traefik / traefik Goto Github PK

The Cloud Native Application Proxy

License: MIT License

Go 92.73% Makefile 0.14% Shell 0.22% JavaScript 1.97% HTML 0.03% Dockerfile 0.03% Vue 4.69% SCSS 0.17%

consul docker etcd go golang kubernetes letsencrypt load-balancer marathon mesos microservice reverse-proxy traefik zookeeper

traefik's Introduction

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Consul, Etcd, Rancher v2, Amazon ECS, ...) and configures itself automatically and dynamically. Pointing Traefik at your orchestrator should be the only configuration step you need.

. Overview . Features . Supported backends . Quickstart . Web UI . Documentation .

. Support . Release cycle . Contributing . Maintainers . Credits .

⚠️ Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you're running v2, please ensure you are using a v2 configuration.

Overview

Imagine that you have deployed a bunch of microservices with the help of an orchestrator (like Swarm or Kubernetes) or a service registry (like etcd or consul). Now you want users to access these microservices, and you need a reverse proxy.

Traditional reverse-proxies require that you configure each route that will connect paths and subdomains to each microservice. In an environment where you add, remove, kill, upgrade, or scale your services many times a day, the task of keeping the routes up to date becomes tedious.

This is when Traefik can help you!

Traefik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part.

Run Traefik and let it do the work for you! (But if you'd rather configure some of your routes manually, Traefik supports that too!)

Features

Continuously updates its configuration (No restarts!)
Supports multiple load balancing algorithms
Provides HTTPS to your microservices by leveraging Let's Encrypt (wildcard certificates support)
Circuit breakers, retry
See the magic through its clean web UI
Websocket, HTTP/2, gRPC ready
Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB 2.X)
Keeps access logs (JSON, CLF)
Fast
Exposes a Rest API
Packaged as a single binary file (made with ❤️ with go) and available as an official docker image

Supported Backends

Quickstart

To get your hands on Traefik, you can use the 5-Minute Quickstart in our documentation (you will need Docker).

Web UI

You can access the simple HTML frontend of Traefik.

Documentation

You can find the complete documentation of Traefik v2 at https://doc.traefik.io/traefik/.

A collection of contributions around Traefik can be found at https://awesome.traefik.io.

Support

To get community support, you can:

join the Traefik community forum:

If you need commercial support, please contact Traefik.io by mail: mailto:[email protected].

Download

Grab the latest binary from the releases page and run it with the sample configuration file:

./traefik --configFile=traefik.toml

Or use the official tiny Docker image and run it with the sample configuration file:

docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik

Or get the sources:

git clone https://github.com/traefik/traefik

Introductory Videos

You can find high level and deep dive videos on videos.traefik.io.

Maintainers

We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey! This document describes how to be part of the maintainers' team as well as various responsibilities and guidelines for Traefik maintainers. You can also find more information on our process to review pull requests and manage issues in this document.

Contributing

If you'd like to contribute to the project, refer to the contributing documentation.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project, you agree to abide by its terms.

Release Cycle

We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).

Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).

We use Semantic Versioning.

Mailing Lists

General announcements, new releases: mail at [email protected] or on the online viewer.
Security announcements: mail at [email protected] or on the online viewer.

Credits

Kudos to Peka for his awesome work on the gopher's logo!.

The gopher's logo of Traefik is licensed under the Creative Commons 3.0 Attributions license.

The gopher's logo of Traefik was inspired by the gopher stickers made by Takuya Ueda. The original Go gopher was designed by Renee French.

traefik's People

Contributors

Stargazers

Watchers

Forkers

vdemeester poznyakandrey gitter-badger juddy malei zhangxu cinderalla gijs thorhs bscott jefflaplante cybernetics pilgrim2go hotelzululima superseb geezer-workshop zackslash ldez creack albertrdixon jpillora ahjdzx strogo asteris-llc starpost aledbf brianhicks olesku rasata pekha rmetzler dz0ny dylanmei pangzheng xissy mikejihbe pombredanne mustwin veacks pierrez intfrr leezqyuan lizhengqiang danzel tayzlor keis jsoriano hugues-antoine octoblu dontrebootme wumuxian kirushik goguardian xmillies djannot cloudxtreme entropyworks advait cocap10 jjsaunier kevinrandolph crgbaumgart thermeon halfa philk avldya dudymas ikenneth asierga95 samber tilgovi debovema justintung yourchanges thomasf sqleejan kevioke tossp russell-io devopsbox gesellix leoyer stongo ciscocloud oldtree xinity pborreli fclaeys fteychene lecai kasisnu mistsys saagie errm jim3ma xytis jcsirot jrossi nickethier maniacs-ops

traefik's Issues

SSL frontend issue with certs

I get the following error trying to use SSL frontend for "main" port in official traefik docker release:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x18 pc=0x639e40]

