          rule = "HostSNI(`*`)"
          service = "database"
    ```
-    ```toml
+    ```yaml tab="YAML"
-      [tcp]
+    ## Static configuration ##
-        [tcp.routers]
+    
-          [tcp.routers.to-database]
+    entryPoints:
-            entryPoints = ["mysql-default"]
+      web:
-            rule = "HostSNI(`*`)" # Catch every request (only available rule for non-tls routers. See below.)
+        address: ":80"
-            service = "database"
+      mysql-default:
        address: ":3306"   
    ## Dynamic configuration ##
    tcp:
      routers:
        to-database:
          entryPoints:
          - "mysql-default"
          # Catch every request (only available rule for non-tls routers. See below.)
          rule: "HostSNI(`*`)"
          service: database
    ```
 ## Configuring HTTP Routers
@ -56,43 +100,94 @@ If not specified, HTTP routers will accept requests from all defined entry point
 If you want to limit the router scope to a set of entry points, set the `entryPoints` option.
 ??? example "Listens to Every EntryPoint"
-
+    
-    ```toml
+    ```toml tab="TOML"
    ## Static configuration ##
    [entryPoints]
-       [entryPoints.web]
+      [entryPoints.web]
-          # ...
+        # ...
-       [entryPoints.web-secure]
+      [entryPoints.web-secure]
-          # ...
+        # ...
-       [entryPoints.other]
+      [entryPoints.other]
-          # ...
+        # ...
    ## Dynamic configuration ##
    [http.routers]
      [http.routers.Router-1]
        # By default, routers listen to every entry points
        rule = "Host(`traefik.io`)"
        service = "service-1"
    ```
-    ```toml
+    ```yaml tab="YAML"
-    [http.routers]
+    ## Static configuration ##
-       [http.routers.Router-1]
+    
-          # By default, routers listen to every entrypoints
+    entryPoints:
-          rule = "Host(`traefik.io`)"
+      web:
-          service = "service-1"
+        # ...
      web-secure:
        # ...
      other:
        # ...
    ## Dynamic configuration ##
    http:
      routers:
        Router-1:
          # By default, routers listen to every entry points
          rule: "Host(`traefik.io`)"
          service: "service-1"
    ```
 ??? example "Listens to Specific EntryPoints"
-
+    
-    ```toml
+    ```toml tab="TOML"
    ## Static configuration ##
    [entryPoints]
-       [entryPoints.web]
+      [entryPoints.web]
-          # ...
+        # ...
-       [entryPoints.web-secure]
+      [entryPoints.web-secure]
-          # ...
+        # ...
-       [entryPoints.other]
+      [entryPoints.other]
-          # ...
+        # ...
    ## Dynamic configuration ##
    [http.routers]
      [http.routers.Router-1]
        # won't listen to entry point web
        entryPoints = ["web-secure", "other"]
        rule = "Host(`traefik.io`)"
        service = "service-1"
    ```
-    ```toml
+    ```yaml tab="YAML"
-    [http.routers]
+    ## Static configuration ##
-       [http.routers.Router-1]
+    
-          entryPoints = ["web-secure", "other"] # won't listen to entrypoint web
+    entryPoints:
-          rule = "Host(`traefik.io`)"
+      web:
-          service = "service-1"
+        # ...
      web-secure:
        # ...
      other:
        # ...
    ## Dynamic configuration ##
    http:
      routers:
        Router-1:
          # won't listen to entry point web
          entryPoints:
          - "web-secure"
          - "other"
          rule: "Host(`traefik.io`)"
          service: "service-1"
    ```
 ### Rule
@ -170,12 +265,23 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
 ??? example "Configuring the router to accept HTTPS requests only"
-    ```toml
+    ```toml tab="TOML"
    [http.routers]
-       [http.routers.Router-1]
+      [http.routers.Router-1]
-          rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
+        rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
-          service = "service-id"
+        service = "service-id"
-          [http.routers.Router-1.tls] # will terminate the TLS request
+        # will terminate the TLS request
        [http.routers.Router-1.tls]
    ```
    ```yaml tab="YAML"
    http:
      routers:
        Router-1:
          rule: "Host(`foo-domain`) && Path(`/foo-path/`)"
          service: service-id
          # will terminate the TLS request
          tls: {}
    ```
 !!! note "HTTPS & ACME"
@ -192,16 +298,31 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
    ??? example "HTTP & HTTPS routes"
-        ```toml
+        ```toml tab="TOML"
        [http.routers]
-           [http.routers.my-https-router]
+          [http.routers.my-https-router]
-              rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
+            rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
-              service = "service-id"
+            service = "service-id"
-              [http.routers.my-https-router.tls] # will terminate the TLS request
+            # will terminate the TLS request
            [http.routers.my-https-router.tls]
-           [http.routers.my-http-router]
+          [http.routers.my-http-router]
-              rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
+            rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
-              service = "service-id"
+            service = "service-id"
        ```
        ```yaml tab="YAML"
        http:
          routers:
            my-https-router:
              rule: "Host(`foo-domain`) && Path(`/foo-path/`)"
              service: service-id
              # will terminate the TLS request
              tls: {}
            my-http-router:
              rule: "Host(`foo-domain`) && Path(`/foo-path/`)"
              service: service-id
        ```
 #### `Options`
@ -209,23 +330,43 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
 The `Options` field enables fine-grained control of the TLS parameters.  
 It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `Host` rule is defined.
-??? example "Configuring the tls options"
+??? example "Configuring the TLS options"
-    ```toml
+    ```toml tab="TOML"
    [http.routers]
-       [http.routers.Router-1]
+      [http.routers.Router-1]
-          rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
+        rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
-          service = "service-id"
+        service = "service-id"
-          [http.routers.Router-1.tls] # will terminate the TLS request
+        # will terminate the TLS request
-            options = "foo"
+        [http.routers.Router-1.tls]
          options = "foo"
    [tls.options]
      [tls.options.foo]
-          minVersion = "VersionTLS12"
+        minVersion = "VersionTLS12"
-          cipherSuites = [
+        cipherSuites = [
-            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            "TLS_RSA_WITH_AES_256_GCM_SHA384"
+          "TLS_RSA_WITH_AES_256_GCM_SHA384"
-          ]
+        ]
    ```
    ```yaml tab="YAML"
    http:
      routers:
        Router-1:
          rule: "Host(`foo-domain`) && Path(`/foo-path/`)"
          service: service-id
          # will terminate the TLS request
          tls:
            options: foo
    tls:
      options:
        foo:
          minVersion: VersionTLS12
          cipherSuites:
          - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
          - TLS_RSA_WITH_AES_256_GCM_SHA384
    ```
 ## Configuring TCP Routers
@ -242,44 +383,100 @@ If you want to limit the router scope to a set of entry points, set the entry po
 ??? example "Listens to Every Entry Point"
-    ```toml
+    ```toml tab="TOML"
    ## Static configuration ##
    [entryPoints]
-       [entryPoints.web]
+      [entryPoints.web]
-          # ...
+        # ...
-       [entryPoints.web-secure]
+      [entryPoints.web-secure]
-          # ...
+        # ...
-       [entryPoints.other]
+      [entryPoints.other]
-          # ...
+        # ...
    ## Dynamic configuration ##
    [tcp.routers]
      [tcp.routers.Router-1]
        # By default, routers listen to every entrypoints
        rule = "HostSNI(`traefik.io`)"
        service = "service-1"
        # will route TLS requests (and ignore non tls requests)
        [tcp.routers.Router-1.tls]
    ```
-    ```toml
+    ```yaml tab="YAML"
-    [tcp.routers]
+    ## Static configuration ##
-       [tcp.routers.Router-1]
+    
    entryPoints:
      web:
        # ...
      web-secure:
        # ...
      other:
        # ...
    ## Dynamic configuration ##
    tcp:
      routers:
        Router-1:
          # By default, routers listen to every entrypoints
-          rule = "HostSNI(`traefik.io`)"
+          rule: "HostSNI(`traefik.io`)"
-          service = "service-1"
+          service: "service-1"
-          [tcp.routers.Router-1.tls] # will route TLS requests (and ignore non tls requests)
+          # will route TLS requests (and ignore non tls requests)
          tls: {}
    ```
 ??? example "Listens to Specific Entry Points"
-
+    
-    ```toml
+    ```toml tab="TOML"
    ## Static configuration ##
    [entryPoints]
-       [entryPoints.web]
+      [entryPoints.web]
-          # ...
