From 20d496268cf70f90320edeb3799df10e2081282d Mon Sep 17 00:00:00 2001 From: Thomas Francis Date: Mon, 6 Jan 2025 03:36:08 -0500 Subject: [PATCH 01/12] Fix typo in basicauth note --- docs/content/middlewares/http/basicauth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/middlewares/http/basicauth.md b/docs/content/middlewares/http/basicauth.md index 82fd00ae4..9a6b3c579 100644 --- a/docs/content/middlewares/http/basicauth.md +++ b/docs/content/middlewares/http/basicauth.md @@ -21,7 +21,7 @@ The BasicAuth middleware grants access to services to authorized users only. # To create user:password pair, it's possible to use this command: # echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g # -# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module). +# Also note that dollar signs should NOT be doubled when they are not being evaluated (e.g. Ansible docker_container module). labels: - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" ``` From a31b0263647d56b3dba97e59e14d27af9edf5f26 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Mon, 6 Jan 2025 10:00:07 +0100 Subject: [PATCH 02/12] Prepare release v2.11.17 --- CHANGELOG.md | 13 +++++++++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e490c0a65..2fd996266 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +## [v2.11.17](https://github.com/traefik/traefik/tree/v2.11.17) (2025-01-06) +[All Commits](https://github.com/traefik/traefik/compare/v2.11.16...v2.11.17) + +**Bug fixes:** +- **[acme]** Update go-acme/lego to v4.21.0 ([#11368](https://github.com/traefik/traefik/pull/11368) by [ldez](https://github.com/ldez)) +- **[middleware]** Fix typo in basicauth note ([#11397](https://github.com/traefik/traefik/pull/11397) by [tieje](https://github.com/tieje)) +- **[service]** Configure ErrorLog in httputil.ReverseProxy ([#11344](https://github.com/traefik/traefik/pull/11344) by [peacewalker122](https://github.com/peacewalker122)) +- Bump golang.org/x/net to v0.33.0 ([#11365](https://github.com/traefik/traefik/pull/11365) by [kevinpollet](https://github.com/kevinpollet)) + +**Documentation:** +- **[acme]** Fix allowACMEByPass TOML example ([#11370](https://github.com/traefik/traefik/pull/11370) by [hannesbraun](https://github.com/hannesbraun)) +- **[k8s/crd]** Update copyright for 2025 ([#11383](https://github.com/traefik/traefik/pull/11383) by [kevinpollet](https://github.com/kevinpollet)) + ## [v2.11.16](https://github.com/traefik/traefik/tree/v2.11.16) (2024-12-16) [All Commits](https://github.com/traefik/traefik/compare/v2.11.15...v2.11.16) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 8ad98a3d5..8d1a0826e 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.11.16 +# example new bugfix v2.11.17 CurrentRef = "v2.11" -PreviousRef = "v2.11.15" +PreviousRef = "v2.11.16" BaseBranch = "v2.11" -FutureCurrentRefName = "v2.11.16" +FutureCurrentRefName = "v2.11.17" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From ee8305549a618a5bcb93e292e49dc306c4e04a01 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 6 Jan 2025 10:28:04 +0100 Subject: [PATCH 03/12] Allow release only on traefik/traefik repo --- .github/workflows/release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f65420ce8..f69ccda73 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -15,11 +15,11 @@ env: jobs: build-webui: - if: github.ref_type == 'tag' + if: github.ref_type == 'tag' && github.repository == 'traefik/traefik' uses: ./.github/workflows/template-webui.yaml build: - if: github.ref_type == 'tag' + if: github.ref_type == 'tag' && github.repository == 'traefik/traefik' runs-on: ubuntu-latest strategy: @@ -80,7 +80,7 @@ jobs: retention-days: 1 release: - if: github.ref_type == 'tag' + if: github.ref_type == 'tag' && github.repository == 'traefik/traefik' runs-on: ubuntu-latest needs: From 69c8ecfa99389dd772eb152a2e2926bc928dbc39 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Mon, 6 Jan 2025 11:04:04 +0100 Subject: [PATCH 04/12] Prepare release v3.2.4 --- CHANGELOG.md | 19 +++++++++++++++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76d8c8114..77fa25ac0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +## [v3.2.4](https://github.com/traefik/traefik/tree/v3.2.4) (2025-01-06) +[All Commits](https://github.com/traefik/traefik/compare/v3.2.3...v3.2.4) + +**Bug fixes:** +- **[k8s/gatewayapi]** Support empty value for core Kubernetes API group ([#11386](https://github.com/traefik/traefik/pull/11386) by [rtribotte](https://github.com/rtribotte)) +- **[tcp,k8s/crd]** Pass TLS bool from IngressRouteTCP to TCPService ([#11343](https://github.com/traefik/traefik/pull/11343) by [lipmem](https://github.com/lipmem)) +- **[tls]** Upgrade github.com/spiffe/go-spiffe/v2 to v2.4.0 ([#11385](https://github.com/traefik/traefik/pull/11385) by [mmatur](https://github.com/mmatur)) +- Remove duplicate github.com/coreos/go-systemd dependency ([#11354](https://github.com/traefik/traefik/pull/11354) by [Juneezee](https://github.com/Juneezee)) + +**Documentation:** +- **[k8s/gatewayapi]** Update Gateway API version support to v1.2.1 ([#11357](https://github.com/traefik/traefik/pull/11357) by [kevinpollet](https://github.com/kevinpollet)) +- Add @jnoordsij to maintainers ([#11352](https://github.com/traefik/traefik/pull/11352) by [emilevauge](https://github.com/emilevauge)) + +**Misc:** +- Merge branch v2.11 into v3.2 ([#11400](https://github.com/traefik/traefik/pull/11400) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v2.11 into v3.2 ([#11392](https://github.com/traefik/traefik/pull/11392) by [rtribotte](https://github.com/rtribotte)) +- Merge branch v2.11 into v3.2 ([#11388](https://github.com/traefik/traefik/pull/11388) by [mmatur](https://github.com/mmatur)) +- Merge branch v2.11 into v3.2 ([#11366](https://github.com/traefik/traefik/pull/11366) by [kevinpollet](https://github.com/kevinpollet)) + ## [v2.11.17](https://github.com/traefik/traefik/tree/v2.11.17) (2025-01-06) [All Commits](https://github.com/traefik/traefik/compare/v2.11.16...v2.11.17) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index a3fe0e158..5656b8bb4 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v3.2.3 +# example new bugfix v3.2.4 CurrentRef = "v3.2" -PreviousRef = "v3.2.2" +PreviousRef = "v3.2.3" BaseBranch = "v3.2" -FutureCurrentRefName = "v3.2.3" +FutureCurrentRefName = "v3.2.4" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From 5b53bae42d2dab453b8f932db760b874f99ee984 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Mon, 6 Jan 2025 12:04:04 +0100 Subject: [PATCH 05/12] Prepare release v3.3.0 --- .github/PULL_REQUEST_TEMPLATE.md | 4 +-- CHANGELOG.md | 36 +++++++++++++++++++++ script/gcg/traefik-final-release-part1.toml | 10 +++--- script/gcg/traefik-final-release-part2.toml | 8 ++--- 4 files changed, 47 insertions(+), 11 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 10570f2bf..084ec0ba8 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE. Documentation fixes or enhancements: - for Traefik v2: use branch v2.11 -- for Traefik v3: use branch v3.2 +- for Traefik v3: use branch v3.3 Bug fixes: - for Traefik v2: use branch v2.11 -- for Traefik v3: use branch v3.2 +- for Traefik v3: use branch v3.3 Enhancements: - for Traefik v2: we only accept bug fixes diff --git a/CHANGELOG.md b/CHANGELOG.md index 0be9034e5..9e0fbf03c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,39 @@ +## [v3.3.0](https://github.com/traefik/traefik/tree/v3.3.0) (2025-01-06) +[All Commits](https://github.com/traefik/traefik/compare/v3.2.0-rc1...v3.3.0) + +**Enhancements:** +- **[acme]** Add options to control ACME propagation checks ([#11241](https://github.com/traefik/traefik/pull/11241) by [ldez](https://github.com/ldez)) +- **[api]** Add support dump API endpoint ([#11328](https://github.com/traefik/traefik/pull/11328) by [mmatur](https://github.com/mmatur)) +- **[http]** Set Host header in HTTP provider request ([#11237](https://github.com/traefik/traefik/pull/11237) by [nikonhub](https://github.com/nikonhub)) +- **[k8s/crd,k8s]** Make the IngressRoute kind optional ([#11177](https://github.com/traefik/traefik/pull/11177) by [skirtan1](https://github.com/skirtan1)) +- **[k8s/ingress,sticky-session,k8s/crd,k8s]** Support serving endpoints ([#11121](https://github.com/traefik/traefik/pull/11121) by [BZValoche](https://github.com/BZValoche)) +- **[logs,accesslogs]** OpenTelemetry Logs and Access Logs ([#11319](https://github.com/traefik/traefik/pull/11319) by [rtribotte](https://github.com/rtribotte)) +- **[logs,accesslogs]** Add experimental flag for OTLP logs integration ([#11335](https://github.com/traefik/traefik/pull/11335) by [kevinpollet](https://github.com/kevinpollet)) +- **[metrics,tracing,accesslogs]** Manage observability at entrypoint and router level ([#11308](https://github.com/traefik/traefik/pull/11308) by [rtribotte](https://github.com/rtribotte)) +- **[middleware,authentication]** Add an option to preserve the ForwardAuth Server Location header ([#11318](https://github.com/traefik/traefik/pull/11318) by [Nelwhix](https://github.com/Nelwhix)) +- **[middleware,authentication]** Only calculate basic auth hashes once for concurrent requests ([#11143](https://github.com/traefik/traefik/pull/11143) by [michelheusschen](https://github.com/michelheusschen)) +- **[middleware,authentication]** Send request body to authorization server for forward auth ([#11097](https://github.com/traefik/traefik/pull/11097) by [kyo-ke](https://github.com/kyo-ke)) +- **[plugins]** Add AbortOnPluginFailure option to abort startup on plugin load failure ([#11228](https://github.com/traefik/traefik/pull/11228) by [bmagic](https://github.com/bmagic)) +- **[sticky-session]** Configurable path for sticky cookies ([#11166](https://github.com/traefik/traefik/pull/11166) by [IIpragmaII](https://github.com/IIpragmaII)) +- **[webui,api]** Configurable API & Dashboard base path ([#11250](https://github.com/traefik/traefik/pull/11250) by [rtribotte](https://github.com/rtribotte)) + +**Bug fixes:** +- **[k8s/ingress,k8s/crd]** Fix fenced server status computation ([#11361](https://github.com/traefik/traefik/pull/11361) by [kevinpollet](https://github.com/kevinpollet)) + +**Documentation:** +- Prepare release v3.3.0-rc2 ([#11362](https://github.com/traefik/traefik/pull/11362) by [rtribotte](https://github.com/rtribotte)) +- Prepare Release v3.3.0-rc1 ([#11349](https://github.com/traefik/traefik/pull/11349) by [rtribotte](https://github.com/rtribotte)) + +**Misc:** +- Merge branch v3.2 into v3.3 ([#11402](https://github.com/traefik/traefik/pull/11402) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v3.2 into v3.3 ([#11393](https://github.com/traefik/traefik/pull/11393) by [mmatur](https://github.com/mmatur)) +- Merge branch v3.2 into v3.3 ([#11389](https://github.com/traefik/traefik/pull/11389) by [mmatur](https://github.com/mmatur)) +- Merge branch v3.2 