goroutine 9 [running]:
github.com/emilevauge/traefik/vendor/github.com/mailgun/manners.(*GracefulListener).Clone(0x0, 0x0, 0x0, 0x0, 0x0)
    /go/src/github.com/emilevauge/traefik/vendor/github.com/mailgun/manners/listener.go:105 +0x40
github.com/emilevauge/traefik/vendor/github.com/mailgun/manners.(*GracefulServer).HijackListener(0xc8200136c0, 0xc82016a360, 0x0, 0xc820142ff0, 0x0, 0x0)
    /go/src/github.com/emilevauge/traefik/vendor/github.com/mailgun/manners/server.go:184 +0x46
main.prepareServer(0xc82016d2c0, 0xc8200f5a20, 0xc8200136c0, 0xc8201d7eb0, 0x2, 0x2, 0x0)
    /go/src/github.com/emilevauge/traefik/traefik.go:235 +0x5a6
main.main.func1(0xc820016960, 0xc8200f5a20, 0xc8200240e8, 0xc8200240e0, 0xc8200240f8)
    /go/src/github.com/emilevauge/traefik/traefik.go:120 +0x7b6
created by main.main
    /go/src/github.com/emilevauge/traefik/traefik.go:133 +0xa0d

goroutine 1 [chan receive]:
main.main()
    /go/src/github.com/emilevauge/traefik/traefik.go:190 +0x148e

goroutine 5 [syscall]:
os/signal.loop()
    /usr/local/go/src/os/signal/signal_unix.go:22 +0x18
created by os/signal.init.1
    /usr/local/go/src/os/signal/signal_unix.go:28 +0x37

goroutine 6 [sleep]:
time.Sleep(0x3b9aca00)
    /usr/local/go/src/runtime/time.go:59 +0xf9
github.com/emilevauge/traefik/vendor/github.com/thoas/stats.New.func1(0xc820016840)
    /go/src/github.com/emilevauge/traefik/vendor/github.com/thoas/stats/stats.go:33 +0x2e
created by github.com/emilevauge/traefik/vendor/github.com/thoas/stats.New
    /go/src/github.com/emilevauge/traefik/vendor/github.com/thoas/stats/stats.go:35 +0x161

goroutine 18 [runnable]:
github.com/emilevauge/traefik/vendor/gopkg.in/fsnotify%2ev1.(*Watcher).readEvents(0xc82016c000)
    /go/src/github.com/emilevauge/traefik/vendor/gopkg.in/fsnotify.v1/inotify.go:159
created by github.com/emilevauge/traefik/vendor/gopkg.in/fsnotify%2ev1.NewWatcher
    /go/src/github.com/emilevauge/traefik/vendor/gopkg.in/fsnotify.v1/inotify.go:58 +0x315

goroutine 8 [select, locked to thread]:
runtime.gopark(0xc33aa8, 0xc820023728, 0xb0c888, 0x6, 0x45b318, 0x2)
    /usr/local/go/src/runtime/proc.go:185 +0x163
runtime.selectgoImpl(0xc820023728, 0x0, 0x18)
    /usr/local/go/src/runtime/select.go:392 +0xa64
runtime.selectgo(0xc820023728)
    /usr/local/go/src/runtime/select.go:212 +0x12
runtime.ensureSigM.func1()
    /usr/local/go/src/runtime/signal1_unix.go:227 +0x353
runtime.goexit()
    /usr/local/go/src/runtime/asm_amd64.s:1696 +0x1

goroutine 11 [runnable]:
main.main.func2(0x7f8338f27c98, 0xc82011f920, 0xc820016960)
    /go/src/github.com/emilevauge/traefik/traefik.go:169
created by main.main
    /go/src/github.com/emilevauge/traefik/traefik.go:174 +0x127d

goroutine 12 [runnable]:
main.main.func3(0xc8200169c0, 0xc8200240e0, 0xc820016a20)
    /go/src/github.com/emilevauge/traefik/traefik.go:177
created by main.main
    /go/src/github.com/emilevauge/traefik/traefik.go:183 +0x12d8