+        # ...
-       [entryPoints.web-secure]
+      [entryPoints.web-secure]
-          # ...
+        # ...
-       [entryPoints.other]
+      [entryPoints.other]
-          # ...
+        # ...
-    ```
+        
-
+    ## Dynamic configuration ##
-    ```toml
+    
    [tcp.routers]
-       [tcp.routers.Router-1]
+      [tcp.routers.Router-1]
-          entryPoints = ["web-secure", "other"] # won't listen to entrypoint web
+        # won't listen to entry point web
-          rule = "HostSNI(`traefik.io`)"
+        entryPoints = ["web-secure", "other"]
-          service = "service-1"
+        rule = "HostSNI(`traefik.io`)"
-          [tcp.routers.Router-1.tls] # will route TLS requests (and ignore non tls requests)
+        service = "service-1"
        # will route TLS requests (and ignore non tls requests)
        [tcp.routers.Router-1.tls]
    ```
    ```yaml tab="YAML"
    ## Static configuration ##
    entryPoints:
      web:
        # ...
      web-secure:
        # ...
      other:
        # ...
    ## Dynamic configuration ##
    tcp:
      routers:
        Router-1:
          # won't listen to entry point web
          entryPoints:
          - "web-secure"
          - "other"
          rule: "HostSNI(`traefik.io`)"
          service: "service-1"
          # will route TLS requests (and ignore non tls requests)
          tls: {}
    ```
 ### Rule
@ -312,23 +509,44 @@ Services are the target for the router.
 ??? example "Configuring TLS Termination"
-    ```toml
+    ```toml tab="TOML"
    [tcp.routers]
-       [tcp.routers.Router-1]
+      [tcp.routers.Router-1]
-          rule = "HostSNI(`foo-domain`)"
+        rule = "HostSNI(`foo-domain`)"
-          service = "service-id"
+        service = "service-id"
-          [tcp.routers.Router-1.tls] # will terminate the TLS request by default
+        # will terminate the TLS request by default
        [tcp.routers.Router-1.tls]
    ```
    ```yaml tab="YAML"
    tcp:
      routers:
        Router-1:
          rule: "HostSNI(`foo-domain`)"
          service: service-id
          # will terminate the TLS request by default
          tld: {}
    ```
 ??? example "Configuring passthrough"
-    ```toml
+    ```toml tab="TOML"
    [tcp.routers]
-       [tcp.routers.Router-1]
+      [tcp.routers.Router-1]
-          rule = "HostSNI(`foo-domain`)"
+        rule = "HostSNI(`foo-domain`)"
-          service = "service-id"
+        service = "service-id"
-          [tcp.routers.Router-1.tls]
+        [tcp.routers.Router-1.tls]
-             passthrough=true
+          passthrough = true
    ```
    ```yaml tab="YAML"
    tcp:
      routers:
        Router-1:
          rule: "HostSNI(`foo-domain`)"
          service: service-id
          tls:
            passthrough: true
    ```
 !!! note "TLS & ACME"
@ -342,19 +560,39 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
 ??? example "Configuring the tls options"
-    ```toml
+    ```toml tab="TOML"
    [tcp.routers]
-       [tcp.routers.Router-1]
+      [tcp.routers.Router-1]
-          rule = "HostSNI(`foo-domain`)"
+        rule = "HostSNI(`foo-domain`)"
-          service = "service-id"
+        service = "service-id"
-          [tcp.routers.Router-1.tls] # will terminate the TLS request
+        # will terminate the TLS request
-            options = "foo"
+        [tcp.routers.Router-1.tls]
          options = "foo"
    [tls.options]
      [tls.options.foo]
-          minVersion = "VersionTLS12"
+        minVersion = "VersionTLS12"
-          cipherSuites = [
+        cipherSuites = [
-            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            "TLS_RSA_WITH_AES_256_GCM_SHA384"
+          "TLS_RSA_WITH_AES_256_GCM_SHA384"
-          ]
+        ]
    ```
    ```yaml tab="YAML"
    tcp:
      routers:
        Router-1:
          rule: "HostSNI(`foo-domain`)"
          service: service-id
          # will terminate the TLS request
          tls:
            options: foo
    tls:
      options:
        foo:
          minVersion: VersionTLS12
          cipherSuites:
          - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
          - "TLS_RSA_WITH_AES_256_GCM_SHA384"
    ```
--- a/docs/content/routing/services/index.md
+++ b/docs/content/routing/services/index.md
@ -11,25 +11,45 @@ The `Services` are responsible for configuring how to reach the actual services
 ??? example "Declaring an HTTP Service with Two Servers -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
-      [http.services.my-service.LoadBalancer]
+      [http.services.my-service.loadBalancer]
-         
+
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-1/"
+          url = "http://private-ip-server-1/"
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-2/"
+          url = "http://private-ip-server-2/"
    ```
    ```yaml tab="YAML"
    http:
      services:
        my-service:
          loadBalancer:
            servers:
            - url: "http://private-ip-server-1/"
            - url: "http://private-ip-server-2/"
    ```
 ??? example "Declaring a TCP Service with Two Servers -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [tcp.services]
-      [tcp.services.my-service.LoadBalancer]         
+      [tcp.services.my-service.loadBalancer]
-         [[tcp.services.my-service.LoadBalancer.servers]]
+         [[tcp.services.my-service.loadBalancer.servers]]
-            address = "xx.xx.xx.xx:xx"
+           address = "xx.xx.xx.xx:xx"
-         [[tcp.services.my-service.LoadBalancer.servers]]
+         [[tcp.services.my-service.loadBalancer.servers]]
-            address = "xx.xx.xx.xx:xx"
+           address = "xx.xx.xx.xx:xx"
    ```
    ```yaml tab="YAML"
    tcp:
      services:
        my-service:
          loadBalancer:         
            servers:
            - address: "xx.xx.xx.xx:xx"
            - address: "xx.xx.xx.xx:xx"
    ```
 ## Configuring HTTP Services
@ -46,14 +66,24 @@ The load balancers are able to load balance the requests between multiple instan
 ??? example "Declaring a Service with Two Servers (with Load Balancing) -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
-      [http.services.my-service.LoadBalancer]
+      [http.services.my-service.loadBalancer]
-         
+
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-1/"
+          url = "http://private-ip-server-1/"
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-2/"
+          url = "http://private-ip-server-2/"
    ```
    ```yaml tab="YAML"
    http:
      services:
        my-service:
          loadBalancer:
            servers:
            - url: "http://private-ip-server-1/"
            - url: "http://private-ip-server-2/"
    ```
 #### Servers
@ -68,11 +98,20 @@ The `url` option point to a specific instance.
 ??? example "A Service with One Server -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
-      [http.services.my-service.LoadBalancer]
+      [http.services.my-service.loadBalancer]
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-1/"
+          url = "http://private-ip-server-1/"
    ```
    ```yaml tab="YAML"
    http:
      services:
        my-service:
          loadBalancer:
            servers:
              url: "http://private-ip-server-1/"
    ```
 #### Load-balancing
@ -81,13 +120,23 @@ For now, only round robin load balancing is supported:
 ??? example "Load Balancing -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
-      [http.services.my-service.LoadBalancer]
+      [http.services.my-service.loadBalancer]
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-1/"
+          url = "http://private-ip-server-1/"
-         [[http.services.my-service.LoadBalancer.servers]]
+        [[http.services.my-service.loadBalancer.servers]]
-            url = "http://private-ip-server-1/"
+          url = "http://private-ip-server-2/"
    ```
    ```yaml tab="YAML"
    http:
      services:
        my-service:
          loadBalancer:
            servers:
            - url: "http://private-ip-server-1/"
            - url: "http://private-ip-server-2/"
    ```
 #### Sticky sessions
@ -109,39 +158,56 @@ On subsequent requests, the client is forwarded to the same server.
