Deprecates ssl redirect headers middleware options

docs/content/middlewares/headers.md

@@ -133,13 +133,13 @@ http:
 
 ### Using Security Headers
 
-Security-related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be managed similarly to custom headers as shown above.
+Security-related headers (HSTS headers, Browser XSS filter, etc) can be managed similarly to custom headers as shown above.
 This functionality makes it possible to easily use security features by adding headers.
 
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.testHeader.headers.framedeny=true"
-  - "traefik.http.middlewares.testHeader.headers.sslredirect=true"
+  - "traefik.http.middlewares.testHeader.headers.browserxssfilter=true"
 ```
 
 ```yaml tab="Kubernetes"
@@ -150,32 +150,32 @@ metadata:
 spec:
   headers:
     frameDeny: true
-    sslRedirect: true
+    browserxssfilter: true
 ```
 
 ```yaml tab="Consul Catalog"
 - "traefik.http.middlewares.testheader.headers.framedeny=true"
-- "traefik.http.middlewares.testheader.headers.sslredirect=true"
+- "traefik.http.middlewares.testheader.headers.browserxssfilter=true"
 ```
 
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.testheader.headers.framedeny": "true",
-  "traefik.http.middlewares.testheader.headers.sslredirect": "true"
+  "traefik.http.middlewares.testheader.headers.browserxssfilter": "true"
 }
 ```
 
 ```yaml tab="Rancher"
 labels:
   - "traefik.http.middlewares.testheader.headers.framedeny=true"
-  - "traefik.http.middlewares.testheader.headers.sslredirect=true"
+  - "traefik.http.middlewares.testheader.headers.browserxssfilter=true"
 ```
 
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.testHeader.headers]
     frameDeny = true
-    sslRedirect = true
+    browserxssfilter = true
 ```
 
 ```yaml tab="File (YAML)"
@@ -184,7 +184,7 @@ http:
     testHeader:
       headers:
         frameDeny: true
-        sslRedirect: true
+        browserxssfilter: true
 ```
 
 ### CORS Headers
@@ -347,14 +347,26 @@ The `hostsProxyHeaders` option is a set of header keys that may hold a proxied h
 
 ### `sslRedirect`
 
+!!! warning
+
+    Deprecated in favor of [EntryPoint redirection](../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
+
 The `sslRedirect` only allow HTTPS requests when set to `true`.
 
 ### `sslTemporaryRedirect`
 
+!!! warning
+
+    Deprecated in favor of [EntryPoint redirection](../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
+
 Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
 
 ### `sslHost`
 
+!!! warning
+
+    Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
+
 The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
 
 ### `sslProxyHeaders`
@@ -364,6 +376,10 @@ It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https
 
 ### `sslForceHost`
 
+!!! warning
+
+    Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
+
 Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
 
 ### `stsSeconds`

docs/content/migration/v2.md

@@ -386,3 +386,13 @@ Traefik now supports only v1.14+ Kubernetes clusters, which means the support of
 The `extensions/v1beta1` API Version should now be replaced either by `networking.k8s.io/v1beta1` or by `networking.k8s.io/v1` (as of Kubernetes v1.19+).
 
 The support of the `networking.k8s.io/v1beta1` API Version will stop in Kubernetes v1.22.
+
+## v2.5 to v2.6
+
+### Headers middleware: ssl redirect options
+
+`sslRedirect`, `sslTemporaryRedirect`, `sslHost` and `sslForceHost` are deprecated in Traefik v2.5.
+
+For simple HTTP to HTTPS redirection, you may use [EntryPoints redirections](../routing/entrypoints.md#redirection).
+
+For more advanced use cases, you can use either the [RedirectScheme middleware](../middlewares/redirectscheme.md) or the [RedirectRegex middleware](../middlewares/redirectregex.md).

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml

@@ -319,16 +319,22 @@ spec:
                   referrerPolicy:
                     type: string
                   sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
                     type: boolean
                   sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
                     type: string
                   sslProxyHeaders:
                     additionalProperties:
                       type: string
                     type: object
                   sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
                     type: boolean
                   sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
                     type: boolean
                   stsIncludeSubdomains:
                     type: boolean