Merge branch v3.2 into master

2024-12-12 15:47:51 +01:00 · 2024-12-12 15:47:51 +01:00 · 4974d9e4d7
commit 4974d9e4d7
parent e85d02c530 33cf06b36a
70 changed files with 5344 additions and 283 deletions
--- a/pkg/plugins/fixtures/withoutsocket/demo.go
+++ b/pkg/plugins/fixtures/withoutsocket/demo.go
@ -0,0 +1,52 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/http-wasm/http-wasm-guest-tinygo/handler"
+	"github.com/http-wasm/http-wasm-guest-tinygo/handler/api"
+)
+
+type config struct {
+	File string   `json:"file"`
+	Envs []string `json:"envs"`
+}
+
+var cfg config
+
+// Built with
+// tinygo build -o plugin.wasm -scheduler=none --no-debug -target=wasi ./demo.go
+func main() {
+	err := json.Unmarshal(handler.Host.GetConfig(), &cfg)
+	if err != nil {
+		handler.Host.Log(api.LogLevelError, fmt.Sprintf("Could not load config %v", err))
+		os.Exit(1)
+	}
+
+	handler.HandleRequestFn = handleRequest
+}
+
+func handleRequest(req api.Request, resp api.Response) (next bool, reqCtx uint32) {
+	var bodyContent []byte
+	if cfg.File != "" {
+		var err error
+		bodyContent, err = os.ReadFile(cfg.File)
+		if err != nil {
+			resp.SetStatusCode(http.StatusInternalServerError)
+			resp.Body().Write([]byte(fmt.Sprintf("error reading file %q: %w", cfg.File, err.Error())))
+			return false, 0
+		}
+	}
+
+	if len(cfg.Envs) > 0 {
+		for _, env := range cfg.Envs {
+			bodyContent = append(bodyContent, []byte(os.Getenv(env)+"\n")...)
+		}
+	}
+
+	resp.Body().Write(bodyContent)
+	return false, 0
+}
--- a/pkg/plugins/fixtures/withoutsocket/go.mod
+++ b/pkg/plugins/fixtures/withoutsocket/go.mod
@ -0,0 +1,5 @@
+module withoutsocket
+
+go 1.23.0
+
+require github.com/http-wasm/http-wasm-guest-tinygo v0.4.0
--- a/pkg/plugins/fixtures/withoutsocket/go.sum
+++ b/pkg/plugins/fixtures/withoutsocket/go.sum
@ -0,0 +1,2 @@
+github.com/http-wasm/http-wasm-guest-tinygo v0.4.0 h1:sWd1hqOL8LF3DVRPXloVELTQItibKtDCtVSA4UfMf4Y=
+github.com/http-wasm/http-wasm-guest-tinygo v0.4.0/go.mod h1:zcKr7h/t5ha2ZWIMwV4iOqhfC/qno/tNPYgybVkn/MQ=
--- a/pkg/plugins/fixtures/withoutsocket/plugin.wasm
+++ b/pkg/plugins/fixtures/withoutsocket/plugin.wasm
--- a/pkg/plugins/middlewarewasm.go
+++ b/pkg/plugins/middlewarewasm.go
@ -83,7 +83,7 @@ func (b *wasmMiddlewareBuilder) buildMiddleware(ctx context.Context, next http.H

 	config := wazero.NewModuleConfig().WithSysWalltime().WithStartFunctions("_start", "_initialize")
 	for _, env := range b.settings.Envs {
-		config.WithEnv(env, os.Getenv(env))
+		config = config.WithEnv(env, os.Getenv(env))
 	}

 	if len(b.settings.Mounts) > 0 {
@ -97,14 +97,14 @@ func (b *wasmMiddlewareBuilder) buildMiddleware(ctx context.Context, next http.H
 			parts := strings.Split(prefix, ":")
 			switch {
 			case len(parts) == 1:
-				withDir(parts[0], parts[0])
+				fsConfig = withDir(parts[0], parts[0])
 			case len(parts) == 2:
-				withDir(parts[0], parts[1])
+				fsConfig = withDir(parts[0], parts[1])
 			default:
 				return nil, nil, fmt.Errorf("invalid directory %q", mount)
 			}
 		}
-		config.WithFSConfig(fsConfig)
+		config = config.WithFSConfig(fsConfig)
 	}

