diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ac20acdc..c8e16b8ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,32 @@ +## [v2.8.5](https://github.com/traefik/traefik/tree/v2.8.5) (2022-09-13) +[All Commits](https://github.com/traefik/traefik/compare/v2.8.4...v2.8.5) + +**Bug fixes:** +- **[plugins]** Update Yaegi to v0.14.2 ([#9327](https://github.com/traefik/traefik/pull/9327) by [kevinpollet](https://github.com/kevinpollet)) +- **[server]** Fix IPv6 addr with square brackets ([#9313](https://github.com/traefik/traefik/pull/9313) by [moonlightwatch](https://github.com/moonlightwatch)) +- **[webui,api]** Display default TLS options in the dashboard ([#9312](https://github.com/traefik/traefik/pull/9312) by [skwair](https://github.com/skwair)) + +**Documentation:** +- **[docker]** Add healthcheck timeout seconds to value ([#9306](https://github.com/traefik/traefik/pull/9306) by [fty4](https://github.com/fty4)) +- Update deprecation notes about Pilot ([#9314](https://github.com/traefik/traefik/pull/9314) by [nmengin](https://github.com/nmengin)) +- Added resources for businesses ([#9268](https://github.com/traefik/traefik/pull/9268) by [tomatokoolaid](https://github.com/tomatokoolaid)) + +## [v2.8.4](https://github.com/traefik/traefik/tree/v2.8.4) (2022-09-02) +[All Commits](https://github.com/traefik/traefik/compare/v2.8.3...v2.8.4) + +**Bug fixes:** +- **[docker,docker/swarm]** Fix Docker provider mem leak on operation retries ([#9288](https://github.com/traefik/traefik/pull/9288) by [rtribotte](https://github.com/rtribotte)) +- **[middleware]** Fix retry middleware on panic ([#9284](https://github.com/traefik/traefik/pull/9284) by [ldez](https://github.com/ldez)) +- **[plugins]** Allow Traefik starting even if plugin service is unavailable ([#9287](https://github.com/traefik/traefik/pull/9287) by [ldez](https://github.com/ldez)) +- chore: update paerser to v0.1.9 ([#9270](https://github.com/traefik/traefik/pull/9270) by [tomMoulard](https://github.com/tomMoulard)) + +**Documentation:** +- **[acme]** Fix infoblox acme provider documentation ([#9277](https://github.com/traefik/traefik/pull/9277) by [ldez](https://github.com/ldez)) +- **[k8s/crd]** Fix serversTransport CRD documentation ([#9283](https://github.com/traefik/traefik/pull/9283) by [cuishuang](https://github.com/cuishuang)) +- **[k8s/crd]** Fix k8s for example for rootCAs serversTransport ([#9274](https://github.com/traefik/traefik/pull/9274) by [ben-krieger](https://github.com/ben-krieger)) +- **[k8s]** Add missing networking apiGroup in Kubernetes RBACs examples and references ([#9295](https://github.com/traefik/traefik/pull/9295) by [fibsifan](https://github.com/fibsifan)) +- Update deprecation notes about Pilot ([#9300](https://github.com/traefik/traefik/pull/9300) by [nmengin](https://github.com/nmengin)) + ## [v2.8.3](https://github.com/traefik/traefik/tree/v2.8.3) (2022-08-12) [All Commits](https://github.com/traefik/traefik/compare/v2.8.2...v2.8.3) diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index 646d8e66d..0c42e4c36 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -226,12 +226,16 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err pluginBuilder, err := createPluginBuilder(staticConfiguration) if err != nil { - return nil, err + log.WithoutContext().WithError(err).Error("Plugins are disabled because an error has occurred.") } // Providers plugins for name, conf := range staticConfiguration.Providers.Plugin { + if pluginBuilder == nil { + break + } + p, err := pluginBuilder.BuildProvider(name, conf) if err != nil { return nil, fmt.Errorf("plugin: failed to build provider: %w", err) diff --git a/docs/content/deprecation/features.md b/docs/content/deprecation/features.md index d5122707b..3440fda5b 100644 --- a/docs/content/deprecation/features.md +++ b/docs/content/deprecation/features.md @@ -14,12 +14,12 @@ This page is maintained and updated periodically to reflect