goroutine 13 [runnable]:
math/big.(*Int).Set(0xc820155470, 0xc8201554f0, 0xc8201554d0)
    /usr/local/go/src/math/big/int.go:66
math/big.(*Int).GCD(0xc8201555a8, 0xc82004bec0, 0x0, 0xc82004bde0, 0xc82004bdc0, 0x43e882)
    /usr/local/go/src/math/big/int.go:474 +0x37a
math/big.(*Int).ModInverse(0xc82004bec0, 0xc82004bde0, 0xc82004bdc0, 0xc82004bea0)
    /usr/local/go/src/math/big/int.go:578 +0x61
crypto/rsa.(*PrivateKey).Precompute(0xc820016e40)
    /usr/local/go/src/crypto/rsa/rsa.go:413 +0x220
crypto/x509.ParsePKCS1PrivateKey(0xc82013c500, 0x4a7, 0x4a7, 0xc820016e40, 0x0, 0x0)
    /usr/local/go/src/crypto/x509/pkcs1.go:81 +0x6f4
crypto/tls.parsePrivateKey(0xc82013c500, 0x4a7, 0x4a7, 0x0, 0x0, 0x0, 0x0)
    /usr/local/go/src/crypto/tls/tls.go:255 +0x6e
crypto/tls.X509KeyPair(0xc8200a5cb4, 0x0, 0x200, 0xc82007788b, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, ...)
    /usr/local/go/src/crypto/tls/tls.go:214 +0x499
crypto/tls.LoadX509KeyPair(0xc82004b5c0, 0x14, 0xc82004b620, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    /usr/local/go/src/crypto/tls/tls.go:179 +0x1bf
github.com/emilevauge/traefik/vendor/github.com/mailgun/manners.(*GracefulServer).ListenAndServeTLS(0xc8200136c0, 0xc82004b5c0, 0x14, 0xc82004b620, 0x13, 0x0, 0x0)
    /go/src/github.com/emilevauge/traefik/vendor/github.com/mailgun/manners/server.go:152 +0x255
main.startServer(0xc8200136c0, 0xc8200f5a20)
    /go/src/github.com/emilevauge/traefik/traefik.go:197 +0x177
created by main.main
    /go/src/github.com/emilevauge/traefik/traefik.go:188 +0x146b

goroutine 19 [select]:
main.(*FileProvider).Provide.func1(0xc82016c000, 0xc820144008, 0xc82004b840, 0xc820016960)
    /go/src/github.com/emilevauge/traefik/file.go:37 +0x5eb
created by main.(*FileProvider).Provide
    /go/src/github.com/emilevauge/traefik/file.go:50 +0x44c

I use file backend and same certs work for api [web] port.
Also same configuration with same certs is working on other server, difference is other server uses image from 2 weeks ago and new one image from 2 hours ago.

Drain a backend server

Many load-balancers have this feature. Example for AWS: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-conn-drain.html

I would like to be able to set /backends/awesomebackend/servers/server2/drain 1

The effect would be that no new clients should be sent towards this backend. Ideally the proxy should communicate back when no existing clients remain.

Use Case

Deployment server could launch the new environment, set the old environment to "drain=1" and that way we could deploy without disturbing existing connections.

This sounds a bit out of scope for an auto-configured reverse-proxy, but if you're going to implement #5. Then maybe consider this.

Mesos watch feature broken

Traefik does not seem to be seeing application changes with the Mesos backend. Using this configuration

port = ":80"
graceTimeOut = 10
traefikLogsFile = "log/traefik.log"
accessLogsFile = "log/access.log"
logLevel = "INFO"
ProvidersThrottleDuration = 5
[web]
address = ":18080"
[marathon]
endpoint = "http://10.42.0.80:8080"
networkInterface = "eth0"
watch = true
domain = "traefik"

If I deploy new instances traefik is not picking up on additions. If I scale down instances traefik is still routing to the destroyed ones kicking out 502 bad gateways. A recycle of traefik fixes the problem. Not sure if this is related to #81

passHostHeader with kv backends not working

Release: v1.0.alpha.275

control Marathon CB/LB schemes via labels

Proposal:

What if one could control Marathon circuit breaker (CB) and load balancer (LB) schemes with labels? Something like this:

{
    "traefik.circuitbreaker": "NetworkErrorRatio() < 0.5",
    "traefik.loadbalancer": "wrr"
}

This, however, would mean that we couldn't combine apps to do blue/green or canary deployments. So, here are some proposals for how to get around that issue:

meta-information on the app

We could have another label on the app that controlled grouping, (e.g. traefik.backend.) When set to the same value, apps would load balance together. Each instance of the app could use the circuit breaker defined locally, which leaves load balancing information.

Several approaches could work for load balancing information:

use the first one Traefik grabs. This means that the LB used could be a function of Marathon's message delivery order, so it's not great.
enforce all the apps matching traefik.loadbalancer labels. This could work, but could cause unavailability/incorrect behavior if the operator doesn't understand this constraint.
have a higher-order key on the app (e.g. {"traefik.multiloadbalancer": "wrr"}.) Ties would be broken on an arbitrary metric (newest app makes sense to me, but that could be configured on the config backend level.)

I like a combo of 3 and 2, personally: prefer traefik.multiloadbalancer then traefik.loadbalancer, and resolve inconsistencies using a configurable tiebreaker. We could use the same approach for CBs, if I'm wrong that you could potentially use different types per instance.

externally stored information

We could have a higher-level provider that combines an automatic service generator with a K/V store. So, for example, one could use Marathon and Consul together. The information about instances would come from the automatic provider, and the information on which to include would come from the K/V store.