 	opts := []handler.Option{
--- a/pkg/plugins/middlewarewasm_test.go
+++ b/pkg/plugins/middlewarewasm_test.go
@ -0,0 +1,120 @@
+package plugins
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path"
+	"reflect"
+	"testing"
+
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/tetratelabs/wazero"
+)
+
+func TestSettingsWithoutSocket(t *testing.T) {
+	cache := wazero.NewCompilationCache()
+
+	zerolog.SetGlobalLevel(zerolog.DebugLevel)
+
+	ctx := log.Logger.WithContext(context.Background())
+
+	t.Setenv("PLUGIN_TEST", "MY-TEST")
+	t.Setenv("PLUGIN_TEST_B", "MY-TEST_B")
+
+	testCases := []struct {
+		desc        string
+		getSettings func(t *testing.T) (Settings, map[string]interface{})
+		expected    string
+	}{
+		{
+			desc: "mounts path",
+			getSettings: func(t *testing.T) (Settings, map[string]interface{}) {
+				t.Helper()
+
+				tempDir := t.TempDir()
+				filePath := path.Join(tempDir, "hello.txt")
+				err := os.WriteFile(filePath, []byte("content_test"), 0o644)
+				require.NoError(t, err)
+
+				return Settings{Mounts: []string{
+						tempDir,
+					}}, map[string]interface{}{
+						"file": filePath,
+					}
+			},
+			expected: "content_test",
+		},
+		{
+			desc: "mounts src to dest",
+			getSettings: func(t *testing.T) (Settings, map[string]interface{}) {
+				t.Helper()
+
+				tempDir := t.TempDir()
+				filePath := path.Join(tempDir, "hello.txt")
+				err := os.WriteFile(filePath, []byte("content_test"), 0o644)
+				require.NoError(t, err)
+
+				return Settings{Mounts: []string{
+						tempDir + ":/tmp",
+					}}, map[string]interface{}{
+						"file": "/tmp/hello.txt",
+					}
+			},
+			expected: "content_test",
+		},
+		{
+			desc: "one env",
+			getSettings: func(t *testing.T) (Settings, map[string]interface{}) {
+				t.Helper()
+
+				envs := []string{"PLUGIN_TEST"}
+				return Settings{Envs: envs}, map[string]interface{}{
+					"envs": envs,
+				}
+			},
+			expected: "MY-TEST\n",
+		},
+		{
+			desc: "two env",
+			getSettings: func(t *testing.T) (Settings, map[string]interface{}) {
+				t.Helper()
+
+				envs := []string{"PLUGIN_TEST", "PLUGIN_TEST_B"}
+				return Settings{Envs: envs}, map[string]interface{}{
+					"envs": envs,
+				}
+			},
+			expected: "MY-TEST\nMY-TEST_B\n",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			settings, config := test.getSettings(t)
+
+			builder := &wasmMiddlewareBuilder{path: "./fixtures/withoutsocket/plugin.wasm", cache: cache, settings: settings}
+
+			cfg := reflect.ValueOf(config)
+
+			m, applyCtx, err := builder.buildMiddleware(ctx, http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+				rw.WriteHeader(http.StatusTeapot)
+			}), cfg, "test")
+			require.NoError(t, err)
+
+			rw := httptest.NewRecorder()
+			req := httptest.NewRequestWithContext(applyCtx(ctx), "GET", "/", http.NoBody)
+
+			m.ServeHTTP(rw, req)
+
+			assert.Equal(t, http.StatusOK, rw.Code)
+			assert.Equal(t, test.expected, rw.Body.String())
+		})
+	}
+}
--- a/pkg/provider/docker/config.go
+++ b/pkg/provider/docker/config.go
@ -21,10 +21,11 @@ import (
 type DynConfBuilder struct {
 	Shared
 	apiClient client.APIClient
+	swarm     bool
 }