 ??? example "Adding Stickiness"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
      [http.services.my-service]
-        [http.services.my-service.LoadBalancer.stickiness]
+        [http.services.my-service.loadBalancer.stickiness]
-          secureCookie = true
+    ```
-          httpOnlyCookie = true
+    
    ```yaml tab="YAML"
    http:
      services:
        my-service:
          loadBalancer:
            stickiness: {}
    ```
 ??? example "Adding Stickiness with a Custom Cookie Name"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
      [http.services.my-service]
-        [http.services.my-service.LoadBalancer.stickiness]
+        [http.services.my-service.loadBalancer.stickiness]
-           cookieName = "my_stickiness_cookie_name"
+          cookieName = "my_stickiness_cookie_name"
-           secureCookie = true
+          secureCookie = true
-           httpOnlyCookie = true
+          httpOnlyCookie = true
    ```
    ```yaml tab="YAML"
    http:
      services:
        my-service:
          loadBalancer:
            stickiness:
              cookieName: my_stickiness_cookie_name
              secureCookie: true
              httpOnlyCookie: true
    ```
 #### Health Check
-Configure healthcheck to remove unhealthy servers from the load balancing rotation.
+Configure health check to remove unhealthy servers from the load balancing rotation.
 Traefik will consider your servers healthy as long as they return status codes between `2XX` and `3XX` to the health check requests (carried out every `interval`).
 Below are the available options for the health check mechanism:
- `path` is appended to the server URL to set the healcheck endpoint.
+- `path` is appended to the server URL to set the health check endpoint.
- `scheme`, if defined, will replace the server URL `scheme` for the healthcheck endpoint
+- `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint
- `hostname`, if defined, will replace the server URL `hostname` for the healthcheck endpoint.
+- `hostname`, if defined, will replace the server URL `hostname` for the health check endpoint.
- `port`, if defined, will replace the server URL `port` for the healthcheck endpoint.
+- `port`, if defined, will replace the server URL `port` for the health check endpoint.
- `interval` defines the frequency of the healthcheck calls.
+- `interval` defines the frequency of the health check calls.
- `timeout` defines the maximum duration Traefik will wait for a healthcheck request before considering the server failed (unhealthy).
+- `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy).
- `headers` defines custom headers to be sent to the healthcheck endpoint.
+- `headers` defines custom headers to be sent to the health check endpoint.
 !!! note "Interval & Timeout Format"
@ -153,50 +219,93 @@ Below are the available options for the health check mechanism:
    Traefik keeps monitoring the health of unhealthy servers. 
    If a server has recovered (returning `2xx` -> `3xx` responses again), it will be added back to the load balacer rotation pool.
-??? example "Custom Interval & Timeout -- Using the File Provider"
+??? example "Custom Interval & Timeout -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [http.services]
      [http.servicess.Service-1]
-        [http.services.Service-1.healthcheck]
+        [http.services.Service-1.loadBalancer.healthCheck]
-            path = "/health"
+          path = "/health"
-            interval = "10s"
+          interval = "10s"
-            timeout = "3s"
+          timeout = "3s"
    ```
-??? example "Custom Port -- Using the File Provider"
+    ```yaml tab="YAML"
    http:
      servicess:
        Service-1:
          loadBalancer:
            healthCheck:
              path: /health
              interval: "10s"
              timeout: "3s"
    ```
-    ```toml
+??? example "Custom Port -- Using the [File Provider](../../providers/file.md)"
    ```toml tab="TOML"
    [http.services]
      [http.services.Service-1]
-        [http.services.Service-1.healthcheck]
+        [http.services.Service-1.loadBalancer.healthCheck]
-            path = "/health"
+          path = "/health"
-            port = 8080
+          port = 8080
    ```
 ??? example "Custom Scheme -- Using the File Provider"
    ```toml
    [http.services]
      [http.services.Service-1]
        [http.services.Service-1.healthcheck]
            path = "/health"
            scheme = "http"
    ```
 ??? example "Additional HTTP Headers -- Using the File Provider"
    ```toml
    [http.services]
        [http.services.Service-1]
            [http.servicess.Service-1.healthcheck]
                path = "/health"
                [Service.Service-1.healthcheck.headers]
                    My-Custom-Header = "foo"
                    My-Header = "bar"
    ```
    ```yaml tab="YAML"
    http:
      services:
        Service-1:
          loadBalancer:
            healthCheck:
              path: /health
              port: 8080
    ```
 ??? example "Custom Scheme -- Using the [File Provider](../../providers/file.md)"
    ```toml tab="TOML"
    [http.services]
      [http.services.Service-1]
        [http.services.Service-1.loadBalancer.healthCheck]
          path = "/health"
          scheme = "http"
    ```
    ```yaml tab="YAML"
    http:
      services:
        Service-1:
          loadBalancer:
            healthCheck:
              path: /health
              scheme: http
    ```
 ??? example "Additional HTTP Headers -- Using the [File Provider](../../providers/file.md)"
    ```toml tab="TOML"
    [http.services]
      [http.services.Service-1]
        [http.services.Service-1.loadBalancer.healthCheck]
          path = "/health"
          [http.services.Service-1.loadBalancer.healthCheck.headers]
            My-Custom-Header = "foo"
            My-Header = "bar"
    ```
    ```yaml tab="YAML"
    http:
      services:
        Service-1:
          loadBalancer:
            healthCheck:
              path: /health
              headers:
                My-Custom-Header: foo
                My-Header: bar
    ```
 ## Configuring TCP Services
 ### General
@ -211,13 +320,23 @@ The load balancers are able to load balance the requests between multiple instan
 ??? example "Declaring a Service with Two Servers -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [tcp.services]
-      [tcp.services.my-service.LoadBalancer]
+      [tcp.services.my-service.loadBalancer]
-         [[tcp.services.my-service.LoadBalancer.servers]]
+        [[tcp.services.my-service.loadBalancer.servers]]
-            address = "xx.xx.xx.xx:xx"
+          address = "xx.xx.xx.xx:xx"
-         [[tcp.services.my-service.LoadBalancer.servers]]
+        [[tcp.services.my-service.loadBalancer.servers]]
-            address = "xx.xx.xx.xx:xx"
+           address = "xx.xx.xx.xx:xx"
    ```
    ```yaml tab="YAML"
    tcp:
      services:
        my-service:
          loadBalancer:
            servers:
            - address: "xx.xx.xx.xx:xx"
            - address: "xx.xx.xx.xx:xx"
    ```
 #### Servers
@ -227,9 +346,18 @@ The `address` option (IP:Port) point to a specific instance.
 ??? example "A Service with One Server -- Using the [File Provider](../../providers/file.md)"
-    ```toml
+    ```toml tab="TOML"
    [tcp.services]
-      [tcp.services.my-service.LoadBalancer]
+      [tcp.services.my-service.loadBalancer]
-         [[tcp.services.my-service.LoadBalancer.servers]]
+        [[tcp.services.my-service.loadBalancer.servers]]
-            address = "xx.xx.xx.xx:xx"
+          address = "xx.xx.xx.xx:xx"
    ```
    ```yaml tab="YAML"
    tcp:
      services:
        my-service:
          loadBalancer:
            servers:
              address: "xx.xx.xx.xx:xx"
    ```
--- a/docs/content/user-guides/marathon.md
+++ b/docs/content/user-guides/marathon.md
@ -17,10 +17,10 @@ Traefik tries to detect the configured mode and route traffic to the right IP ad
 Traefik also attempts to determine the right port (which is a [non-trivial matter in Marathon](https://mesosphere.github.io/marathon/docs/ports.html)).
 Following is the order by which Traefik tries to identify the port (the first one that yields a positive result will be used):
-1. A arbitrary port specified through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=8080`
+1. A arbitrary port specified through the `traefik.http.services.serviceName.loadbalancer.server.port=8080`
-1. The task port (possibly indexed through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=index:0` label, otherwise the first one).
