Skip to content
This repository has been archived by the owner on Mar 11, 2021. It is now read-only.

Commit

Permalink
Merge 'v1.5.2' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
ldez committed Feb 12, 2018
2 parents 6a92ac0 + 52bad03 commit 794c020
Show file tree
Hide file tree
Showing 338 changed files with 4,158 additions and 48,549 deletions.
21 changes: 21 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,26 @@
# Change Log

## [v1.5.2](https://github.com/containous/traefik/tree/v1.5.2) (2018-02-12)
[All Commits](https://github.com/containous/traefik/compare/v1.5.1...v1.5.2)

**Bug fixes:**
- **[acme,cluster,kv]** Compress ACME certificates in KV stores. ([#2814](https://github.com/containous/traefik/pull/2814) by [nmengin](https://github.com/nmengin))
- **[acme]** Traefik still start when Let's encrypt is down ([#2794](https://github.com/containous/traefik/pull/2794) by [Juliens](https://github.com/Juliens))
- **[docker]** Fix dnsrr endpoint mode excluded when not using swarm LB ([#2795](https://github.com/containous/traefik/pull/2795) by [mmatur](https://github.com/mmatur))
- **[eureka]** Continue refresh the configuration after a failure. ([#2838](https://github.com/containous/traefik/pull/2838) by [ldez](https://github.com/ldez))
- **[logs]** Reduce oxy round trip logs to debug. ([#2821](https://github.com/containous/traefik/pull/2821) by [timoreimann](https://github.com/timoreimann))
- **[websocket]** Fix goroutine leaks in websocket ([#2825](https://github.com/containous/traefik/pull/2825) by [Juliens](https://github.com/Juliens))
- Hide the pflag error when displaying help. ([#2800](https://github.com/containous/traefik/pull/2800) by [ldez](https://github.com/ldez))

**Documentation:**
- **[docker]** Explain how to write entrypoints definition in a compose file ([#2834](https://github.com/containous/traefik/pull/2834) by [mmatur](https://github.com/mmatur))
- **[docker]** Fix typo ([#2813](https://github.com/containous/traefik/pull/2813) by [uschtwill](https://github.com/uschtwill))
- **[k8s]** typo in "i"ngress annotations. ([#2780](https://github.com/containous/traefik/pull/2780) by [RRAlex](https://github.com/RRAlex))
- Clarify how setting a frontend priority works ([#2818](https://github.com/containous/traefik/pull/2818) by [sirlatrom](https://github.com/sirlatrom))
- Fixed typo. ([#2811](https://github.com/containous/traefik/pull/2811) by [sonus21](https://github.com/sonus21))
- Docs: regex+replacement hints for URL rewriting ([#2802](https://github.com/containous/traefik/pull/2802) by [djeeg](https://github.com/djeeg))
- Add documentation about entry points definition with CLI. ([#2798](https://github.com/containous/traefik/pull/2798) by [ldez](https://github.com/ldez))

## [v1.5.1](https://github.com/containous/traefik/tree/v1.5.1) (2018-01-29)
[All Commits](https://github.com/containous/traefik/compare/v1.5.0...v1.5.1)

Expand Down
4 changes: 3 additions & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,11 @@ If you happen to update the provider templates (in `/templates`), you need to ru

[dep](https://github.com/golang/dep) is not required for building; however, it is necessary to modify dependencies (i.e., add, update, or remove third-party packages)

You need to use [dep](https://github.com/golang/dep) >= O.4.1.

If you want to add a dependency, use `dep ensure -add` to have [dep](https://github.com/golang/dep) put it into the vendor folder and update the dep manifest/lock files (`Gopkg.toml` and `Gopkg.lock`, respectively).

A following `make prune-dep` run should be triggered to trim down the size of the vendor folder.
A following `make dep-prune` run should be triggered to trim down the size of the vendor folder.
The final result must be committed into VCS.