our roadmap and any ### Pilot Dashboard (Metrics) Metrics will continue to function normally up to 2.8, when they will be disabled. -In 2.9, the Pilot platform and all Traefik integration code will be permanently removed. +In 3.0, the Pilot platform and all Traefik integration code will be permanently removed. ### Pilot Plugins Starting on 2.7 the pilot token will not be a requirement anymore. -At 2.9, a new plugin catalog home should be available, decoupled from pilot. +Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from pilot. ### Consul Enterprise Namespace diff --git a/docs/content/getting-started/concepts.md b/docs/content/getting-started/concepts.md index fb5066927..ea0119837 100644 --- a/docs/content/getting-started/concepts.md +++ b/docs/content/getting-started/concepts.md @@ -39,3 +39,5 @@ You no longer need to create and synchronize configuration files cluttered with !!! question "How does Traefik discover the services?" Traefik is able to use your cluster API to discover the services and read the attached information. In Traefik, these connectors are called [providers](../providers/overview.md) because they _provide_ the configuration to Traefik. To learn more about them, read the [provider overview](../providers/overview.md) section. + +{!traefik-for-business-applications.md!} diff --git a/docs/content/getting-started/configuration-overview.md b/docs/content/getting-started/configuration-overview.md index af8ecc0c2..df67afea7 100644 --- a/docs/content/getting-started/configuration-overview.md +++ b/docs/content/getting-started/configuration-overview.md @@ -94,17 +94,4 @@ All the configuration options are documented in their related section. You can browse the available features in the menu, the [providers](../providers/overview.md), or the [routing section](../routing/overview.md) to see them in action. -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index caedc2475..4d55152e9 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -179,17 +179,4 @@ And run it: All the details are available in the [Contributing Guide](../contributing/building-testing.md) -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/getting-started/quick-start-with-kubernetes.md b/docs/content/getting-started/quick-start-with-kubernetes.md index 80e39ef09..636acfb19 100644 --- a/docs/content/getting-started/quick-start-with-kubernetes.md +++ b/docs/content/getting-started/quick-start-with-kubernetes.md @@ -53,6 +53,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: diff --git a/docs/content/getting-started/quick-start.md b/docs/content/getting-started/quick-start.md index bed7b1ef2..0127337fe 100644 --- a/docs/content/getting-started/quick-start.md +++ b/docs/content/getting-started/quick-start.md @@ -116,17 +116,4 @@ IP: 172.27.0.4 Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you! -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index 302fdbf9a..af23dc2d6 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -661,23 +661,10 @@ certificatesResolvers: If Let's Encrypt is not reachable, the following certificates will apply: 1. Previously generated ACME certificates (before downtime) - 1. Expired ACME certificates - 1. Provided certificates + 2. Expired ACME certificates + 3. Provided certificates !!! important For new (sub)domains which need Let's Encrypt authentication, the default Traefik certificate will be used until Traefik is restarted. - -!!! question "Using Traefik for Business Applications?" - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/https/overview.md b/docs/content/https/overview.md index 26e147ca2..9261d0db8 100644 --- a/docs/content/https/overview.md +++ b/docs/content/https/overview.md @@ -19,3 +19,5 @@ The next sections of this documentation explain how to configure the TLS connect That is to say, how to obtain [TLS certificates](./tls.md#certificates-definition): either through a definition in the dynamic configuration, or through [Let's Encrypt](./acme.md) (ACME). And how to configure [TLS options](./tls.md#tls-options), and [certificates stores](./tls.md#certificates-stores). + +{!traefik-for-business-applications.md!} diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index eb498d005..62a5098cc 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -490,3 +490,5 @@ spec: - secretCA clientAuthType: RequireAndVerifyClientCert ``` + +{!traefik-for-business-applications.md!} diff --git a/docs/content/includes/.markdownlint.json b/docs/content/includes/.markdownlint.json new file mode 100644 index 000000000..130b2f29a --- /dev/null +++ b/docs/content/includes/.markdownlint.json @@ -0,0 +1,4 @@ +{ + "extends": "../../.markdownlint.json", + "MD041": false +} diff --git a/docs/content/includes/traefik-for-business-applications.md b/docs/content/includes/traefik-for-business-applications.md new file mode 100644 index 000000000..bbc2a602a --- /dev/null +++ b/docs/content/includes/traefik-for-business-applications.md @@ -0,0 +1,16 @@ +--- + +!!! question "Using Traefik for Business Applications?" + + If you are using Traefik for commercial applications, + consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). + You can use it as your: + + - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) + - [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/) + - [API Gateway](https://traefik.io/solutions/api-gateway/) + + Traefik Enterprise enables centralized access management, + distributed Let's Encrypt, + and other advanced capabilities. + Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md index 856a38c4a..b31b628ec 100644 --- a/docs/content/middlewares/http/headers.md +++ b/docs/content/middlewares/http/headers.md @@ -469,3 +469,5 @@ The `permissionsPolicy` allows sites to control browser features. Set `isDevelopment` to `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain. If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as `false`. + +{!traefik-for-business-applications.md!} diff --git a/docs/content/middlewares/http/overview.md b/docs/content/middlewares/http/overview.md index d270ea8c2..8d281f663 100644 --- a/docs/content/middlewares/http/overview.md +++ b/docs/content/middlewares/http/overview.md @@ -157,3 +157,5 @@ http: ## Community Middlewares Please take a look at the community-contributed plugins in the [plugin catalog](https://pilot.traefik.io/plugins). + +{!traefik-for-business-applications.md!} diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index fad2221a6..90748ef6c 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -129,3 +129,5 @@ http: A list of HTTP middlewares can be found [here](http/overview.md). A list of TCP middlewares can be found [here](tcp/overview.md). + +{!traefik-for-business-applications.md!} diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index 03c7eec49..9fda2a651 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -50,6 +50,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses verbs: @@ -58,6 +59,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: @@ -147,6 +149,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses verbs: @@ -155,6 +158,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: diff --git a/docs/content/operations/dashboard.md b/docs/content/operations/dashboard.md index a0f527c53..af1ce1058 100644 --- a/docs/content/operations/dashboard.md +++ b/docs/content/operations/dashboard.md @@ -128,3 +128,5 @@ api: You can now access the dashboard on the port `8080` of the Traefik instance, at the following URL: `http://:8080/dashboard/` (trailing slash is mandatory). + +{!traefik-for-business-applications.md!