into v3.3 ([#11367](https://github.com/traefik/traefik/pull/11367) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v3.2 into master ([#11340](https://github.com/traefik/traefik/pull/11340) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v3.2 into master ([#11293](https://github.com/traefik/traefik/pull/11293) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v3.2 into master ([#11239](https://github.com/traefik/traefik/pull/11239) by [kevinpollet](https://github.com/kevinpollet)) +- Merge branch v3.2 into master ([#11187](https://github.com/traefik/traefik/pull/11187) by [kevinpollet](https://github.com/kevinpollet)) + ## [v3.2.4](https://github.com/traefik/traefik/tree/v3.2.4) (2025-01-06) [All Commits](https://github.com/traefik/traefik/compare/v3.2.3...v3.2.4) diff --git a/script/gcg/traefik-final-release-part1.toml b/script/gcg/traefik-final-release-part1.toml index 8b2375d76..f8313d1ca 100644 --- a/script/gcg/traefik-final-release-part1.toml +++ b/script/gcg/traefik-final-release-part1.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example final release of v3.2.0 -CurrentRef = "v3.2" -PreviousRef = "v3.2.0-rc1" -BaseBranch = "v3.2" -FutureCurrentRefName = "v3.2.0" +# example final release of v3.3.0 +CurrentRef = "v3.3" +PreviousRef = "v3.3.0-rc1" +BaseBranch = "v3.3" +FutureCurrentRefName = "v3.3.0" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 diff --git a/script/gcg/traefik-final-release-part2.toml b/script/gcg/traefik-final-release-part2.toml index 81f571eef..72fbfdcb5 100644 --- a/script/gcg/traefik-final-release-part2.toml +++ b/script/gcg/traefik-final-release-part2.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example final release of v3.2.0 -CurrentRef = "v3.2.0-rc1" -PreviousRef = "v3.1.0-rc1" +# example final release of v3.3.0 +CurrentRef = "v3.3.0-rc1" +PreviousRef = "v3.2.0-rc1" BaseBranch = "master" -FutureCurrentRefName = "v3.2.0-rc1" +FutureCurrentRefName = "v3.3.0" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From 7cb46626a1f2e833a64376ee599f0757947fe1e0 Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 7 Jan 2025 14:58:04 +0100 Subject: [PATCH 06/12] Disable http2 connect setting for websocket by default Co-authored-by: Kevin Pollet Co-authored-by: Julien Salleyron Co-authored-by: Michael --- cmd/traefik/traefik.go | 1 + init/init.go | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 init/init.go diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index 00683f9fd..8eaf27c72 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -27,6 +27,7 @@ import ( "github.com/traefik/traefik/v3/cmd" "github.com/traefik/traefik/v3/cmd/healthcheck" cmdVersion "github.com/traefik/traefik/v3/cmd/version" + _ "github.com/traefik/traefik/v3/init" tcli "github.com/traefik/traefik/v3/pkg/cli" "github.com/traefik/traefik/v3/pkg/collector" "github.com/traefik/traefik/v3/pkg/config/dynamic" diff --git a/init/init.go b/init/init.go new file mode 100644 index 000000000..e54655d0f --- /dev/null +++ b/init/init.go @@ -0,0 +1,21 @@ +package init + +import ( + "os" + "strings" +) + +// This makes use of the GODEBUG flag `http2xconnect` to deactivate the connect setting for HTTP2 by default. +// This type of upgrade is yet incompatible with `net/http` http1 reverse proxy. +// Please see https://github.com/golang/go/issues/71128#issuecomment-2574193636. +func init() { + goDebug := os.Getenv("GODEBUG") + if strings.Contains(goDebug, "http2xconnect") { + return + } + + if len(goDebug) > 0 { + goDebug += "," + } + os.Setenv("GODEBUG", goDebug+"http2xconnect=0") +} From 03c170f2642ee690ad9d41c2a5889b4834d4652c Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 