+1. The task port (possibly indexed through the `traefik.http.services.serviceName.loadbalancer.server.port=index:0` label, otherwise the first one).
-1. The port from the application's `portDefinitions` field (possibly indexed through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=index:0` label, otherwise the first one).
+1. The port from the application's `portDefinitions` field (possibly indexed through the `traefik.http.services.serviceName.loadbalancer.server.port=index:0` label, otherwise the first one).
-1. The port from the application's `ipAddressPerTask` field (possibly indexed through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=index:0` label, otherwise the first one).
+1. The port from the application's `ipAddressPerTask` field (possibly indexed through the `traefik.http.services.serviceName.loadbalancer.server.port=index:0` label, otherwise the first one).
 ## Achieving high availability
@ -47,7 +47,7 @@ Beginning with version 1.4, Traefik respects readiness check results if the Trae
 !!! note
    Due to the way readiness check results are currently exposed by the Marathon API, ready tasks may be taken into rotation with a small delay.
-    It is on the order of one readiness check timeout interval (as configured on the application specifiation) and guarantees that non-ready tasks do not receive traffic prematurely.
+    It is on the order of one readiness check timeout interval (as configured on the application specification) and guarantees that non-ready tasks do not receive traffic prematurely.
 If readiness checks are not possible, a current mitigation strategy is to enable [retries](../middlewares/retry.md) and make sure that a sufficient number of healthy application tasks exist so that one retry will likely hit one of those.
 Apart from its probabilistic nature, the workaround comes at the price of increased latency.
@ -80,7 +80,7 @@ Failure reasons vary broadly and could stretch from unacceptable slowness, a tas
 There are two mitigaton efforts:
 1. Configure [Marathon health checks](https://mesosphere.github.io/marathon/docs/health-checks.html) on each application.
-2. Configure Traefik health checks (possibly via the `traefik.HTTP.Services.YourServiceName.LoadBalancer.HealthCheck.*` labels) and make sure they probe with proper frequency.
+2. Configure Traefik health checks (possibly via the `traefik.http.services.yourServiceName.loadbalancer.healthcheck.*` labels) and make sure they probe with proper frequency.
 The Marathon health check makes sure that applications once deemed dysfunctional are being rescheduled to different slaves.
 However, they might take a while to get triggered and the follow-up processes to complete.
--- a/integration/fixtures/access_log_config.toml
+++ b/integration/fixtures/access_log_config.toml
@ -1,10 +1,10 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "ERROR"
+  level = "ERROR"
-filePath = "traefik.log"
+  filePath = "traefik.log"
 [accessLog]
  filePath = "access.log"
@ -24,7 +24,7 @@ filePath = "traefik.log"
 [api]
 [providers]
-   [providers.docker]
+  [providers.docker]
-     exposedByDefault = false
+    exposedByDefault = false
-     defaultRule = "Host(`{{ normalize .Name }}.docker.local`)"
+    defaultRule = "Host(`{{ normalize .Name }}.docker.local`)"
-     watch = true
+    watch = true
--- a/integration/fixtures/acme/acme_base.toml
+++ b/integration/fixtures/acme/acme_base.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -40,11 +40,13 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.services]
-  [http.services.test.loadbalancer]
+  [http.services.test.loadBalancer]
-    [[http.services.test.loadbalancer.servers]]
+    [[http.services.test.loadBalancer.servers]]
      url = "http://127.0.0.1:9010"
 [http.routers]
--- a/integration/fixtures/acme/acme_tls.toml
+++ b/integration/fixtures/acme/acme_tls.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -40,19 +40,21 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.services]
-  [http.services.test.loadbalancer]
+  [http.services.test.loadBalancer]
-    [[http.services.test.loadbalancer.servers]]
+    [[http.services.test.loadBalancer.servers]]
-    url = "http://127.0.0.1:9010"
+      url = "http://127.0.0.1:9010"
 [http.routers]
  [http.routers.test]
-  entryPoints = ["web-secure"]
+    entryPoints = ["web-secure"]
-  rule = "Host(`traefik.acme.wtf`)"
+    rule = "Host(`traefik.acme.wtf`)"
-  service = "test"
+    service = "test"
-  [http.routers.test.tls]
+    [http.routers.test.tls]
 [tls.stores]
  [tls.stores.default.defaultCertificate]
--- a/integration/fixtures/acme/acme_tls_dynamic.toml
+++ b/integration/fixtures/acme/acme_tls_dynamic.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -36,6 +36,6 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
-      filename = "fixtures/acme/certificates.toml"
+    filename = "fixtures/acme/certificates.toml"
-      watch = true
+    watch = true
--- a/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
+++ b/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -16,7 +16,7 @@ level = "DEBUG"
    address = ":9000"
 #       FIXME
 #      [entryPoints.traefik.tls]
-#        [entryPoints.traefik.tls.DefaultCertificate]
+#        [entryPoints.traefik.tls.defaultCertificate]
 #        certFile = "fixtures/acme/ssl/wildcard.crt"
 #        keyFile = "fixtures/acme/ssl/wildcard.key"
--- a/integration/fixtures/acme/certificates.toml
+++ b/integration/fixtures/acme/certificates.toml
@ -1,6 +1,6 @@
 [http.services]
-  [http.services.test.loadbalancer]
+  [http.services.test.loadBalancer]
-    [[http.services.test.loadbalancer.servers]]
+    [[http.services.test.loadBalancer.servers]]
      url = "http://127.0.0.1:9010"
 [http.routers]
--- a/integration/fixtures/docker/minimal.toml
+++ b/integration/fixtures/docker/minimal.toml
@ -1,18 +1,18 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
 [api]
 [providers]
-   [providers.docker]
+  [providers.docker]
-      endpoint = "{{ .DockerHost }}"
+    endpoint = "{{ .DockerHost }}"
-      defaultRule = "{{ .DefaultRule }}"
+    defaultRule = "{{ .DefaultRule }}"
-      exposedByDefault = false
+    exposedByDefault = false
--- a/integration/fixtures/docker/simple.toml
+++ b/integration/fixtures/docker/simple.toml
@ -1,18 +1,18 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
 [api]
 [providers]
-   [providers.docker]
+  [providers.docker]
-      endpoint = "{{ .DockerHost }}"
+    endpoint = "{{ .DockerHost }}"
-      defaultRule = "{{ .DefaultRule }}"
+    defaultRule = "{{ .DefaultRule }}"
-      exposedByDefault = true
+    exposedByDefault = true
--- a/integration/fixtures/error_pages/error.toml
+++ b/integration/fixtures/error_pages/error.toml
@ -1,35 +1,37 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8080"
+    address = ":8080"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Rule = "Host(`test.local`)"
+    rule = "Host(`test.local`)"
    service = "service1"
    middlewares = ["error"]
 [http.middlewares]
-    [http.middlewares.error.errors]
+  [http.middlewares.error.errors]
-        status = ["500-502", "503-599"]
+    status = ["500-502", "503-599"]
-        service = "error"
+    service = "error"
-        query = "/50x.html"
+    query = "/50x.html"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
    passHostHeader = true
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
-        url = "http://{{.Server1}}:8989474"
+      url = "http://{{.Server1}}:8989474"
-  [http.services.error.loadbalancer]
+  [http.services.error.loadBalancer]
-    [[http.services.error.loadbalancer.servers]]
+    [[http.services.error.loadBalancer.servers]]
-        url = "http://{{.Server2}}:80"
+      url = "http://{{.Server2}}:80"
--- a/integration/fixtures/error_pages/simple.toml
+++ b/integration/fixtures/error_pages/simple.toml
@ -1,35 +1,37 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8080"
+    address = ":8080"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-      Rule = "Host(`test.local`)"