As an example, say you have two apps (ID /app/1 and /app/2) in Marathon. They don't know about each other, but there's a key in Consul /traefik/multi/marathon/instances whose value is /app/1,/app/2. That creates a backend which balances between the backends of the two apps. The apps then have their individual CB/LB configurations respected at that level.

I feel that either approach could be good, but the external approach requires a fair bit more setup (despite having a clear single source of truth.)

Memory & CPU usage rise over time

@emilevauge

Traefik's latency seemed pretty high-- I didn't know if it is our setup, the nature of traefik's dynamic configuration, or nothing at all to be concerned with. Here's what our CPU graph on google looks like:

You can see where I reset traefik-- it dropped off nicely then. Also, average latency went from ~3.5s to 75ms. How do you test something like traefik? I am about to:

         #!/bin/bash 
         COUNTER=0
         while [  $COUNTER -lt 1000000 ]; do
             echo The counter is $COUNTER
             curl http://faddat-p4nbgmug-gogs.klouds.org/explore
             let COUNTER=COUNTER+1 
         done

Effective? Insane? Pointless?

Thank you :)

Get always 404

Hi,

I try to run traefik with docker. Here is my traefik.toml file:

################################################################
# Global configuration
################################################################
port = ":80"
graceTimeOut = 10logLevel = "ERROR"
################################################################
# Web configuration backend
################################################################
[web]
address = ":8080"
################################################################
# Docker configuration backend
################################################################
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true

If I enable accessLogs I get this error:
logger.go:24: Error opening fileopen log/access.log: no such file or directory

Because of running docker in an ubuntu vm, I set the domain to my hosts file on my host. This works for the traefik container but not for my web application.

Here the docker-compose file from the traefik container:

proxy:
  image: emilevauge/traefik
  restart: always
  labels:
    - "traefik.host=proxy"
    - "traefik.domain=dev.io"
  ports:
    - "80:80"
    - "443:443"
    - "8080:8080"
  volumes:
    - ./conf/traefik.toml:/traefik.toml
    - /var/run/docker.sock:/var/run/docker.sock

And here from my web application:

web:
  image: nginx:latest
  ports:
    - "40020:80"
    - "40021:443"
  labels:
    - "traefik.host=astitvam"
    - "traefik.domain=dev.io"
  links:
    - "php"
  volumes:
    - ./logs/nginx:/var/log/nginx
    - ./nginx/ssl:/etc/nginx/ssl
  volumes_from:
    - php

php:
  image: mc388/docker-php:latest
  volumes:
    - ./:/var/www/html

The web application shows always 404 page not found.

And two last questions:

How can I say traefik to use port 80 and 443 or set force ssl?
How can I set up different ssl certs for different web applications?

Session affinity / stickiness / persistence

Is support for sticky sessions on the roadmap?

Support configuration persistence & recovery mechanism

Traefik should persist it's configuration and recover from it if needed.

Update doc about kv structure

HTTP Basic Auth support

First of all I wanted to say that the project looks very good. Congratulations and keep up the good work.

Second: I wasn't able to find any documentation/information about HTTP Basic Auth setup.

Does the tool support it at all?

URL Variables as Docker Labels?

Wondering if it's possible to do URL Variables as part of a Docker label like so:

docker run ... \
  --label traefik.frontend.rule=Host \
  --label traefik.frontend.value={subdomain:[a-z]+}.example.com \
  ...

[website] assets don't load via HTTPS

Blocked loading mixed active content "http://traefik.github.io//css/base.css"
Blocked loading mixed active content "http://traefik.github.io//css/traefik.css"
Blocked loading mixed active content "http://traefik.github.io//js/jquery.min.js"
Blocked loading mixed active content "http://traefik.github.io//js/index.min.js"

Not all that pretty without CSS:

Support for WebSockets

One major reason why I haven't been able to play with something like vulcand is the lack of WebSocket support. This may not be high on the priority list. But support for WebSockets would make this much more viable to me as a replacement for my more kudgly HAProxy and nginx reverse proxy setups in Docker.

Filter Marathon events that fail health checks or are not running

We've seen some 503 issues in our deployment and think it is related to the way marathon describes tasks.

For example, in https://mesosphere.github.io/marathon/docs/rest-api.html#get-v2-tasks, we can filter tasks that are staged but not running

We should also have the ability to filter tasks that fail a health check.

Path based routing for API gateways

I may have missed something but currently, Traefik seems to only allow domain based routing.
For example with Docker microservices:
userService.docker.com -> user service container
resourceService.docker.com -> resource service container

To allow an API gateway usage, shouldn't path based routing be possible too ?
Like:
app.docker.com/userService -> user service container
app.docker.com/resourceService -> resource service container

Zero-downtime config backend changes

I'd like to be able to add and remove config backends without effecting other config backends. E.G. if I add or remove Marathon, I'd like to not disrupt Consul traffic.

Bufferise configurations from providers

Configurations needs to be bufferised from providers in case of multiple configuration changes in a short amount of time.