-func NewDynConfBuilder(configuration Shared, apiClient client.APIClient) *DynConfBuilder {
-	return &DynConfBuilder{Shared: configuration, apiClient: apiClient}
+func NewDynConfBuilder(configuration Shared, apiClient client.APIClient, swarm bool) *DynConfBuilder {
+	return &DynConfBuilder{Shared: configuration, apiClient: apiClient, swarm: swarm}
 }

 func (p *DynConfBuilder) build(ctx context.Context, containersInspected []dockerData) *dynamic.Configuration {
@ -321,16 +322,16 @@ func (p *DynConfBuilder) getIPAddress(ctx context.Context, container dockerData)
 	logger := log.Ctx(ctx)

 	netNotFound := false
-	if container.ExtraConf.Docker.Network != "" {
+	if container.ExtraConf.Network != "" {
 		settings := container.NetworkSettings
 		if settings.Networks != nil {
-			network := settings.Networks[container.ExtraConf.Docker.Network]
+			network := settings.Networks[container.ExtraConf.Network]
 			if network != nil {
 				return network.Addr
 			}

 			netNotFound = true
-			logger.Warn().Msgf("Could not find network named %q for container %q. Maybe you're missing the project's prefix in the label?", container.ExtraConf.Docker.Network, container.Name)
+			logger.Warn().Msgf("Could not find network named %q for container %q. Maybe you're missing the project's prefix in the label?", container.ExtraConf.Network, container.Name)
 		}
 	}

@ -360,12 +361,12 @@ func (p *DynConfBuilder) getIPAddress(ctx context.Context, container dockerData)
 		containerParsed := parseContainer(containerInspected)
 		extraConf, err := p.extractLabels(containerParsed)
 		if err != nil {
-			logger.Warn().Err(err).Msgf("Unable to get IP address for container %s : failed to get extra configuration for container %s", container.Name, containerInspected.Name)
+			logger.Warn().Err(err).Msgf("Unable to get IP address for container %s: failed to get extra configuration for container %s", container.Name, containerInspected.Name)
 			return ""
 		}

-		if extraConf.Docker.Network == "" {
-			extraConf.Docker.Network = container.ExtraConf.Docker.Network
+		if extraConf.Network == "" {
+			extraConf.Network = container.ExtraConf.Network
 		}

 		containerParsed.ExtraConf = extraConf
@ -396,3 +397,10 @@ func (p *DynConfBuilder) getPortBinding(container dockerData, serverPort string)

 	return nil, fmt.Errorf("unable to find the external IP:Port for the container %q", container.Name)
 }
+
+func (p *DynConfBuilder) extractLabels(container dockerData) (configuration, error) {
+	if p.swarm {
+		return p.Shared.extractSwarmLabels(container)
+	}
+	return p.Shared.extractDockerLabels(container)
+}
--- a/pkg/provider/docker/config_test.go
+++ b/pkg/provider/docker/config_test.go
@ -405,18 +405,16 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					DefaultRule:      test.defaultRule,
 				},
 			}
+			require.NoError(t, p.Init())

-			err := p.Init()
-			require.NoError(t, err)
+			builder := NewDynConfBuilder(p.Shared, nil, false)

 			for i := range len(test.containers) {
 				var err error
-				test.containers[i].ExtraConf, err = p.extractLabels(test.containers[i])
+				test.containers[i].ExtraConf, err = builder.extractLabels(test.containers[i])
 				require.NoError(t, err)
 			}

-			builder := NewDynConfBuilder(p.Shared, nil)
-
 			configuration := builder.build(context.Background(), test.containers)

 			assert.Equal(t, test.expected, configuration)
@ -3662,17 +3660,16 @@ func TestDynConfBuilder_build(t *testing.T) {
 			}
 			p.Constraints = test.constraints

-			err := p.Init()
-			require.NoError(t, err)
+			require.NoError(t, p.Init())
+
+			builder := NewDynConfBuilder(p.Shared, nil, false)

 			for i := range len(test.containers) {
 				var err error
-				test.containers[i].ExtraConf, err = p.extractLabels(test.containers[i])
+				test.containers[i].ExtraConf, err = builder.extractLabels(test.containers[i])
 				require.NoError(t, err)
 			}