+    rule = "Host(`test.local`)"
-      service = "service1"
+    service = "service1"
-      middlewares = ["error"]
+    middlewares = ["error"]
 [http.middlewares]
-    [http.middlewares.error.errors]
+  [http.middlewares.error.errors]
-        status = ["500-502", "503-599"]
+    status = ["500-502", "503-599"]
-        service = "error"
+    service = "error"
-        query = "/50x.html"
+    query = "/50x.html"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
    passHostHeader = true
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
-        url = "http://{{.Server1}}:80"
+      url = "http://{{.Server1}}:80"
-  [http.services.error.loadbalancer]
+  [http.services.error.loadBalancer]
-    [[http.services.error.loadbalancer.servers]]
+    [[http.services.error.loadBalancer.servers]]
-        url = "http://{{.Server2}}:80"
+      url = "http://{{.Server2}}:80"
--- a/integration/fixtures/file/56-simple-panic.toml
+++ b/integration/fixtures/file/56-simple-panic.toml
@ -1,14 +1,13 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
 [providers]
-   [providers.file]
+  [providers.file]
--- a/integration/fixtures/file/dir/simple1.toml
+++ b/integration/fixtures/file/dir/simple1.toml
@ -4,6 +4,6 @@
    service = "service1"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://172.17.0.2:80"
--- a/integration/fixtures/file/dir/simple2.toml
+++ b/integration/fixtures/file/dir/simple2.toml
@ -4,6 +4,6 @@
    service = "service2"
 [http.services]
-  [http.services.service2.loadbalancer]
+  [http.services.service2.loadBalancer]
-    [[http.services.service2.loadbalancer.servers]]
+    [[http.services.service2.loadBalancer.servers]]
      url = "http://172.17.0.123:80"
--- a/integration/fixtures/file/directory.toml
+++ b/integration/fixtures/file/directory.toml
@ -1,14 +1,14 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
 [providers]
-   [providers.file]
+  [providers.file]
-      directory = "fixtures/file/dir/"
+    directory = "fixtures/file/dir/"
--- a/integration/fixtures/file/simple-hosts.toml
+++ b/integration/fixtures/file/simple-hosts.toml
@ -1,16 +1,18 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
    address = ":8000"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -22,6 +24,6 @@ level = "DEBUG"
    service = "service1"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
-        URL = "{{.Server}}"
+      url = "{{.Server}}"
--- a/integration/fixtures/file/simple.toml
+++ b/integration/fixtures/file/simple.toml
@ -1,16 +1,18 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
    address = ":8000"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -23,19 +25,19 @@ level = "DEBUG"
    service = "service1"
 [http.middlewares]
-  [http.middlewares.circuitbreaker.circuitbreaker]
+  [http.middlewares.circuitbreaker.circuitBreaker]
    expression = "NetworkErrorRatio() > 0.5"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://172.17.0.2:80"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://172.17.0.3:80"
  [http.services.service2]
-    [http.services.service2.loadbalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.loadbalancer.servers]]
+      [[http.services.service2.loadBalancer.servers]]
        url = "http://172.17.0.4:80"
-      [[http.services.service2.loadbalancer.servers]]
+      [[http.services.service2.loadBalancer.servers]]
        url = "http://172.17.0.5:80"
--- a/integration/fixtures/grpc/config.toml
+++ b/integration/fixtures/grpc/config.toml
@ -1,12 +1,12 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [serversTransport]
-rootCAs = [ """{{ .CertContent }}""" ]
+  rootCAs = [ """{{ .CertContent }}""" ]
 [entryPoints]
  [entryPoints.web-secure]
@ -15,7 +15,9 @@ rootCAs = [ """{{ .CertContent }}""" ]
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -24,11 +26,11 @@ rootCAs = [ """{{ .CertContent }}""" ]
    [http.routers.router1.tls]
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "https://127.0.0.1:{{ .GRPCServerPort }}"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = """{{ .CertContent }}"""
    keyFile  = """{{ .KeyContent }}"""
--- a/integration/fixtures/grpc/config_h2c.toml
+++ b/integration/fixtures/grpc/config_h2c.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -12,7 +12,9 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -20,6 +22,6 @@ level = "DEBUG"
    service = "service1"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "h2c://127.0.0.1:{{ .GRPCServerPort }}"
--- a/integration/fixtures/grpc/config_h2c_termination.toml
+++ b/integration/fixtures/grpc/config_h2c_termination.toml
@ -1,19 +1,20 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -22,11 +23,11 @@ level = "DEBUG"
    [http.routers.router1.tls]
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
-    url = "h2c://127.0.0.1:{{ .GRPCServerPort }}"
+      url = "h2c://127.0.0.1:{{ .GRPCServerPort }}"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = """{{ .CertContent }}"""
    keyFile  = """{{ .KeyContent }}"""
--- a/integration/fixtures/grpc/config_insecure.toml
+++ b/integration/fixtures/grpc/config_insecure.toml
@ -1,12 +1,12 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [serversTransport]
-insecureSkipVerify = true
+  insecureSkipVerify = true
 [entryPoints]
  [entryPoints.web-secure]
@ -15,7 +15,9 @@ insecureSkipVerify = true
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -24,11 +26,11 @@ insecureSkipVerify = true
    [http.routers.router1.tls]
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "https://127.0.0.1:{{ .GRPCServerPort }}"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = """{{ .CertContent }}"""
    keyFile  = """{{ .KeyContent }}"""
--- a/integration/fixtures/grpc/config_retry.toml
+++ b/integration/fixtures/grpc/config_retry.toml
@ -1,21 +1,23 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [serversTransport]
-rootCAs = [ """{{ .CertContent }}""" ]
+  rootCAs = [ """{{ .CertContent }}""" ]
 [entryPoints]
  [entryPoints.web-secure]
-  address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -26,16 +28,16 @@ rootCAs = [ """{{ .CertContent }}""" ]
 [http.middlewares]
  [http.middlewares.retryer.retry]
-    Attempts = 2
+    attempts = 2
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-  [http.services.service1.loadbalancer.responseForwarding]
+  [http.services.service1.loadBalancer.responseForwarding]
-     flushInterval="1ms"
+    flushInterval = "1ms"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "https://127.0.0.1:{{ .GRPCServerPort }}"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = """{{ .CertContent }}"""
    keyFile  = """{{ .KeyContent }}"""
--- a/integration/fixtures/headers/basic.toml
+++ b/integration/fixtures/headers/basic.toml
@ -1,16 +1,18 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
    address = ":8000"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -18,6 +20,6 @@ level = "DEBUG"
    service = "service1"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://172.17.0.2:80"
--- a/integration/fixtures/headers/cors.toml
+++ b/integration/fixtures/headers/cors.toml
@ -1,16 +1,18 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
    address = ":8000"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -18,13 +20,13 @@ level = "DEBUG"
    service = "service1"
 [http.middlewares]
-  [http.middlewares.cors.Headers]
+  [http.middlewares.cors.headers]
-    AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
+    accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
-    AccessControlAllowOrigin = "origin-list-or-null"
+    accessControlAllowOrigin = "origin-list-or-null"
-    AccessControlMaxAge = 100
+    accessControlMaxAge = 100
-    AddVaryHeader = true
+    addVaryHeader = true
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://172.17.0.2:80"
--- a/integration/fixtures/healthcheck/multiple-entrypoints.toml
+++ b/integration/fixtures/healthcheck/multiple-entrypoints.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.http1]
@ -14,20 +14,22 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