More advanced middlewares

Hi guys,

Hope you are all well !

Here are the

Transform Request/Response
Managing templates for frontends body transformation
Concurrent sub-requests to nest json responses in a middleware

Cheers,

Marathon not respecting traefik.enable

I have a test container where I've set traefik.enable=false but traefik is still picking it up.

From docker inspect:

"Labels": {
    "traefik.enable": "false"
}

In the dockerfile:

LABEL traefik.enable=false

In the Marathon job:

"parameters": [
     { "key": "label", "value": "traefik.enable=false" }
 ]

However when I go into traefik's frontend it is still showing the appid for the container and creating front and backends for it.

This is traefik built from master an hour or so ago. It's been recycled with no change. Relevant debug logs (it's a custom redis container):

time="2015-11-10T17:28:48-05:00" level=debug msg="Creating frontend frontend-redis"
time="2015-11-10T17:28:48-05:00" level=debug msg="Creating route route-host-redis Host:redis.traefik"
time="2015-11-10T17:28:48-05:00" level=debug msg="Creating backend backend-redis"
time="2015-11-10T17:28:48-05:00" level=info msg="Creating load-balancer wrr"
time="2015-11-10T17:28:48-05:00" level=info msg="Creating server server-redis-18e3b237-87f9-11e5-9ee9-000c295c6e06 http://slave2.example.org:31499"
time="2015-11-10T17:28:48-05:00" level=debug msg="Creating frontend frontend-redisarray"
time="2015-11-10T17:28:48-05:00" level=debug msg="Creating route route-host-redisarray Host:redisarray.traefik"
time="2015-11-10T17:28:48-05:00" level=debug msg="Creating backend backend-redisarray"
time="2015-11-10T17:28:48-05:00" level=info msg="Creating load-balancer wrr"
time="2015-11-10T17:28:48-05:00" level=info msg="Creating server server-redisarray-e59b8d9a-85f0-11e5-9ee9-000c295c6e06 http://slave3.example.org:31584"

Migrate to libkv

Migrate service discovery backends to https://github.com/docker/libkv.

Refactoring packages

Add more packages ^^ ie: provider

traefik.domain label doesn't work (docker backend)

In my traefik.toml:

 port = ":80"
 graceTimeOut = 10
 logLevel = "ERROR"

 [web]
 address = ":8080"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "tty0.in"
watch=true

My docker-compose.yml, setting up the proxy and a simple h5ai web index:

Note that I want h5ai to be accessible from url psg.mtu.edu, not psg.tty0.in

proxy:
    image: emilevauge/traefik
    restart: always
    ports:
        - "80:80"
        - "8080:8080"
    volumes:
        - ./traefik.toml:/traefik.toml
        - /var/run/docker.sock:/var/run/docker.sock
http:
    image: combro2k/h5ai
    restart: always
    labels:
        - "traefik.port=80"
        - "traefik.host=psg"
        - "traefik.domain=mtu.edu"

Information from the WebUI:

Kubernetes backend

Any plans to add a configuration backend using Kubernetes annotations?

systemd unit file

We're working on a unit file for traefik.

@emilevauge -- 1000x, thank you! Your project has made our project possible.
@Ozzadar -- can you toss your proto-unit-file in here?

Not taking account of `icc=false` DOCKER_OPTS

When using Docker provider with Traefik's Docker, if Docker is launched with icc=false option (according to 2.2 of https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf), the IP of backend in not reachable from Traefik.

Docker can be launched with --ip that defined public IP of exposed ports and can be used as a backend IP.

e.g. Docker provider automatically map docker_name.domain to 172.17.0.xxx, which is not reachable from Traefik's Docker.

172.xxx is the IPAddress of docker inspect -> NetWorkSettings. But in Ports there also the exposed IP on each port.

Simple configuration panics

With current master the following configuration, traefik panics :

# Reverse proxy port
#
# Optional
# Default: ":80"
#
# port = ":80"
#
# LogLevel
logLevel = "DEBUG"

[file]

This is probably because [file] is empty (nothing in it) but.. probably should not panic 😉.

The panics is :

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x18 pc=0x642e10]

goroutine 9 [running]:
github.com/mailgun/manners.(*GracefulListener).Clone(0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/mailgun/manners/listener.go:105 +0x40
github.com/mailgun/manners.(*GracefulServer).HijackListener(0xc820011700, 0xc820186300, 0x0, 0xc8201544e0, 0x0, 0x0)
        /go/src/github.com/mailgun/manners/server.go:184 +0x46
main.prepareServer(0xc820192500, 0xc82010bad0, 0xc820011700, 0xc8201abec0, 0x2, 0x2, 0x0)
        /go/src/github.com/emilevauge/traefik/traefik.go:234 +0x5a6
main.main.func1(0xc82001ac00, 0xc82010bad0, 0xc82002c110, 0xc82002c108, 0xc82002c120)
        /go/src/github.com/emilevauge/traefik/traefik.go:118 +0x94a
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:131 +0xa7d