-			builder := NewDynConfBuilder(p.Shared, nil)
-
 			configuration := builder.build(context.Background(), test.containers)

 			assert.Equal(t, test.expected, configuration)
@ -3843,7 +3840,7 @@ func TestDynConfBuilder_getIPPort_docker(t *testing.T) {
 			builder := NewDynConfBuilder(Shared{
 				Network:       "testnet",
 				UseBindPortIP: true,
-			}, nil)
+			}, nil, false)

 			actualIP, actualPort, actualError := builder.getIPPort(context.Background(), dData, test.serverPort)
 			if test.expected.error {
@ -3956,12 +3953,12 @@ func TestDynConfBuilder_getIPAddress_docker(t *testing.T) {

 			dData := parseContainer(test.container)

-			dData.ExtraConf.Docker.Network = conf.Network
+			dData.ExtraConf.Network = conf.Network
 			if len(test.network) > 0 {
-				dData.ExtraConf.Docker.Network = test.network
+				dData.ExtraConf.Network = test.network
 			}

-			builder := NewDynConfBuilder(conf, nil)
+			builder := NewDynConfBuilder(conf, nil, false)

 			actual := builder.getIPAddress(context.Background(), dData)
 			assert.Equal(t, test.expected, actual)
@ -3995,7 +3992,7 @@ func TestDynConfBuilder_getIPAddress_swarm(t *testing.T) {
 		{
 			service: swarmService(
 				serviceLabels(map[string]string{
-					"traefik.docker.network": "barnet",
+					"traefik.swarm.network": "barnet",
 				}),
 				withEndpointSpec(modeVIP),
 				withEndpoint(
@ -4019,12 +4016,13 @@ func TestDynConfBuilder_getIPAddress_swarm(t *testing.T) {
 		t.Run(strconv.Itoa(serviceID), func(t *testing.T) {
 			t.Parallel()

-			p := &SwarmProvider{}
+			var p SwarmProvider
+			require.NoError(t, p.Init())

 			dData, err := p.parseService(context.Background(), test.service, test.networks)
 			require.NoError(t, err)

-			builder := NewDynConfBuilder(p.Shared, nil)
+			builder := NewDynConfBuilder(p.Shared, nil, false)
 			actual := builder.getIPAddress(context.Background(), dData)
 			assert.Equal(t, test.expected, actual)
 		})
--- a/pkg/provider/docker/pdocker.go
+++ b/pkg/provider/docker/pdocker.go
@ -79,7 +79,7 @@ func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.
 			}
 			defer func() { _ = dockerClient.Close() }()

-			builder := NewDynConfBuilder(p.Shared, dockerClient)
+			builder := NewDynConfBuilder(p.Shared, dockerClient, false)

 			serverVersion, err := dockerClient.ServerVersion(ctx)
 			if err != nil {
@ -179,7 +179,7 @@ func (p *Provider) listContainers(ctx context.Context, dockerClient client.Conta
 			continue
 		}

-		extraConf, err := p.extractLabels(dData)
+		extraConf, err := p.extractDockerLabels(dData)
 		if err != nil {
 			log.Ctx(ctx).Error().Err(err).Msgf("Skip container %s", getServiceName(dData))
 			continue
--- a/pkg/provider/docker/pswarm.go
+++ b/pkg/provider/docker/pswarm.go
@ -82,7 +82,7 @@ func (p *SwarmProvider) Provide(configurationChan chan<- dynamic.Message, pool *
 			}
 			defer func() { _ = dockerClient.Close() }()

-			builder := NewDynConfBuilder(p.Shared, dockerClient)
+			builder := NewDynConfBuilder(p.Shared, dockerClient, true)

 			serverVersion, err := dockerClient.ServerVersion(ctx)
 			if err != nil {
@ -200,7 +200,7 @@ func (p *SwarmProvider) listServices(ctx context.Context, dockerClient client.AP
 			continue
 		}

-		if dData.ExtraConf.Docker.LBSwarm {
+		if dData.ExtraConf.LBSwarm {
 			if len(dData.NetworkSettings.Networks) > 0 {
 				dockerDataList = append(dockerDataList, dData)
 			}
@ -229,37 +229,38 @@ func (p *SwarmProvider) parseService(ctx context.Context, service swarmtypes.Ser
 		NetworkSettings: networkSettings{},
 	}