    service = "service1"
-    Rule = "Host(`test.localhost`)"
+    rule = "Host(`test.localhost`)"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [http.services.service1.loadbalancer.healthcheck]
+    [http.services.service1.loadBalancer.healthcheck]
      path = "/health"
      interval = "1s"
      timeout = "0.9s"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://{{.Server1}}:80"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://{{.Server2}}:80"
--- a/integration/fixtures/healthcheck/port_overload.toml
+++ b/integration/fixtures/healthcheck/port_overload.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -12,19 +12,21 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
    service = "service1"
-    Rule = "Host(`test.localhost`)"
+    rule = "Host(`test.localhost`)"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [http.services.service1.loadbalancer.healthcheck]
+    [http.services.service1.loadBalancer.healthcheck]
      path = "/health"
      port = 80
      interval = "1s"
      timeout = "0.9s"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://{{.Server1}}:81"
--- a/integration/fixtures/healthcheck/simple.toml
+++ b/integration/fixtures/healthcheck/simple.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -12,20 +12,22 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
    service = "service1"
-    Rule = "Host(`test.localhost`)"
+    rule = "Host(`test.localhost`)"
 [http.services]
-  [http.services.service1.loadbalancer]
+  [http.services.service1.loadBalancer]
-    [http.services.service1.loadbalancer.healthcheck]
+    [http.services.service1.loadBalancer.healthcheck]
      path = "/health"
      interval = "1s"
      timeout = "0.9s"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://{{.Server1}}:80"
-    [[http.services.service1.loadbalancer.servers]]
+    [[http.services.service1.loadBalancer.servers]]
      url = "http://{{.Server2}}:80"
--- a/integration/fixtures/https/clientca/https_1ca1config.toml
+++ b/integration/fixtures/https/clientca/https_1ca1config.toml
@ -1,48 +1,50 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-  address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Host(`snitest.com`)"
+    rule = "Host(`snitest.com`)"
    [http.routers.router1.tls]
  [http.routers.router2]
-    Service = "service2"
+    service = "service2"
-    Rule = "Host(`snitest.org`)"
+    rule = "Host(`snitest.org`)"
    [http.routers.router2.tls]
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9010"
+        url = "http://127.0.0.1:9010"
  [http.services.service2]
-    [http.services.service2.LoadBalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.LoadBalancer.Servers]]
+      [[http.services.service2.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9020"
+        url = "http://127.0.0.1:9020"
 [[tls.certificates]]
-    certFile = "fixtures/https/snitest.com.cert"
+  certFile = "fixtures/https/snitest.com.cert"
-    keyFile = "fixtures/https/snitest.com.key"
+  keyFile = "fixtures/https/snitest.com.key"
 [[tls.certificates]]
-    certFile = "fixtures/https/snitest.org.cert"
+  certFile = "fixtures/https/snitest.org.cert"
-    keyFile = "fixtures/https/snitest.org.key"
+  keyFile = "fixtures/https/snitest.org.key"
 [tls.options]
  [tls.options.default.ClientCA]
--- a/integration/fixtures/https/clientca/https_2ca1config.toml
+++ b/integration/fixtures/https/clientca/https_2ca1config.toml
@ -1,49 +1,51 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-  address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Host(`snitest.com`)"
+    rule = "Host(`snitest.com`)"
    [http.routers.router1.tls]
  [http.routers.router2]
-    Service = "service2"
+    service = "service2"
-    Rule = "Host(`snitest.org`)"
+    rule = "Host(`snitest.org`)"
    [http.routers.router2.tls]
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9010"
+        url = "http://127.0.0.1:9010"
  [http.services.service2]
-    [http.services.service2.LoadBalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.LoadBalancer.Servers]]
+      [[http.services.service2.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9020"
+        url = "http://127.0.0.1:9020"
 [[tls.certificates]]
-    certFile = "fixtures/https/snitest.com.cert"
+  certFile = "fixtures/https/snitest.com.cert"
-    keyFile = "fixtures/https/snitest.com.key"
+  keyFile = "fixtures/https/snitest.com.key"
 [[tls.certificates]]
  certFile = "fixtures/https/snitest.org.cert"
  keyFile = "fixtures/https/snitest.org.key"
 [tls.options]
-  [tls.options.default.ClientCA]
+  [tls.options.default.clientCA]
    files = ["fixtures/https/clientca/ca1and2.crt"]
--- a/integration/fixtures/https/clientca/https_2ca2config.toml
+++ b/integration/fixtures/https/clientca/https_2ca2config.toml
@ -1,39 +1,41 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-  address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Host(`snitest.com`)"
+    rule = "Host(`snitest.com`)"
    [http.routers.router1.tls]
  [http.routers.router2]
-    Service = "service2"
+    service = "service2"
-    Rule = "Host(`snitest.org`)"
+    rule = "Host(`snitest.org`)"
    [http.routers.router2.tls]
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9010"
+        url = "http://127.0.0.1:9010"
  [http.services.service2]
-    [http.services.service2.LoadBalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.LoadBalancer.Servers]]
+      [[http.services.service2.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9020"
+        url = "http://127.0.0.1:9020"
 [[tls.certificates]]
  certFile = "fixtures/https/snitest.com.cert"
@ -44,6 +46,6 @@ level = "DEBUG"
  keyFile = "fixtures/https/snitest.org.key"
 [tls.options]
-  [tls.options.default.ClientCA]
+  [tls.options.default.clientCA]
    files = ["fixtures/https/clientca/ca1.crt", "fixtures/https/clientca/ca2.crt"]
    optional = false
--- a/integration/fixtures/https/dynamic_https.toml
+++ b/integration/fixtures/https/dynamic_https.toml
@ -11,30 +11,30 @@
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:9010"
  [http.services.service2]
-    [http.services.service2.LoadBalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.LoadBalancer.Servers]]
+      [[http.services.service2.loadBalancer.servers]]
        url = "http://127.0.0.1:9020"
 #  bad certificates to validate the loop on the certificate appending
 [[tls.certificates]]
-    # bad content
+  # bad content
-    certFile = """-----BEGIN CERTIFICATE-----
+  certFile = """-----BEGIN CERTIFICATE-----
 MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
 -----END CERTIFICATE-----"""
-    # bad content
+  # bad content
-    keyFile = """-----BEGIN RSA PRIVATE KEY-----
+  keyFile = """-----BEGIN RSA PRIVATE KEY-----
 wihZ13e3i5UQEYuoRcH1RUd1wyYoBSKuQnsT2WwVZ1wlXSYaELAbQgaI9NtfBA0G
 eRG3DaVpez4DQVupZDHMgxJUYqqKynUj6GD1YiaxGROj3TYCu6e7OxyhalhCllSu
 w/X5M802XqzLjeec5zHoZDfknnAkgR9MsxZYmZPFaDyL6GOKUB8=
 -----END RSA PRIVATE KEY-----"""
 [[tls.certificates]]
-    certFile = """-----BEGIN CERTIFICATE-----
+  certFile = """-----BEGIN CERTIFICATE-----
 MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
 BAMMC3NuaXRlc3Qub3JnMB4XDTE1MTEyMzIyMDU0NFoXDTI1MTEyMDIyMDU0NFow
 FjEUMBIGA1UEAwwLc25pdGVzdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
@ -53,7 +53,7 @@ FJTkElnxtELAGHoIwZ+bKprnexefpn9UW84VJvJ2crSR63vBvdTrgsrEGW6kQj1I
 k5fvuuXbIc979pQOoO03zG0S7Wpmpsw+9dQB9TOxGITOLfCZwEuIhnv+M9lLqCks
 7H2A
 -----END CERTIFICATE-----"""
-   keyFile = """-----BEGIN RSA PRIVATE KEY-----
+  keyFile = """-----BEGIN RSA PRIVATE KEY-----
 MIIEogIBAAKCAQEAvG9kL+vF57+MICehzbqcQAUlAOSl5r/YO6cMLBTEjiteaNqh
 hc8f8fZaCIuaTCGCMuElcCTa2FIu+9pwmDKkiFV5cHLfwhO9I9iW9oHiB7t4x2xV
 l67lm1tbRhlGM757DlM4jxN6y1mvzTmzWCy5VCiWsXx68Z6biqUFLF86C5duXCRF
--- a/integration/fixtures/https/dynamic_https_sni.toml
+++ b/integration/fixtures/https/dynamic_https_sni.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
@ -15,6 +15,6 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
-      fileName = "{{.DynamicConfFileName}}"