7 Jan 2025 15:10:04 +0100 Subject: [PATCH 07/12] Prepare release v3.2.5 --- CHANGELOG.md | 6 ++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77fa25ac0..abb82c37e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [v3.2.5](https://github.com/traefik/traefik/tree/v3.2.5) (2025-01-07) +[All Commits](https://github.com/traefik/traefik/compare/v3.2.4...v3.2.5) + +**Bug fixes:** +- **[websocket,server]** Disable http2 connect setting for websocket by default ([#11408](https://github.com/traefik/traefik/pull/11408) by [rtribotte](https://github.com/rtribotte)) + ## [v3.2.4](https://github.com/traefik/traefik/tree/v3.2.4) (2025-01-06) [All Commits](https://github.com/traefik/traefik/compare/v3.2.3...v3.2.4) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 5656b8bb4..0059c5ef5 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v3.2.4 +# example new bugfix v3.2.5 CurrentRef = "v3.2" -PreviousRef = "v3.2.3" +PreviousRef = "v3.2.4" BaseBranch = "v3.2" -FutureCurrentRefName = "v3.2.4" +FutureCurrentRefName = "v3.2.5" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From d4d61151e1476be37b02089b8e1b5d55546d2f19 Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 7 Jan 2025 15:46:04 +0100 Subject: [PATCH 08/12] Prepare release v3.3.1 --- CHANGELOG.md | 6 ++++++ script/gcg/traefik-bugfix.toml | 10 +++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7906983d3..d3dd22837 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [v3.3.1](https://github.com/traefik/traefik/tree/v3.3.1) (2025-01-07) +[All Commits](https://github.com/traefik/traefik/compare/v3.3.0...v3.3.1) + +**Bug fixes:** +- **[websocket,server]** Disable http2 connect setting for websocket by default ([#11408](https://github.com/traefik/traefik/pull/11408) by [rtribotte](https://github.com/rtribotte)) + ## [v3.2.5](https://github.com/traefik/traefik/tree/v3.2.5) (2025-01-07) [All Commits](https://github.com/traefik/traefik/compare/v3.2.4...v3.2.5) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 0059c5ef5..af780d4a2 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v3.2.5 -CurrentRef = "v3.2" -PreviousRef = "v3.2.4" -BaseBranch = "v3.2" -FutureCurrentRefName = "v3.2.5" +# example new bugfix v3.3.1 +CurrentRef = "v3.3" +PreviousRef = "v3.3.0" +BaseBranch = "v3.3" +FutureCurrentRefName = "v3.3.1" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From f9ff6049d3b79b50e77ecbfb6700266e1cd656ca Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 7 Jan 2025 16:12:04 +0100 Subject: [PATCH 09/12] Disable http2 connect setting for websocket by default Co-authored-by: Kevin Pollet Co-authored-by: Julien Salleyron Co-authored-by: Michael --- cmd/traefik/traefik.go | 1 + init/init.go | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 init/init.go diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index d54b806f3..d25951b93 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -23,6 +23,7 @@ import ( "github.com/traefik/traefik/v2/cmd" "github.com/traefik/traefik/v2/cmd/healthcheck" cmdVersion "github.com/traefik/traefik/v2/cmd/version" + _ "github.com/traefik/traefik/v2/init" tcli "github.com/traefik/traefik/v2/pkg/cli" "github.com/traefik/traefik/v2/pkg/collector" "github.com/traefik/traefik/v2/pkg/config/dynamic" diff --git a/init/init.go b/init/init.go new file mode 100644 index 000000000..e54655d0f --- /dev/null +++ b/init/init.go @@ -0,0 +1,21 @@ +package init + +import ( + "os" + "strings" +) + +// This makes use of the GODEBUG flag `http2xconnect` to deactivate the connect setting for HTTP2 by default. +// This type of upgrade is yet incompatible