-	extraConf, err := p.extractLabels(dData)
+	extraConf, err := p.extractSwarmLabels(dData)
 	if err != nil {
 		return dockerData{}, err
 	}
 	dData.ExtraConf = extraConf

-	if service.Spec.EndpointSpec != nil {
-		if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeDNSRR {
-			if dData.ExtraConf.Docker.LBSwarm {
-				logger.Warn().Msgf("Ignored %s endpoint-mode not supported, service name: %s. Fallback to Traefik load balancing", swarmtypes.ResolutionModeDNSRR, service.Spec.Annotations.Name)
+	if service.Spec.EndpointSpec == nil {
+		return dData, nil
+	}
+	if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeDNSRR {
+		if dData.ExtraConf.LBSwarm {
+			logger.Warn().Msgf("Ignored %s endpoint-mode not supported, service name: %s. Fallback to Traefik load balancing", swarmtypes.ResolutionModeDNSRR, service.Spec.Annotations.Name)
+		}
+	} else if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeVIP {
+		dData.NetworkSettings.Networks = make(map[string]*networkData)
+		for _, virtualIP := range service.Endpoint.VirtualIPs {
+			networkService := networkMap[virtualIP.NetworkID]
+			if networkService == nil {
+				logger.Debug().Msgf("Network not found, id: %s", virtualIP.NetworkID)
+				continue
 			}
-		} else if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeVIP {
-			dData.NetworkSettings.Networks = make(map[string]*networkData)
-			for _, virtualIP := range service.Endpoint.VirtualIPs {
-				networkService := networkMap[virtualIP.NetworkID]
-				if networkService != nil {
-					if len(virtualIP.Addr) > 0 {
-						ip, _, _ := net.ParseCIDR(virtualIP.Addr)
-						network := &networkData{
-							Name: networkService.Name,
-							ID:   virtualIP.NetworkID,
-							Addr: ip.String(),
-						}
-						dData.NetworkSettings.Networks[network.Name] = network
-					} else {
-						logger.Debug().Msgf("No virtual IPs found in network %s", virtualIP.NetworkID)
-					}
-				} else {
-					logger.Debug().Msgf("Network not found, id: %s", virtualIP.NetworkID)
-				}
+			if len(virtualIP.Addr) == 0 {
+				logger.Debug().Msgf("No virtual IPs found in network %s", virtualIP.NetworkID)
+				continue
 			}
+			ip, _, _ := net.ParseCIDR(virtualIP.Addr)
+			network := &networkData{
+				Name: networkService.Name,
+				ID:   virtualIP.NetworkID,
+				Addr: ip.String(),
+			}
+			dData.NetworkSettings.Networks[network.Name] = network
 		}
 	}
 	return dData, nil
--- a/pkg/provider/docker/pswarm_test.go
+++ b/pkg/provider/docker/pswarm_test.go
@ -65,7 +65,9 @@ func TestListTasks(t *testing.T) {
 		t.Run(strconv.Itoa(caseID), func(t *testing.T) {
 			t.Parallel()

-			p := SwarmProvider{}
+			var p SwarmProvider
+			require.NoError(t, p.Init())
+
 			dockerData, err := p.parseService(context.Background(), test.service, test.networks)
 			require.NoError(t, err)