+    fileName = "{{.DynamicConfFileName}}"
-      watch = true
+    watch = true
--- a/integration/fixtures/https/dynamic_https_sni_default_cert.toml
+++ b/integration/fixtures/https/dynamic_https_sni_default_cert.toml
@ -1,18 +1,20 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-     address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -27,8 +29,8 @@ level = "DEBUG"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:9010"
 [[tls.certificates]]
@ -40,6 +42,6 @@ level = "DEBUG"
  keyFile = "fixtures/https/www.snitest.com.key"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = "fixtures/https/snitest.com.cert"
    keyFile = "fixtures/https/snitest.com.key"
--- a/integration/fixtures/https/https_redirect.toml
+++ b/integration/fixtures/https/https_redirect.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -17,6 +17,8 @@ level = "DEBUG"
 [providers]
  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
    entryPoints = [ "web" ]
@ -139,34 +141,34 @@ level = "DEBUG"
    [http.routers.router10TLS.tls]
 [http.middlewares]
-  [http.middlewares.api-strip.StripPrefix]
+  [http.middlewares.api-strip.stripPrefix]
-     prefixes = ["/api"]
+    prefixes = ["/api"]
-  [http.middlewares.api-slash-strip.StripPrefix]
+  [http.middlewares.api-slash-strip.stripPrefix]
-     prefixes = ["/api/"]
+    prefixes = ["/api/"]
-  [http.middlewares.foo-add-prefix.AddPrefix]
+  [http.middlewares.foo-add-prefix.addPrefix]
-     prefix = "/foo"
+    prefix = "/foo"
-  [http.middlewares.foo-slash-add-prefix.AddPrefix]
+  [http.middlewares.foo-slash-add-prefix.addPrefix]
-     prefix = "/foo/"
+    prefix = "/foo/"
-  [http.middlewares.id-strip-regex-prefix.StripPrefixRegex]
+  [http.middlewares.id-strip-regex-prefix.stripPrefixRegex]
-     regex = ["/{id:[a-z]+}"]
+    regex = ["/{id:[a-z]+}"]
-  [http.middlewares.id-slash-strip-regex-prefix.StripPrefixRegex]
+  [http.middlewares.id-slash-strip-regex-prefix.stripPrefixRegex]
-     regex = ["/{id:[a-z]+}/"]
+    regex = ["/{id:[a-z]+}/"]
-  [http.middlewares.api-regex-replace.ReplacePathRegex]
+  [http.middlewares.api-regex-replace.replacePathRegex]
-     regex = "/api"
+    regex = "/api"
-     replacement = "/"
+    replacement = "/"
-  [http.middlewares.api-slash-regex-replace.ReplacePathRegex]
+  [http.middlewares.api-slash-regex-replace.replacePathRegex]
-     regex = "/api/"
+    regex = "/api/"
-     replacement = "/"
+    replacement = "/"
-  [http.middlewares.api-replace-path.ReplacePath]
+  [http.middlewares.api-replace-path.replacePath]
-     path = "/api"
+    path = "/api"
-  [http.middlewares.api-slash-replace-path.ReplacePath]
+  [http.middlewares.api-slash-replace-path.replacePath]
-     path = "/api/"
+    path = "/api/"
  [http.middlewares.redirect-https.redirectScheme]
-     scheme = "https"
+    scheme = "https"
-     port = "8443"
+    port = "8443"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:80"
--- a/integration/fixtures/https/https_sni.toml
+++ b/integration/fixtures/https/https_sni.toml
@ -1,40 +1,42 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-  address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Host(`snitest.com`)"
+    rule = "Host(`snitest.com`)"
    [http.routers.router1.tls]
  [http.routers.router2]
-    Service = "service2"
+    service = "service2"
-    Rule = "Host(`snitest.org`)"
+    rule = "Host(`snitest.org`)"
    [http.routers.router2.tls]
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9010"
+        url = "http://127.0.0.1:9010"
  [http.services.service2]
-    [http.services.service2.LoadBalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.LoadBalancer.Servers]]
+      [[http.services.service2.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9020"
+        url = "http://127.0.0.1:9020"
 [[tls.certificates]]
  certFile = "fixtures/https/snitest.com.cert"
--- a/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
+++ b/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
@ -12,7 +12,9 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -27,8 +29,8 @@ level = "DEBUG"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:9010"
 [[tls.certificates]]
@ -36,6 +38,6 @@ level = "DEBUG"
  keyFile = "fixtures/https/uppercase_wildcard.www.snitest.com.key"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = "fixtures/https/wildcard.snitest.com.cert"
    keyFile = "fixtures/https/wildcard.snitest.com.key"
--- a/integration/fixtures/https/https_sni_default_cert.toml
+++ b/integration/fixtures/https/https_sni_default_cert.toml
@ -1,18 +1,20 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-     address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -27,8 +29,8 @@ level = "DEBUG"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:9010"
 [[tls.certificates]]
@ -40,6 +42,6 @@ level = "DEBUG"
  keyFile = "fixtures/https/www.snitest.com.key"
 [tls.stores]
-  [tls.stores.default.DefaultCertificate]
+  [tls.stores.default.defaultCertificate]
    certFile = "fixtures/https/snitest.com.cert"
    keyFile = "fixtures/https/snitest.com.key"
--- a/integration/fixtures/https/https_sni_strict.toml
+++ b/integration/fixtures/https/https_sni_strict.toml
@ -12,7 +12,9 @@
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
@ -22,8 +24,8 @@
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:9010"
 [tls.options]
@ -32,7 +34,7 @@
 [tls.stores]
  [tls.stores.default]
-    [tls.stores.default.DefaultCertificate]
+    [tls.stores.default.defaultCertificate]
      certFile = "fixtures/https/snitest.com.cert"
      keyFile = "fixtures/https/snitest.com.key"
--- a/integration/fixtures/https/https_tls_options.toml
+++ b/integration/fixtures/https/https_tls_options.toml
@ -1,48 +1,50 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web-secure]
-  address = ":4443"
+    address = ":4443"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Host(`snitest.com`)"
+    rule = "Host(`snitest.com`)"
    [http.routers.router1.tls]
      options = "foo"
  [http.routers.router2]
-    Service = "service2"
+    service = "service2"
-    Rule = "Host(`snitest.org`)"
+    rule = "Host(`snitest.org`)"
    [http.routers.router2.tls]
      options = "bar"
  [http.routers.router3]
-    Service = "service2"
+    service = "service2"
-    Rule = "Host(`snitest.org`)"
+    rule = "Host(`snitest.org`)"
    [http.routers.router3.tls]
      options = "unknown"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9010"
+        url = "http://127.0.0.1:9010"
  [http.services.service2]
-    [http.services.service2.LoadBalancer]
+    [http.services.service2.loadBalancer]
-      [[http.services.service2.LoadBalancer.Servers]]
+      [[http.services.service2.loadBalancer.servers]]
-        URL = "http://127.0.0.1:9020"
+        url = "http://127.0.0.1:9020"
 [[tls.certificates]]
  certFile = "fixtures/https/snitest.com.cert"
--- a/integration/fixtures/https/rootcas/https.toml
+++ b/integration/fixtures/https/rootcas/https.toml
@ -1,13 +1,13 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [serversTransport]
-# Use certificate in net/internal/testcert.go
+  # Use certificate in net/internal/testcert.go
-rootCAs =  [ """
+  rootCAs =  [ """
 -----BEGIN CERTIFICATE-----
 MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS
 MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
@ -26,21 +26,23 @@ fblo6RBxUQ==
 [entryPoints]
  [entryPoints.web]
-  address = ":8081"
+    address = ":8081"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Path(`/ping`)"
+    rule = "Path(`/ping`)"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "{{ .BackendHost }}"
+        url = "{{ .BackendHost }}"
--- a/integration/fixtures/https/rootcas/https_with_file.toml
+++ b/integration/fixtures/https/rootcas/https_with_file.toml
@ -1,31 +1,33 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [serversTransport]
-# Use certificate in net/internal/testcert.go
+  # Use certificate in net/internal/testcert.go
-rootCAs =  [ "fixtures/https/rootcas/local.crt"]
+  rootCAs =  [ "fixtures/https/rootcas/local.crt"]