goroutine 1 [chan receive]:
main.main()
        /go/src/github.com/emilevauge/traefik/traefik.go:188 +0x14fe

goroutine 5 [syscall]:
os/signal.loop()
        /usr/local/go/src/os/signal/signal_unix.go:22 +0x18
created by os/signal.init.1
        /usr/local/go/src/os/signal/signal_unix.go:28 +0x37

goroutine 6 [sleep]:                                                                                                 [41/1242]
time.Sleep(0x3b9aca00)
        /usr/local/go/src/runtime/time.go:59 +0xf9
github.com/thoas/stats.New.func1(0xc82001aae0)
        /go/src/github.com/thoas/stats/stats.go:33 +0x2e
created by github.com/thoas/stats.New
        /go/src/github.com/thoas/stats/stats.go:35 +0x161

goroutine 8 [select, locked to thread]:
runtime.gopark(0xc2dc90, 0xc82002b728, 0xb08bc8, 0x6, 0x45b718, 0x2)
        /usr/local/go/src/runtime/proc.go:185 +0x163
runtime.selectgoImpl(0xc82002b728, 0x0, 0x18)
        /usr/local/go/src/runtime/select.go:392 +0xa64
runtime.selectgo(0xc82002b728)
        /usr/local/go/src/runtime/select.go:212 +0x12
runtime.ensureSigM.func1()
        /usr/local/go/src/runtime/signal1_unix.go:227 +0x353
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:1696 +0x1

goroutine 11 [chan receive]:
main.main.func3(0xc82001ac60, 0xc82002c108, 0xc82001acc0)
        /go/src/github.com/emilevauge/traefik/traefik.go:176 +0x5b
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:181 +0x1348

goroutine 12 [runnable]:
reflect.Value.Type(0xa2a100, 0xc820011728, 0xf3, 0x7f8ec12cf0a8, 0xa2a100)
        /usr/local/go/src/reflect/value.go:1661
github.com/davecgh/go-spew/spew.unsafeReflectValue(0xa2a100, 0xc820011728, 0xf3, 0x0, 0x0, 0x0)
        /go/src/github.com/davecgh/go-spew/spew/bypass.go:112 +0x113
github.com/davecgh/go-spew/spew.handleMethods(0xee5620, 0x7f8ec12cf928, 0xc82012fe30, 0xa2a100, 0xc820011728, 0xf3, 0x0)
        /go/src/github.com/davecgh/go-spew/spew/common.go:97 +0x93
github.com/davecgh/go-spew/spew.(*dumpState).dump(0xc8200afd90, 0xa2a100, 0xc820011728, 0xf3)
        /go/src/github.com/davecgh/go-spew/spew/dump.go:308 +0x490
github.com/davecgh/go-spew/spew.(*dumpState).dump(0xc8200afd90, 0xac5140, 0xc820011700, 0xd9)
        /go/src/github.com/davecgh/go-spew/spew/dump.go:423 +0x18d3
github.com/davecgh/go-spew/spew.(*dumpState).dumpPtr(0xc8200afd90, 0xaceb80, 0xc820011700, 0x16)
        /go/src/github.com/davecgh/go-spew/spew/dump.go:154 +0x759
github.com/davecgh/go-spew/spew.(*dumpState).dump(0xc8200afd90, 0xaceb80, 0xc820011700, 0x16)
        /go/src/github.com/davecgh/go-spew/spew/dump.go:264 +0x120
github.com/davecgh/go-spew/spew.fdump(0xee5620, 0x7f8ec12cf928, 0xc82012fe30, 0xc8200afed0, 0x1, 0x1)
        /go/src/github.com/davecgh/go-spew/spew/dump.go:467 +0x2d0
github.com/davecgh/go-spew/spew.Sdump(0xc8200afed0, 0x1, 0x1, 0x0, 0x0)
        /go/src/github.com/davecgh/go-spew/spew/dump.go:482 +0xaa
main.startServer(0xc820011700, 0xc82010bad0)
        /go/src/github.com/emilevauge/traefik/traefik.go:194 +0x1b1
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:186 +0x14db

goroutine 18 [syscall]:
syscall.Syscall6(0xe8, 0x4, 0xc8201d7c24, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/local/go/src/syscall/asm_linux_amd64.s:44 +0x5
syscall.EpollWait(0x4, 0xc8201d7c24, 0x7, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0)
        /usr/local/go/src/syscall/zsyscall_linux_amd64.go:365 +0x89
gopkg.in/fsnotify%2ev1.(*fdPoller).wait(0xc82017c000, 0xc2d200, 0x0, 0x0)
        /go/src/gopkg.in/fsnotify.v1/inotify_poller.go:85 +0xbc
gopkg.in/fsnotify%2ev1.(*Watcher).readEvents(0xc820192000)
        /go/src/gopkg.in/fsnotify.v1/inotify.go:179 +0x1af
created by gopkg.in/fsnotify%2ev1.NewWatcher
        /go/src/gopkg.in/fsnotify.v1/inotify.go:58 +0x315