@ -100,8 +102,8 @@ func TestSwarmProvider_listServices(t *testing.T) {
 				swarmService(
 					serviceName("service1"),
 					serviceLabels(map[string]string{
-						"traefik.docker.network": "barnet",
-						"traefik.docker.LBSwarm": "true",
+						"traefik.swarm.network": "barnet",
+						"traefik.swarm.LBSwarm": "true",
 					}),
 					withEndpointSpec(modeVIP),
 					withEndpoint(
@ -111,8 +113,8 @@ func TestSwarmProvider_listServices(t *testing.T) {
 				swarmService(
 					serviceName("service2"),
 					serviceLabels(map[string]string{
-						"traefik.docker.network": "barnet",
-						"traefik.docker.LBSwarm": "true",
+						"traefik.swarm.network": "barnet",
+						"traefik.swarm.LBSwarm": "true",
 					}),
 					withEndpointSpec(modeDNSRR)),
 			},
@ -126,8 +128,8 @@ func TestSwarmProvider_listServices(t *testing.T) {
 				swarmService(
 					serviceName("service1"),
 					serviceLabels(map[string]string{
-						"traefik.docker.network": "barnet",
-						"traefik.docker.LBSwarm": "true",
+						"traefik.swarm.network": "barnet",
+						"traefik.swarm.LBSwarm": "true",
 					}),
 					withEndpointSpec(modeVIP),
 					withEndpoint(
@ -137,8 +139,8 @@ func TestSwarmProvider_listServices(t *testing.T) {
 				swarmService(
 					serviceName("service2"),
 					serviceLabels(map[string]string{
-						"traefik.docker.network": "barnet",
-						"traefik.docker.LBSwarm": "true",
+						"traefik.swarm.network": "barnet",
+						"traefik.swarm.LBSwarm": "true",
 					}),
 					withEndpointSpec(modeDNSRR)),
 			},
@ -173,7 +175,7 @@ func TestSwarmProvider_listServices(t *testing.T) {
 				swarmService(
 					serviceName("service1"),
 					serviceLabels(map[string]string{
-						"traefik.docker.network": "barnet",
+						"traefik.swarm.network": "barnet",
 					}),
 					withEndpointSpec(modeVIP),
 					withEndpoint(
@ -183,7 +185,7 @@ func TestSwarmProvider_listServices(t *testing.T) {
 				swarmService(
 					serviceName("service2"),
 					serviceLabels(map[string]string{
-						"traefik.docker.network": "barnet",
+						"traefik.swarm.network": "barnet",
 					}),
 					withEndpointSpec(modeDNSRR)),
 			},
@ -233,7 +235,8 @@ func TestSwarmProvider_listServices(t *testing.T) {

 			dockerClient := &fakeServicesClient{services: test.services, tasks: test.tasks, dockerVersion: test.dockerVersion, networks: test.networks}

-			p := SwarmProvider{}
+			var p SwarmProvider
+			require.NoError(t, p.Init())

 			serviceDockerData, err := p.listServices(context.Background(), dockerClient)
 			assert.NoError(t, err)
@ -351,7 +354,8 @@ func TestSwarmProvider_parseService_task(t *testing.T) {
 		t.Run(strconv.Itoa(caseID), func(t *testing.T) {
 			t.Parallel()

-			p := SwarmProvider{}
+			var p SwarmProvider
+			require.NoError(t, p.Init())

 			dData, err := p.parseService(context.Background(), test.service, test.networks)
 			require.NoError(t, err)
--- a/pkg/provider/docker/shared_labels.go
+++ b/pkg/provider/docker/shared_labels.go
@ -1,8 +1,10 @@
 package docker

 import (
+	"errors"
 	"fmt"

+	"github.com/rs/zerolog/log"
 	"github.com/traefik/traefik/v3/pkg/config/label"
 )

@ -11,29 +13,73 @@ const (
 	labelDockerComposeService = "com.docker.compose.service"
 )

-// configuration Contains information from the labels that are globals (not related to the dynamic configuration)
+// configuration contains information from the labels that are globals (not related to the dynamic configuration)
 // or specific to the provider.
 type configuration struct {
-	Enable bool
-	Docker specificConfiguration
-}
-
-type specificConfiguration struct {
+	Enable  bool
 	Network string
 	LBSwarm bool
 }

-func (p *Shared) extractLabels(container dockerData) (configuration, error) {
-	conf := configuration{
-		Enable: p.ExposedByDefault,
-		Docker: specificConfiguration{
-			Network: p.Network,
-		},
+type labelConfiguration struct {
+	Enable bool
+	Docker *specificConfiguration
+	Swarm  *specificConfiguration
+}
+
+type specificConfiguration struct {
+	Network *string
+	LBSwarm bool
+}
+
+func (p *Shared) extractDockerLabels(container dockerData) (configuration, error) {
+	conf := labelConfiguration{Enable: p.ExposedByDefault}
+	if err := label.Decode(container.Labels, &conf, "traefik.docker.", "traefik.enable"); err != nil {
+		return configuration{}, fmt.Errorf("decoding Docker labels: %w", err)
 	}