} diff --git a/docs/content/providers/docker.md b/docs/content/providers/docker.md index bb6feecef..66416cf58 100644 --- a/docs/content/providers/docker.md +++ b/docs/content/providers/docker.md @@ -750,17 +750,4 @@ providers: --providers.docker.allowEmptyServices=true ``` -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/providers/file.md b/docs/content/providers/file.md index 5283cdb25..8abce45d6 100644 --- a/docs/content/providers/file.md +++ b/docs/content/providers/file.md @@ -291,3 +291,5 @@ To illustrate, it is possible to easily define multiple routers, services, and T # ... {{ end }} ``` + +{!traefik-for-business-applications.md!} diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md index 8b2a9894d..10e408e0a 100644 --- a/docs/content/providers/kubernetes-crd.md +++ b/docs/content/providers/kubernetes-crd.md @@ -344,3 +344,5 @@ providers: ## Full Example For additional information, refer to the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt. + +{!traefik-for-business-applications.md!} diff --git a/docs/content/providers/kubernetes-ingress.md b/docs/content/providers/kubernetes-ingress.md index 51a771c4b..801820ee2 100644 --- a/docs/content/providers/kubernetes-ingress.md +++ b/docs/content/providers/kubernetes-ingress.md @@ -502,17 +502,4 @@ providers: To learn more about the various aspects of the Ingress specification that Traefik supports, many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.8/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/providers/overview.md b/docs/content/providers/overview.md index 8bacfc7d2..8366d1155 100644 --- a/docs/content/providers/overview.md +++ b/docs/content/providers/overview.md @@ -230,3 +230,5 @@ List of providers that support constraints: - [Kubernetes CRD](./kubernetes-crd.md#labelselector) - [Kubernetes Ingress](./kubernetes-ingress.md#labelselector) - [Kubernetes Gateway](./kubernetes-gateway.md#labelselector) + +{!traefik-for-business-applications.md!} diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml index 4a5b80e6b..6237031f0 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml @@ -26,6 +26,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index 31f22f24b..f20c0b456 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -968,17 +968,4 @@ entrypoints.foo.address=:8000/udp entrypoints.foo.udp.timeout=10s ``` -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/routing/overview.md b/docs/content/routing/overview.md index ee3b61b84..b49c9748b 100644 --- a/docs/content/routing/overview.md +++ b/docs/content/routing/overview.md @@ -406,3 +406,5 @@ serversTransport: ## Static configuration --serversTransport.forwardingTimeouts.idleConnTimeout=1s ``` + +{!traefik-for-business-applications.md!} diff --git a/docs/content/routing/providers/docker.md b/docs/content/routing/providers/docker.md index 942a2db25..0ebdf827f 100644 --- a/docs/content/routing/providers/docker.md +++ b/docs/content/routing/providers/docker.md @@ -368,7 +368,7 @@ you'd add the label `traefik.http.services..loadbalancer.pa See [health check](../services/index.md#health-check) for more information. ```yaml - - "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10" + - "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10s" ``` ??? info "`traefik.http.services..loadbalancer.healthcheck.followredirects`" diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 82aa6021f..80a93953d 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -1782,3 +1782,5 @@ If the ServersTransport CRD is defined in another provider the cross-provider fo ## Further Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt. + +{!traefik-for-business-applications.md!} diff --git a/docs/content/routing/providers/kubernetes-ingress.md b/docs/content/routing/providers/kubernetes-ingress.md index 8dfe2471b..02d6e91e5 100644 --- a/docs/content/routing/providers/kubernetes-ingress.md +++ b/docs/content/routing/providers/kubernetes-ingress.md @@ -47,6 +47,7 @@ which in turn will create the resulting routers, services, handlers, etc. - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: @@ -438,6 +439,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: @@ -645,6 +647,7 @@ For more options, please refer to the available [annotations](#on-ingress). - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: @@ -944,3 +947,5 @@ This will allow users to create a "default router" that will match all unmatched to avoid this global ingress from satisfying requests that could match other ingresses. To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly. + +{!traefik-for-business-applications.md!} diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md index 265c73c26..d5ef084a6 100644 --- a/docs/content/routing/routers/index.md +++ b/docs/content/routing/routers/index.md @@ -1330,17 +1330,4 @@ Services are the target for the router. !!! important "UDP routers can only target UDP services (and not HTTP or TCP services)." -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/routing/services/index.md b/docs/content/routing/services/index.md index ec4dfb89f..f7b1e8a59 100644 --- a/docs/content/routing/services/index.md +++ b/docs/content/routing/services/index.md @@ -1647,17 +1647,4 @@ udp: address = "private-ip-server-2:8080/" ``` -!!! question "Using Traefik for Business Applications?" - - If you are using Traefik for commercial applications, - consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/). - You can use it as your: - - - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/) - - [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/) - - [API Gateway](https://traefik.io/solutions/api-gateway/) - - Traefik Enterprise enables centralized access management, - distributed Let's Encrypt, - and other advanced capabilities. - Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo). +{!traefik-for-business-applications.md!} diff --git a/docs/content/user-guides/docker-compose/basic-example/index.md b/docs/content/user-guides/docker-compose/basic-example/index.md index 80f1a6a07..643df4505 100644 --- a/docs/content/user-guides/docker-compose/basic-example/index.md +++ b/docs/content/user-guides/docker-compose/basic-example/index.md @@ -93,3 +93,5 @@ whoami: # Allow request only from the predefined entry point named "web" - "traefik.http.routers.whoami.entrypoints=web" ``` + +{!traefik-for-business-applications.md!} diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 03a3f7f5e..87ad026fc 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -55,9 +55,9 @@ markdown_extensions: - pymdownx.tasklist - pymdownx.snippets: check_paths: true -# - markdown_include.include: -# base_path: content/includes/ -# encoding: utf-8 + - markdown_include.include: + base_path: content/includes/ + encoding: utf-8 - toc: permalink: true diff --git a/go.mod b/go.mod index 737119fa1..0ab1c3e42 100644 --- a/go.mod +++ b/go.mod @@ -60,7 +60,7 @@ require ( github.com/stretchr/testify v1.8.0 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/traefik/paerser v0.1.9 - github.com/traefik/yaegi v0.14.1 + github.com/traefik/yaegi v0.14.2 github.com/uber/jaeger-client-go v2.30.0+incompatible github.com/uber/jaeger-lib v2.2.0+incompatible github.com/unrolled/render v1.0.2 diff --git a/go.sum b/go.sum index bffecb2a2..4a6995368 100644 --- a/go.sum +++ b/go.sum @@ -1915,8 +1915,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c= github.com/traefik/paerser v0.1.9 h1:x5hZafOt/yogLvr6upoSOYIAn2nh2GsnLb236MOzd4I= github.com/traefik/paerser v0.1.9/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0= -github.com/traefik/yaegi v0.14.1 h1:t0ssyzeZCWTFGd/JnVuDxH/slMQfYg+2CDD4dLW/rU0= -github.com/traefik/yaegi v0.14.