Use Logrus instead of go-logging

Replace logging backend from go-logging to logrus.
It will provides usefull hooks:

Hook	Description
Airbrake	Send errors to an exception tracking service compatible with the Airbrake API. Uses `airbrake-go` behind the scenes.
Papertrail	Send errors to the Papertrail hosted logging service via UDP.
Syslog	Send errors to remote syslog server. Uses standard library `log/syslog` behind the scenes.
BugSnag	Send errors to the Bugsnag exception tracking service.
Sentry	Send errors to the Sentry error logging and aggregation service.
Hiprus	Send errors to a channel in hipchat.
Logrusly	Send logs to Loggly
Slackrus	Hook for Slack chat.
Journalhook	Hook for logging to `systemd-journald`
Graylog	Hook for logging to Graylog
Raygun	Hook for logging to Raygun.io
LFShook	Hook for logging to the local filesystem
Honeybadger	Hook for sending exceptions to Honeybadger
Mail	Hook for sending exceptions via mail
Rollrus	Hook for sending errors to rollbar
Fluentd	Hook for logging to fluentd
Mongodb	Hook for logging to mongodb

Add a Traefik frontend route

I think that would be cool to allow the Traefik frontend to have a domain and be consistent with the rest of the routing system.
I would personally like to be able to have traefik.domain.com for the dashboard and not forced to use a raw domain.com:8080.

Or maybe there is a workaround I don't find.

Suggestion: use .conf instead of .toml as extension for configuration

TOML is great. I use it too, but I find the .conf extension is nicer and I've seen others do this as well.

No CA certificates in official docker image

Trying to proxy to https backend generates an error:
level=error msg="Error forwarding to https://, err: x509: failed to load system roots and no roots provided"

Erreur sur la propagation du host

En ajoutant la regle dans le fichier rules.toml

[frontends]
  [frontends.frontend1]
  backend = "backend1"
    [frontends.frontend1.routes.test_1]
    rule = "Host"
    value = "rlon6667-cca.intra.laposte.fr"
    [frontends.frontend1.routes.test_2]
    rule = "Path"
    value = "/"
    [frontends.frontend1.routes.test_3]
    rule = "passHostHeader"
    value = "true"

J'ai l'erreur suvante:

[root@RLON6666 traefik]# ./traefik traefik.toml
panic: reflect: call of reflect.Value.Call on zero Value

goroutine 9 [running]:
reflect.flag.mustBe(0x0, 0x13)
        /usr/local/go/src/reflect/value.go:199 +0x8b
reflect.Value.Call(0x0, 0x0, 0x0, 0x18c99760, 0x1, 0x1, 0x0, 0x0, 0x0)
        /usr/local/go/src/reflect/value.go:298 +0x3b
main.Invoke(0x8593f40, 0x18c9a900, 0x18c99350, 0x10, 0x18c5fcd0, 0x1, 0x1, 0x0, 0x0, 0x0)
        /go/src/github.com/emilevauge/traefik/traefik.go:362 +0x1ac
main.LoadConfig(0x18cb6020, 0x18b6f4a0, 0x18c5ff1c, 0x0, 0x0)
        /go/src/github.com/emilevauge/traefik/traefik.go:293 +0x88e
main.main.func2(0x18b93880, 0x18b6f4a0, 0x18b24c58, 0x18b24c50, 0x18b25a50)
        /go/src/github.com/emilevauge/traefik/traefik.go:125 +0x441
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:146 +0x967

goroutine 1 [chan receive]:
main.main()
        /go/src/github.com/emilevauge/traefik/traefik.go:208 +0x132d

goroutine 5 [syscall]:
os/signal.loop()
        /usr/local/go/src/os/signal/signal_unix.go:22 +0x1a
created by os/signal.init.1
        /usr/local/go/src/os/signal/signal_unix.go:28 +0x36

goroutine 6 [sleep]:
time.Sleep(0x3b9aca00, 0x0)
        /usr/local/go/src/runtime/time.go:59 +0xe6
github.com/emilevauge/traefik/vendor/github.com/thoas/stats.New.func1(0x18b185f0)
        /go/src/github.com/emilevauge/traefik/vendor/github.com/thoas/stats/stats.go:33 +0x35
created by github.com/emilevauge/traefik/vendor/github.com/thoas/stats.New
        /go/src/github.com/emilevauge/traefik/vendor/github.com/thoas/stats/stats.go:35 +0x152