 [entryPoints]
  [entryPoints.web]
-  address = ":8081"
+    address = ":8081"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Path(`/ping`)"
+    rule = "Path(`/ping`)"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "{{ .BackendHost }}"
+        url = "{{ .BackendHost }}"
--- a/integration/fixtures/k8s_crd.toml
+++ b/integration/fixtures/k8s_crd.toml
@ -1,18 +1,16 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
     address = ":8000"
  [entryPoints.footcp]
      address = ":8093"
 [api]
-[Providers]
+[entryPoints]
-   [Providers.KubernetesCRD]
+  [entryPoints.footcp]
    address = ":8093"
  [entryPoints.web]
    address = ":8000"
 [providers.kubernetesCRD]
--- a/integration/fixtures/k8s_default.toml
+++ b/integration/fixtures/k8s_default.toml
@ -1,15 +1,14 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
 level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
     address = ":8000"
 [api]
-[Providers]
+[log]
-   [Providers.Kubernetes]
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
    address = ":8000"
 [providers.kubernetes]
--- a/integration/fixtures/log_rotation_config.toml
+++ b/integration/fixtures/log_rotation_config.toml
@ -1,37 +1,36 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-filePath = "traefik.log"
+  filePath = "traefik.log"
-level = "ERROR"
+  level = "ERROR"
 [accessLog]
-filePath = "access.log"
+  filePath = "access.log"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
  [entryPoints.api]
-  address = ":7888"
+    address = ":7888"
 [api]
-entryPoint = "api"
+  entryPoint = "api"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 ################################################################
 # rules
 ################################################################
 [http.routers]
  [http.routers.router1]
    Service = "service1"
-    Rule = "Path(`/test1`)"
+    rule = "Path(`/test1`)"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://127.0.0.1:8081"
+        url = "http://127.0.0.1:8081"
--- a/integration/fixtures/marathon/simple.toml
+++ b/integration/fixtures/marathon/simple.toml
@ -1,21 +1,21 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
-[entryPoints.api]
+  [entryPoints.api]
-  address = ":9090"
+    address = ":9090"
 [api]
  entryPoint = "api"
 [providers]
-   [providers.marathon]
+  [providers.marathon]
-      endpoint = "{{.MarathonURL}}"
+    endpoint = "{{.MarathonURL}}"
-      watch = true
+    watch = true
-      exposedByDefault = true
+    exposedByDefault = true
--- a/integration/fixtures/multiple_provider.toml
+++ b/integration/fixtures/multiple_provider.toml
@ -1,32 +1,31 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-     address = ":8000"
+    address = ":8000"
 [api]
 [providers]
-   [providers.docker]
+  [providers.docker]
-      endpoint = "unix:///var/run/docker.sock"
+    watch = true
-      watch = true
+    exposedByDefault = false
      exposedByDefault = false
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router-1]
-    Service = "service-test"
+    service = "service-test"
-    Rule = "PathPrefix(`/file`)"
+    rule = "PathPrefix(`/file`)"
 [http.services]
-  [http.services.service-test]
+  [http.services.service-test.loadBalancer]
-    [http.services.service-test.LoadBalancer]
+    [[http.services.service-test.loadBalancer.servers]]
-
+      url = "http://{{ .IP }}"
      [[http.services.service-test.LoadBalancer.Servers]]
        URL = "http://{{ .IP }}"
--- a/integration/fixtures/multiprovider.toml
+++ b/integration/fixtures/multiprovider.toml
@ -1,27 +1,28 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [api]
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
-[Providers]
+[providers]
-   [Providers.Rest]
+  [providers.rest]
-   [Providers.File]
+  [providers.file]
 ## dynamic configuration ##
 [http.services]
-  [http.services.service]
+    [http.services.service.loadBalancer]
-    [http.services.service.LoadBalancer]
+      [[http.services.service.loadBalancer.servers]]
        url = "{{.Server}}"
      [[http.services.service.LoadBalancer.Servers]]
        URL = "{{.Server}}"
 [http.middlewares]
-  [http.middlewares.customheader.Headers.CustomRequestHeaders]
+  [http.middlewares.customheader.headers.customRequestHeaders]
-  X-Custom="CustomValue"
+    X-Custom="CustomValue"
--- a/integration/fixtures/proxy-protocol/with.toml
+++ b/integration/fixtures/proxy-protocol/with.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -14,16 +14,18 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Path(`/whoami`)"
+    rule = "Path(`/whoami`)"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://{{.WhoamiIP}}"
+        url = "http://{{.WhoamiIP}}"
--- a/integration/fixtures/proxy-protocol/without.toml
+++ b/integration/fixtures/proxy-protocol/without.toml
@ -1,9 +1,9 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
@ -14,16 +14,18 @@ level = "DEBUG"
 [api]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Rule = "Path(`/whoami`)"
+    rule = "Path(`/whoami`)"
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://{{.WhoamiIP}}"
+        url = "http://{{.WhoamiIP}}"
--- a/integration/fixtures/ratelimit/simple.toml
+++ b/integration/fixtures/ratelimit/simple.toml
@ -1,45 +1,46 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [api]
-entrypoint="api"
+  entrypoint="api"
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8081"
+    address = ":8081"
  [entryPoints.api]
-  address = ":8080"
+    address = ":8080"
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router1]
-    Service = "service1"
+    service = "service1"
-    Middlewares = [ "ratelimit" ]
+    middlewares = [ "ratelimit" ]
-    Rule = "Path(`/`)"
+    rule = "Path(`/`)"
 [http.middlewares]
-  [http.middlewares.ratelimit.RateLimit]
+  [http.middlewares.ratelimit.rateLimit]
    extractorfunc = "client.ip"
-      [http.middlewares.ratelimit.RateLimit.rateset.rateset1]
+      [http.middlewares.ratelimit.rateLimit.rateSet.rateset1]
-      period = "60s"
+        period = "60s"
-      average = 4
+        average = 4
-      burst = 5
+        burst = 5
-      [http.middlewares.ratelimit.RateLimit.rateset.rateset2]
+      [http.middlewares.ratelimit.rateLimit.rateSet.rateset2]
-      period = "3s"
+        period = "3s"
-      average = 1
+        average = 1
-      burst = 2
+        burst = 2
 [http.services]
  [http.services.service1]
-    [http.services.service1.LoadBalancer]
+    [http.services.service1.loadBalancer]
      passHostHeader = true
-      [[http.services.service1.LoadBalancer.Servers]]
+      [[http.services.service1.loadBalancer.servers]]
-        URL = "http://{{.Server1}}:80"
+        url = "http://{{.Server1}}:80"
--- a/integration/fixtures/reqacceptgrace.toml
+++ b/integration/fixtures/reqacceptgrace.toml
@ -1,35 +1,36 @@
 [global]
-checkNewVersion = false
+  checkNewVersion = false
-sendAnonymousUsage = false
+  sendAnonymousUsage = false
 [log]
-level = "DEBUG"
+  level = "DEBUG"
 [entryPoints]
  [entryPoints.web]
-  address = ":8000"
+    address = ":8000"
-  [entryPoints.web.transport.lifeCycle]
+    [entryPoints.web.transport.lifeCycle]
-    RequestAcceptGraceTimeout = "10s"
+      requestAcceptGraceTimeout = "10s"
  [entryPoints.traefik]
-  address = ":8001"
+    address = ":8001"
-[entryPoints.traefik.transport.lifeCycle]
+    [entryPoints.traefik.transport.lifeCycle]
-    RequestAcceptGraceTimeout = "10s"
+      requestAcceptGraceTimeout = "10s"
 [ping]
 [providers]
-   [providers.file]
+  [providers.file]
 ## dynamic configuration ##
 [http.routers]
  [http.routers.router]
-    Service = "service"
+    service = "service"
-    Rule = "Path(`/service`)"
+    rule = "Path(`/service`)"
 [http.services]
-  [http.services.service]
+    [http.services.service.loadBalancer]
-    [http.services.service.LoadBalancer]
+      [[http.services.service.loadBalancer.servers]]
-
+        url = "{{.Server}}"
      [[http.services.service.LoadBalancer.Servers]]
        URL = "{{.Server}}"
--- a/Show more
+++ b/Show more