Here's a full example using dep to add a new dependency:
Expand Down
14 changes: 9 additions & 5 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions Gopkg.toml
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,10 @@
branch = "master"
name = "github.com/stvp/go-udp-testing"

[[constraint]]
name = "github.com/stretchr/testify"
version = "1.2.1"

[[constraint]]
name = "github.com/uber/jaeger-client-go"
version = "2.9.0"
Expand Down Expand Up @@ -233,3 +237,8 @@
# ALWAYS keep this override
name = "github.com/mailgun/timetools"
revision = "7e6055773c5137efbeb3bd2410d705fe10ab6bfd"

[prune]
non-go = true
go-tests = true
unused-packages = true
6 changes: 5 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,11 @@ fmt:
pull-images:
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull

prune-dep:
dep-ensure:
dep ensure -v
./script/prune-dep.sh

dep-prune:
./script/prune-dep.sh

help: ## this help
Expand Down
4 changes: 1 addition & 3 deletions build.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,13 @@ RUN go get github.com/containous/go-bindata/... \

# Which docker version to test on
ARG DOCKER_VERSION=17.03.2
ARG DEP_VERSION=0.3.2
ARG DEP_VERSION=0.4.1

# Download dep binary to bin folder in $GOPATH
RUN mkdir -p /usr/local/bin \
&& curl -fsSL -o /usr/local/bin/dep https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 \
&& chmod +x /usr/local/bin/dep



# Download docker
RUN mkdir -p /usr/local/bin \
&& curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}-ce.tgz \
Expand Down
50 changes: 38 additions & 12 deletions docs/configuration/acme.md
Original file line number Diff line number Diff line change
Expand Up @@ -165,9 +165,26 @@ storage = "acme.json"
# ...
```

File or key used for certificates storage.
The `storage` option sets where are stored your ACME certificates.

**WARNING:** If you use Træfik in Docker, you have 2 options:
There are two kind of `storage` :
- a JSON file,
- a KV store entry.

!!! danger "DEPRECATED"
`storage` replaces `storageFile` which is deprecated.

!!! note
During Træfik configuration migration from a configuration file to a KV store (thanks to `storeconfig` subcommand as described [here](/user-guide/kv-config/#store-configuration-in-key-value-store)), if ACME certificates have to be migrated too, use both `storageFile` and `storage`.

- `storageFile` will contain the path to the `acme.json` file to migrate.
- `storage` will contain the key where the certificates will be stored.

#### Store data in a file

ACME certificates can be stored in a JSON file which with the `600` right mode.

There are two ways to store ACME certificates in a file from Docker:

- create a file on your host and mount it as a volume:
```toml
Expand All @@ -176,7 +193,6 @@ storage = "acme.json"
```bash
docker run -v "/my/host/acme.json:acme.json" traefik
```

- mount the folder containing the file as a volume
```toml
storage = "/etc/traefik/acme/acme.json"
Expand All @@ -185,14 +201,24 @@ storage = "/etc/traefik/acme/acme.json"
docker run -v "/my/host/acme:/etc/traefik/acme" traefik
```

!!! note
`storage` replaces `storageFile` which is deprecated.
!!! warning
This file cannot be shared per many instances of Træfik at the same time.
If you have to use Træfik cluster mode, please use [a KV Store entry](/configuration/acme/#storage-kv-entry).

!!! note
During Træfik configuration migration from a configuration file to a KV store (thanks to `storeconfig` subcommand as described [here](/user-guide/kv-config/#store-configuration-in-key-value-store)), if ACME certificates have to be migrated too, use both `storageFile` and `storage`.
#### Store data in a KV store entry

- `storageFile` will contain the path to the `acme.json` file to migrate.
- `storage` will contain the key where the certificates will be stored.
ACME certificates can be stored in a KV Store entry.

```toml
storage = "traefik/acme/account"
```

**This kind of storage is mandatory in cluster mode.**

Because KV stores (like Consul) have limited entries size, the certificates list is compressed before to be set in a KV store entry.

!!! note
It's possible to store up to approximately 100 ACME certificates in Consul.

### `acme.httpChallenge`

Expand Down Expand Up @@ -288,7 +314,7 @@ Useful if internal networks block external DNS queries.