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= +github.com/traefik/yaegi v0.14.2 h1:9t9xepIfar6BrYdwJHGc+XRKo6qFoJCl6Z46N3hUtUw= +github.com/traefik/yaegi v0.14.2/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= github.com/transip/gotransip/v6 v6.6.1 h1:nsCU1ErZS5G0FeOpgGXc4FsWvBff9GPswSMggsC4564= github.com/transip/gotransip/v6 v6.6.1/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= diff --git a/pkg/api/handler_http.go b/pkg/api/handler_http.go index b566e7c61..b2643cdfa 100644 --- a/pkg/api/handler_http.go +++ b/pkg/api/handler_http.go @@ -11,6 +11,7 @@ import ( "github.com/gorilla/mux" "github.com/traefik/traefik/v2/pkg/config/runtime" "github.com/traefik/traefik/v2/pkg/log" + "github.com/traefik/traefik/v2/pkg/tls" ) type routerRepresentation struct { @@ -20,6 +21,10 @@ type routerRepresentation struct { } func newRouterRepresentation(name string, rt *runtime.RouterInfo) routerRepresentation { + if rt.TLS != nil && rt.TLS.Options == "" { + rt.TLS.Options = tls.DefaultTLSConfigName + } + return routerRepresentation{ RouterInfo: rt, Name: name, diff --git a/pkg/api/handler_http_test.go b/pkg/api/handler_http_test.go index e3698fa4c..f6137f202 100644 --- a/pkg/api/handler_http_test.go +++ b/pkg/api/handler_http_test.go @@ -223,6 +223,52 @@ func TestHandler_HTTP(t *testing.T) { jsonFile: "testdata/router-bar.json", }, }, + { + desc: "one router by id, implicitly using default TLS options", + path: "/api/http/routers/baz@myprovider", + conf: runtime.Configuration{ + Routers: map[string]*runtime.RouterInfo{ + "baz@myprovider": { + Router: &dynamic.Router{ + EntryPoints: []string{"web"}, + Service: "foo-service@myprovider", + Rule: "Host(`foo.baz`)", + Middlewares: []string{"auth", "addPrefixTest@anotherprovider"}, + TLS: &dynamic.RouterTLSConfig{}, + }, + Status: "enabled", + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/router-baz-default-tls-options.json", + }, + }, + { + desc: "one router by id, using specific TLS options", + path: "/api/http/routers/baz@myprovider", + conf: runtime.Configuration{ + Routers: map[string]*runtime.RouterInfo{ + "baz@myprovider": { + Router: &dynamic.Router{ + EntryPoints: []string{"web"}, + Service: "foo-service@myprovider", + Rule: "Host(`foo.baz`)", + Middlewares: []string{"auth", "addPrefixTest@anotherprovider"}, + TLS: &dynamic.RouterTLSConfig{ + Options: "myTLS", + }, + }, + Status: "enabled", + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/router-baz-custom-tls-options.json", + }, + }, { desc: "one router by id, that does not exist", path: "/api/http/routers/foo@myprovider", @@ -811,6 +857,7 @@ func TestHandler_HTTP(t *testing.T) { // To lazily initialize the Statuses. rtConf.PopulateUsedBy() rtConf.GetRoutersByEntryPoints(context.Background(), []string{"web"}, false) + rtConf.GetRoutersByEntryPoints(context.Background(), []string{"web"}, true) handler := New(static.Configuration{API: &static.API{}, Global: &static.Global{}}, rtConf) server := httptest.NewServer(handler.createRouter()) diff --git a/pkg/api/testdata/router-baz-custom-tls-options.json b/pkg/api/testdata/router-baz-custom-tls-options.json new file mode 100644 index 000000000..c95dc7949 --- /dev/null +++ b/pkg/api/testdata/router-baz-custom-tls-options.json @@ -0,0 +1,20 @@ +{ + "entryPoints": [ + "web" + ], + "middlewares": [ + "auth", + "addPrefixTest@anotherprovider" + ], + "name": "baz@myprovider", + "provider": "myprovider", + "rule": "Host(`foo.baz`)", + "service": "foo-service@myprovider", + "tls": { + "options": "myTLS" + }, + "status": "enabled", + "using": [ + "web" + ] +} diff --git a/pkg/api/testdata/router-baz-default-tls-options.json b/pkg/api/testdata/router-baz-default-tls-options.json new file mode 100644 index 000000000..054198047 --- /dev/null +++ b/pkg/api/testdata/router-baz-default-tls-options.json @@ -0,0 +1,20 @@ +{ + "entryPoints": [ + "web" + ], + "middlewares": [ + "auth", + "addPrefixTest@anotherprovider" + ], + "name": "baz@myprovider", + "provider": "myprovider", + "rule": "Host(`foo.baz`)", + "service": "foo-service@myprovider", + "tls": { + "options": "default" + }, + "status": "enabled", + "using": [ + "web" + ] +} diff --git a/pkg/middlewares/requestdecorator/request_decorator.go b/pkg/middlewares/requestdecorator/request_decorator.go index fcb6fb983..013cb12c3 100644 --- a/pkg/middlewares/requestdecorator/request_decorator.go +++ b/pkg/middlewares/requestdecorator/request_decorator.go @@ -49,11 +49,16 @@ func (r *RequestDecorator) ServeHTTP(rw http.ResponseWriter, req *http.Request, func parseHost(addr string) string { if !strings.Contains(addr, ":") { + // IPv4 without port or empty address return addr } + // IPv4 with port or IPv6 host, _, err := net.SplitHostPort(addr) if err != nil { + if addr[0] == '[' && addr[len(addr)-1] == ']' { + return addr[1 : len(addr)-1] + } return addr } return host diff --git a/pkg/middlewares/requestdecorator/request_decorator_test.go b/pkg/middlewares/requestdecorator/request_decorator_test.go index 15c5ee89e..03c8f4018 100644 --- a/pkg/middlewares/requestdecorator/request_decorator_test.go +++ b/pkg/middlewares/requestdecorator/request_decorator_test.go @@ -104,7 +104,7 @@ func TestRequestFlattening(t *testing.T) { } } -func TestRequestHostParseHost(t *testing.T) { +func Test_parseHost(t *testing.T) { testCases := []struct { desc string host string @@ -130,6 +130,46 @@ func TestRequestHostParseHost(t *testing.T) { host: "127.0.0.1:", expected: "127.0.0.1", }, + { + desc: "host with : and without port", + host: "fe80::215:5dff:fe20:cd6a", + expected: "fe80::215:5dff:fe20:cd6a", + }, + { + desc: "IPv6 host with : and with port", + host: "[fe80::215:5dff:fe20:cd6a]:123", + expected: "fe80::215:5dff:fe20:cd6a", + }, + { + desc: "IPv6 host with : and without port", + host: "[fe80::215:5dff:fe20:cd6a]:", + expected: "fe80::215:5dff:fe20:cd6a", + }, + { + desc: "IPv6 host without : and without port", + host: "[fe80::215:5dff:fe20:cd6a]", + expected: "fe80::215:5dff:fe20:cd6a", + }, + { + desc: "invalid IPv6: missing [", + host: "fe80::215:5dff:fe20:cd6a]", + expected: "fe80::215:5dff:fe20:cd6a]", + }, + { + desc: "invalid IPv6: missing ]", + host: "[fe80::215:5dff:fe20:cd6a", + expected: "[fe80::215:5dff:fe20:cd6a", + }, + { + desc: "empty address", + host: "", + expected: "", + }, + { + desc: "only :", + host: ":", + expected: "", + }, } for _, test := range testCases { diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go index 836302f0b..640f67625 100644 --- a/pkg/plugins/client.go +++ b/pkg/plugins/client.go @@ -164,7 +164,12 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string, defer func() { _ = resp.Body.Close() }() - if resp.StatusCode == http.StatusOK { + switch resp.StatusCode { + case http.StatusNotModified: + // noop + return hash, nil + + case http.StatusOK: err = os.MkdirAll(filepath.Dir(filename), 0o755) if err != nil { return "", fmt.Errorf("failed to create directory: %w", err) @@ -189,15 +194,11 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string, } return hash, nil - } - if resp.StatusCode == http.StatusNotModified { - // noop - return hash, nil + default: + data, _ := io.ReadAll(resp.Body) + return "", fmt.Errorf("error: %d: %s", resp.StatusCode, string(data)) } - - data, _ := io.ReadAll(resp.Body) - return "", fmt.Errorf("error: %d: %s", resp.StatusCode, string(data)) } // Check checks the plugin archive integrity. diff --git a/pkg/server/middleware/middlewares.go b/pkg/server/middleware/middlewares.go index 2695db107..741c9a4f0 100644 --- a/pkg/server/middleware/middlewares.go +++ b/pkg/server/middleware/middlewares.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "net/http" + "reflect" "strings" "github.com/containous/alice" @@ -340,7 +341,7 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) ( } // Plugin - if config.Plugin != nil { + if config.Plugin != nil && !reflect.ValueOf(b.pluginBuilder).IsNil() { // Using "reflect" because "b.pluginBuilder" is an interface. if middleware != nil { return nil, badConf } diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index f6a9dda54..f7f0f72f4 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.8.3 +# example new bugfix v2.8.5 CurrentRef = "v2.8" -PreviousRef = "v2.8.2" +PreviousRef = "v2.8.4" BaseBranch = "v2.8" -FutureCurrentRefName = "v2.8.3" +FutureCurrentRefName = "v2.8.5" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10