with `net/http` http1 reverse proxy. +// Please see https://github.com/golang/go/issues/71128#issuecomment-2574193636. +func init() { + goDebug := os.Getenv("GODEBUG") + if strings.Contains(goDebug, "http2xconnect") { + return + } + + if len(goDebug) > 0 { + goDebug += "," + } + os.Setenv("GODEBUG", goDebug+"http2xconnect=0") +} From 1aa450c028894ef5911175bbe7698836a460f182 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Tue, 7 Jan 2025 16:24:04 +0100 Subject: [PATCH 10/12] Prepare release v2.11.18 --- CHANGELOG.md | 6 ++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fd996266..c5186b71b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [v2.11.18](https://github.com/traefik/traefik/tree/v2.11.18) (2025-01-07) +[All Commits](https://github.com/traefik/traefik/compare/v2.11.17...v2.11.18) + +**Bug fixes:** +- **[websocket,server]** Disable http2 connect setting for websocket by default ([#11412](https://github.com/traefik/traefik/pull/11412) by [rtribotte](https://github.com/rtribotte)) + ## [v2.11.17](https://github.com/traefik/traefik/tree/v2.11.17) (2025-01-06) [All Commits](https://github.com/traefik/traefik/compare/v2.11.16...v2.11.17) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 8d1a0826e..ae7523c10 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.11.17 +# example new bugfix v2.11.18 CurrentRef = "v2.11" -PreviousRef = "v2.11.16" +PreviousRef = "v2.11.17" BaseBranch = "v2.11" -FutureCurrentRefName = "v2.11.17" +FutureCurrentRefName = "v2.11.18" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From 6aa56788ea78ddccf388bca63a2893a48833ce95 Mon Sep 17 00:00:00 2001 From: Jeff Spiers Date: Wed, 8 Jan 2025 01:36:04 -0700 Subject: [PATCH 11/12] Add missing trailing s to propagation.delayBeforeCheck option --- docs/content/migration/v3.md | 2 +- pkg/config/static/static_config.go | 2 +- pkg/provider/acme/provider.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/migration/v3.md b/docs/content/migration/v3.md index 966a1dce7..10ed8c314 100644 --- a/docs/content/migration/v3.md +++ b/docs/content/migration/v3.md @@ -173,7 +173,7 @@ please use the `traefik.swarm.network` and `traefik.swarm.lbswarm` labels instea ### ACME DNS Certificate Resolver In `v3.3`, the `acme.dnsChallenge.delaybeforecheck` and `acme.dnsChallenge.disablepropagationcheck` options of the ACME certificate resolver are deprecated, -please use respectively `acme.dnsChallenge.propagation.delayBeforeCheck` and `acme.dnsChallenge.propagation.disableAllChecks` options instead. +please use respectively `acme.dnsChallenge.propagation.delayBeforeChecks` and `acme.dnsChallenge.propagation.disableAllChecks` options instead. ### Tracing Global Attributes diff --git a/pkg/config/static/static_config.go b/pkg/config/static/static_config.go index c254711df..de0fa51cc 100644 --- a/pkg/config/static/static_config.go +++ b/pkg/config/static/static_config.go @@ -331,7 +331,7 @@ func (c *Configuration) SetEffectiveConfiguration() { } if resolver.ACME.DNSChallenge.DelayBeforeCheck > 0 { - log.Warn().Msgf("delayBeforeCheck is now deprecated, please use propagation.delayBeforeCheck instead.") + log.Warn().Msgf("delayBeforeCheck is now deprecated, please use propagation.delayBeforeChecks instead.") if resolver.ACME.DNSChallenge.Propagation == nil { resolver.ACME.DNSChallenge.Propagation = &acmeprovider.Propagation{} diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go index 48ce9d4a3..96795c5ed 100644 --- a/pkg/provider/acme/provider.go +++ b/pkg/provider/acme/provider.go @@ -89,7 +89,7 @@ type DNSChallenge struct { Resolvers []string `description:"Use following DNS servers to