### `onDemand` (Deprecated)

!!! warning
!!! danger "DEPRECATED"
This option is deprecated.

```toml
Expand Down Expand Up @@ -365,12 +391,12 @@ Each domain & SANs will lead to a certificate request.

### `dnsProvider` (Deprecated)

!!! warning
!!! danger "DEPRECATED"
This option is deprecated.
Please refer to [DNS challenge provider section](/configuration/acme/#provider)

### `delayDontCheckDNS` (Deprecated)

!!! warning
!!! danger "DEPRECATED"
This option is deprecated.
Please refer to [DNS challenge delayBeforeCheck section](/configuration/acme/#delaybeforecheck)
23 changes: 19 additions & 4 deletions docs/configuration/entrypoints.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,23 @@ For more information about the CLI, see the documentation about [Traefik command
Whitespace is used as option separator and `,` is used as value separator for the list.
The names of the options are case-insensitive.

All available options:
In compose file the entrypoint syntax is different:

```yaml
traefik:
image: traefik
command:
- --defaultentrypoints=powpow
- "--entryPoints=Name:powpow Address::42 Compress:true"
```
or
```yaml
traefik:
image: traefik
command: --defaultentrypoints=powpow --entryPoints='Name:powpow Address::42 Compress:true'
```
#### All available options:
```ini
Name:foo
Expand Down Expand Up @@ -223,9 +239,8 @@ In the example below both `snitest.com` and `snitest.org` will require client ce
```

!!! note

The deprecated argument `ClientCAFiles` allows adding Client CA files which are mandatory.
If this parameter exists, the new ones are not checked.
The deprecated argument `ClientCAFiles` allows adding Client CA files which are mandatory.
If this parameter exists, the new ones are not checked.

## Authentication

Expand Down
8 changes: 4 additions & 4 deletions docs/user-guide/cluster-docker-consul.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,8 @@ services:
image: traefik:1.5
command:
- "--api"
- "--entrypoints='Name:http Address::80 Redirect.EntryPoint:https'"
- "--entrypoints='Name:https Address::443 TLS'"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=/etc/traefik/acme/acme.json"
Expand Down Expand Up @@ -204,8 +204,8 @@ services:
command:
- "storeconfig"
- "--api"
- "--entrypoints='Name:http Address::80 Redirect.EntryPoint:https'"
- "--entrypoints='Name:https Address::443 TLS'"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=traefik/acme/account"
Expand Down
8 changes: 8 additions & 0 deletions docs/user-guide/cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,11 @@ A Træfik cluster is based on a manager/worker model.

When starting, Træfik will elect a manager.
If this instance fails, another manager will be automatically elected.

## Træfik cluster and Let's Encrypt

**In cluster mode, ACME certificates have to be stored in [a KV Store entry](/configuration/acme/#storage-kv-entry).**

Thanks to the Træfik cluster mode algorithm (based on [the Raft Consensus Algorithm](https://raft.github.io/)), only one instance will contact Let's encrypt to solve the challenges.

The others instances will get ACME certificate from the KV Store entry.
2 changes: 2 additions & 0 deletions examples/acme/compose-acme.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ services :
- bhsm
- bmysql
- brabbitmq
volumes:
- "./rate-limit-policies.yml:/go/src/github.com/letsencrypt/boulder/test/rate-limit-policies.yml:ro"

bhsm:
image: letsencrypt/boulder-tools:2016-11-02
Expand Down
42 changes: 42 additions & 0 deletions examples/acme/rate-limit-policies.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
totalCertificates:
window: 1h
threshold: 100000
certificatesPerName:
window: 1h
threshold: 100000
overrides:
ratelimit.me: 1
lim.it: 0
# Hostnames used by the letsencrypt client integration test.
le.wtf: 10000
le1.wtf: 10000
le2.wtf: 10000
le3.wtf: 10000
nginx.wtf: 10000
good-caa-reserved.com: 10000
bad-caa-reserved.com: 10000
ecdsa.le.wtf: 10000
must-staple.le.wtf: 10000
registrationOverrides:
101: 1000
registrationsPerIP:
window: 1h
threshold: 100000
overrides:
127.0.0.1: 1000000
pendingAuthorizationsPerAccount:
window: 1h
threshold: 100000
certificatesPerFQDNSet:
window: 1h
threshold: 100000
overrides:
le.wtf: 10000
le1.wtf: 10000
le2.wtf: 10000
le3.wtf: 10000
le.wtf,le1.wtf: 10000
good-caa-reserved.com: 10000
nginx.wtf: 10000
ecdsa.le.wtf: 10000
must-staple.le.wtf: 10000
2 changes: 2 additions & 0 deletions examples/cluster/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ services:
- bhsm
- bmysql
- brabbitmq
volumes:
- "./rate-limit-policies.yml:/go/src/github.com/letsencrypt/boulder/test/rate-limit-policies.yml:ro"
networks:
net:
ipv4_address: 10.0.1.3
Expand Down
Loading

0 comments on commit 794c020

Please sign in to comment.