-	err := label.Decode(container.Labels, &conf, "traefik.docker.", "traefik.enable")
-	if err != nil {
-		return configuration{}, err
+	network := p.Network
+	if conf.Docker != nil && conf.Docker.Network != nil {
+		network = *conf.Docker.Network
+	}
+
+	return configuration{
+		Enable:  conf.Enable,
+		Network: network,
+	}, nil
+}
+
+func (p *Shared) extractSwarmLabels(container dockerData) (configuration, error) {
+	labelConf := labelConfiguration{Enable: p.ExposedByDefault}
+	if err := label.Decode(container.Labels, &labelConf, "traefik.enable", "traefik.docker.", "traefik.swarm."); err != nil {
+		return configuration{}, fmt.Errorf("decoding Swarm labels: %w", err)
+	}
+
+	if labelConf.Docker != nil && labelConf.Swarm != nil {
+		return configuration{}, errors.New("both Docker and Swarm labels are defined")
+	}
+
+	conf := configuration{
+		Enable:  labelConf.Enable,
+		Network: p.Network,
+	}
+
+	if labelConf.Docker != nil {
+		log.Warn().Msg("Labels traefik.docker.* for Swarm provider are deprecated. Please use traefik.swarm.* labels instead")
+
+		conf.LBSwarm = labelConf.Docker.LBSwarm
+
+		if labelConf.Docker.Network != nil {
+			conf.Network = *labelConf.Docker.Network
+		}
+	}
+
+	if labelConf.Swarm != nil {
+		conf.LBSwarm = labelConf.Swarm.LBSwarm
+
+		if labelConf.Swarm.Network != nil {
+			conf.Network = *labelConf.Swarm.Network
+		}
 	}

 	return conf, nil
--- a/pkg/provider/docker/shared_test.go
+++ b/pkg/provider/docker/shared_test.go
@ -98,7 +98,8 @@ func Test_getPort_swarm(t *testing.T) {
 		t.Run(strconv.Itoa(serviceID), func(t *testing.T) {
 			t.Parallel()

-			p := SwarmProvider{}
+			var p SwarmProvider
+			require.NoError(t, p.Init())

 			dData, err := p.parseService(context.Background(), test.service, test.networks)
 			require.NoError(t, err)
--- a/pkg/provider/traefik/internal.go
+++ b/pkg/provider/traefik/internal.go
@ -223,6 +223,12 @@ func (i *Provider) entryPointModels(cfg *dynamic.Configuration) {
 	}

 	for name, ep := range i.staticCfg.EntryPoints {
+		if defaultRuleSyntax != "" {
+			cfg.TCP.Models[name] = &dynamic.TCPModel{
+				DefaultRuleSyntax: defaultRuleSyntax,
+			}
+		}
+
 		if len(ep.HTTP.Middlewares) == 0 && ep.HTTP.TLS == nil && defaultRuleSyntax == "" {
 			continue
 		}
@ -250,16 +256,6 @@ func (i *Provider) entryPointModels(cfg *dynamic.Configuration) {
 		m.DefaultRuleSyntax = defaultRuleSyntax

 		cfg.HTTP.Models[name] = m
-
-		if cfg.TCP == nil {
-			continue
-		}
-
-		mTCP := &dynamic.TCPModel{
-			DefaultRuleSyntax: defaultRuleSyntax,
-		}
-
-		cfg.TCP.Models[name] = mTCP
 	}
 }

--- a/pkg/server/aggregator.go
+++ b/pkg/server/aggregator.go
@ -2,6 +2,7 @@ package server

 import (
 	"slices"
+	"strings"

 	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
 	"github.com/rs/zerolog/log"
@ -156,7 +157,11 @@ func applyModel(cfg dynamic.Configuration) dynamic.Configuration {
 			router := rt.DeepCopy()

 			if !router.DefaultRule && router.RuleSyntax == "" {
-				for _, model := range cfg.HTTP.Models {
+				for modelName, model := range cfg.HTTP.Models {
+					// models cannot be provided by another provider than the internal one.
+					if !strings.HasSuffix(modelName, "@internal") {
+						continue
+					}
 					router.RuleSyntax = model.DefaultRuleSyntax
 					break
 				}