resolve the FQDN authority." json:"resolvers,omitempty" toml:"resolvers,omitempty" yaml:"resolvers,omitempty"` Propagation *Propagation `description:"DNS propagation checks configuration" json:"propagation,omitempty" toml:"propagation,omitempty" yaml:"propagation,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"` - // Deprecated: please use Propagation.DelayBeforeCheck instead. + // Deprecated: please use Propagation.DelayBeforeChecks instead. DelayBeforeCheck ptypes.Duration `description:"(Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers." json:"delayBeforeCheck,omitempty" toml:"delayBeforeCheck,omitempty" yaml:"delayBeforeCheck,omitempty" export:"true"` // Deprecated: please use Propagation.DisableAllChecks instead. DisablePropagationCheck bool `description:"(Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended]" json:"disablePropagationCheck,omitempty" toml:"disablePropagationCheck,omitempty" yaml:"disablePropagationCheck,omitempty" export:"true"` From d2414feaff6d00b6d180c643ac950a0eea25812e Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Wed, 8 Jan 2025 11:02:37 +0100 Subject: [PATCH 12/12] Add test to check that SettingEnableConnectProtocol frame is not sent --- docs/content/deprecation/releases.md | 3 ++- integration/websocket_test.go | 39 ++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/docs/content/deprecation/releases.md b/docs/content/deprecation/releases.md index 001b161db..d3fb7914b 100644 --- a/docs/content/deprecation/releases.md +++ b/docs/content/deprecation/releases.md @@ -6,7 +6,8 @@ Below is a non-exhaustive list of versions and their maintenance status: | Version | Release Date | Community Support | |---------|--------------|--------------------| -| 3.2 | Oct 28, 2024 | Yes | +| 3.3 | Jan 06, 2025 | Yes | +| 3.2 | Oct 28, 2024 | Ended Jan 06, 2025 | | 3.1 | Jul 15, 2024 | Ended Oct 28, 2024 | | 3.0 | Apr 29, 2024 | Ended Jul 15, 2024 | | 2.11 | Feb 12, 2024 | Ends Apr 29, 2025 | diff --git a/integration/websocket_test.go b/integration/websocket_test.go index 72a314d58..7eeede02b 100644 --- a/integration/websocket_test.go +++ b/integration/websocket_test.go @@ -16,6 +16,7 @@ import ( "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" "github.com/traefik/traefik/v2/integration/try" + "golang.org/x/net/http2" "golang.org/x/net/websocket" ) @@ -451,6 +452,44 @@ func (s *WebsocketSuite) TestSSLhttp2() { assert.Equal(s.T(), "OK", string(msg)) } +func (s *WebsocketSuite) TestSettingEnableConnectProtocol() { + file := s.adaptFile("fixtures/websocket/config_https.toml", struct { + WebsocketServer string + }{ + WebsocketServer: "http://127.0.0.1", + }) + + s.traefikCmd(withConfigFile(file), "--log.level=DEBUG", "--accesslog") + + // Wait for traefik. + err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("127.0.0.1")) + require.NoError(s.T(), err) + + // Add client self-signed cert. + roots := x509.NewCertPool() + certContent, err := os.ReadFile("./resources/tls/local.cert") + require.NoError(s.T(), err) + + roots.AppendCertsFromPEM(certContent) + + // Open a connection to inspect SettingsFrame. + conn, err := tls.Dial("tcp", "127.0.0.1:8000", &tls.Config{ + RootCAs: roots, + NextProtos: []string{"h2"}, + }) + require.NoError(s.T(), err) + + framer := http2.NewFramer(nil, conn) + frame, err := framer.ReadFrame() + require.NoError(s.T(), err) + + fr, ok := frame.(*http2.SettingsFrame) + require.True(s.T(), ok) + + _, ok = fr.Value(http2.SettingEnableConnectProtocol) + assert.False(s.T(), ok) +} + func (s *WebsocketSuite) TestHeaderAreForwarded() { upgrader := gorillawebsocket.Upgrader{} // use default options