Change the default value of insecureSNI

* fix: allow domain fronting by default * review: typo. * review: doc. Co-authored-by: Fernandez Ludovic <ludovic@containo.us>
2020-07-10 18:48:03 +02:00 · 2020-07-10 18:48:03 +02:00 · c315b4e064
commit c315b4e064
parent d7f517fbf5
5 changed files with 21 additions and 95 deletions
--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@ -4,114 +4,35 @@

 ### Domain fronting

-In `v2.2.2` we introduced the ability to avoid [Domain fronting](https://en.wikipedia.org/wiki/Domain_fronting), 
-and enabled it by default for [https routers](../routing/routers/index.md#rule) configured with ```Host(`something`)```.
+In `v2.2.2` we introduced the ability to avoid [Domain fronting](https://en.wikipedia.org/wiki/Domain_fronting) for [https routers](../routing/routers/index.md#rule) configured with ```Host(`something`)``` but we disabled it for compatibility reasons by default.

-!!! example "Allow Domain Fronting on a Specific Router"
-    
-    !!! info "Before v2.2.2"
-    
-    ```yaml tab="Docker"
-    labels:
-      - "traefik.http.routers.router0.rule=Host(`test.localhost`)"
-    ```
-    
-    ```yaml tab="K8s Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
-    kind: IngressRoute
-    metadata:
-      name: ingressroutebar
-    
-    spec:
-      entryPoints:
-        - http
-      routes:
-      - match: Host(`test.localhost`)
-        kind: Rule
-        services:
-        - name: server0
-          port: 80
-        - name: server1
-          port: 80
-    ```
-        
-    ```toml tab="File (TOML)"
-    [http.routers.router0]
-        rule = "Host(`test.localhost`)"
-        service = "my-service"
-    ```
-    
-    ```toml tab="File (YAML)"
-    http:
-      routers:
-        router0:
-          rule: "Host(`test.localhost`)"
-          service: my-service
-    ```
+Nothing special is required to keep the previous behavior.

-    !!! info "v2.2.2"
-    
-    ```yaml tab="Docker"
-    labels:
-      - "traefik.http.routers.router0.rule=HostHeader(`test.localhost`)"
-    ```
-    
-    ```yaml tab="K8s Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
-    kind: IngressRoute
-    metadata:
-      name: ingressroutebar
-    
-    spec:
-      entryPoints:
-        - http
-      routes:
-      - match: HostHeader(`test.localhost`)
-        kind: Rule
-        services:
-        - name: server0
-          port: 80
-        - name: server1
-          port: 80
-    ```
-        
-    ```toml tab="File (TOML)"
-    [http.routers.router0]
-        rule = "HostHeader(`test.localhost`)"
-        service = "my-service"
-    ```
-    
-    ```toml tab="File (YAML)"
-    http:
-      routers:
-        router0:
-          rule: "HostHeader(`test.localhost`)"
-          service: my-service
-    ```
+However, a new flag is available as a global option to disable domain fronting.

-As a fallback, a new flag is available as a global option:
-
-!!! example "Enabling Domain Fronting for All Routers"
+!!! example "Disabling Domain Fronting for All Routers"
    
    ```toml tab="File (TOML)"
    # Static configuration
    [global]
-      # Enabling domain fronting
-      insecureSNI = true
+      # Disabling domain fronting
+      insecureSNI = false
    ```
    
    ```yaml tab="File (YAML)"
    # Static configuration
    global:
-      # Enabling domain fronting
-      insecureSNI: true
+      # Disabling domain fronting
+      insecureSNI: false
    ```
    
    ```bash tab="CLI"
-    # Enabling domain fronting
-    --global.insecureSNI
+    # Disabling domain fronting
+    --global.insecureSNI=false
    ```

+To fine tune the HTTPS routing with Domain Fronting disabled, two new HTTP rules `HostSNI` and `HostHeader` are available. 
+
 ## v2.0 to v2.1

 ### Kubernetes CRD