goroutine 7 [select, locked to thread]:
runtime.gopark(0x86af1f0, 0x18b22f8c, 0x85aa3b0, 0x6, 0x8934f18, 0x2)
        /usr/local/go/src/runtime/proc.go:185 +0x12d
runtime.selectgoImpl(0x18b22f8c, 0x0, 0xc)
        /usr/local/go/src/runtime/select.go:392 +0x9ee
runtime.selectgo(0x18b22f8c)
        /usr/local/go/src/runtime/select.go:212 +0xf
runtime.ensureSigM.func1()
        /usr/local/go/src/runtime/signal1_unix.go:227 +0x2f9
runtime.goexit()
        /usr/local/go/src/runtime/asm_386.s:1662 +0x1

goroutine 8 [chan receive]:
main.main.func1(0x18b93840, 0x18b6f4a0, 0x18b93880)
        /go/src/github.com/emilevauge/traefik/traefik.go:90 +0x1aa
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:109 +0x924

goroutine 12 [chan receive]:
main.main.func4(0x18b938c0, 0x18b24c50, 0x18b93900)
        /go/src/github.com/emilevauge/traefik/traefik.go:191 +0x3f
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:196 +0x1071

Docker run issue

Following the readme I attempted to execute:

docker run \
  -p 80:80 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ./traefik.toml:/traefik.toml \
  emilevauge/traefik

But received the following error:

configuration.go:48: Error reading file: read traefik.toml: is a directory

I haven't yet figured out what it should be but I am seeing that.

Edit:

I also tried running the following:

docker run \
  -p 80:80 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ./traefik.toml:/traefik.toml \
  emilevauge/traefik traefik traefik.toml

There I received:
traefik: error: unexpected traefik.toml, try --help

Add benchmarks

Add benchmarks of traefik compared to nginx an HAproxy.

Support for reading Apache Aurora serverssets from Zookeeper

Aurora is a metaframework for Mesos, much like Marathon. It writes service discovery to zookeeper in a standardized format twitter invented for writing to zookeeper named server sets.

It would be wonderful to use a tool such as this for users of Apache Aurora. Thanks!

No way to serve at root/default domain

If my default domain is tty0.in, other than just serving on subdomains via the traefik.host declaration or the default {container_name}.{domain} moniker, it should be possible to serve for requests that come in directly to tty0.in i.e. a splash page or whatever.

I've tried a couple ways of doing this:

In my traefik.toml under the Docker section:

# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Required
#
domain = "tty0.in"

My docker-compose.yml defining a 0bin paste service I'd like served at the root:

paste:
    image: inanimate/0bin:0.5
    restart: always
    labels:
        - "traefik.port=8000"
        - "traefik.host="

I've also tried explicitly setting the domain via "traefik.domain=tty0.in" to no avail (same thing happens):

A period gets prepended and visiting returns a 404 page not found

Support Marathon Authentication and SSL key verification

In order to use traefik in secured marathon environments we would like to see traefik support authenticating to marathon. go-marathon support Basic Authentication.

As part of this, we'd like to look into disabling SSL verification (this may be an update in go-marathon).

boltdb backend fails to start

When using the configuration:

port = ":80"
graceTimeOut = 10
logLevel = "ERROR"

[boltdb]
endpoint = "/etc/traefik/traefik.db"
watch = true
prefix = "/traefik"

Traefik starts with the message:

time="2015-10-15T19:31:08Z" level=error msg="Error starting provider boltBucket config option missing"

The same thing happens when I substitute boltBucket for prefix in the config.

ACME (letsencrypt) interface or plugin

Let's encrypt had proposed an ietf draft to automate ssl certificats creation and renewal. It would be awesome in the futur to have auto-https frontend.

https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md

Panic on bad configuration file

Using a bad configuration file, Traefik panics.

[frontends]
  [frontends.frontend1]
  backend = "backend1"
    [frontends.frontend1.routes.test_1]
    rule = "Host"
    value = "rlon6667-cca.intra.laposte.fr"
    [frontends.frontend1.routes.test_2]
    rule = "Path"
    value = "/"
    [frontends.frontend1.routes.test_3]
    rule = "passHostHeader"
    value = "true"

[root@RLON6666 traefik]# ./traefik traefik.toml
panic: reflect: call of reflect.Value.Call on zero Value

goroutine 9 [running]:
reflect.flag.mustBe(0x0, 0x13)
        /usr/local/go/src/reflect/value.go:199 +0x8b
reflect.Value.Call(0x0, 0x0, 0x0, 0x18c99760, 0x1, 0x1, 0x0, 0x0, 0x0)
        /usr/local/go/src/reflect/value.go:298 +0x3b
main.Invoke(0x8593f40, 0x18c9a900, 0x18c99350, 0x10, 0x18c5fcd0, 0x1, 0x1, 0x0, 0x0, 0x0)
        /go/src/github.com/emilevauge/traefik/traefik.go:362 +0x1ac
main.LoadConfig(0x18cb6020, 0x18b6f4a0, 0x18c5ff1c, 0x0, 0x0)
        /go/src/github.com/emilevauge/traefik/traefik.go:293 +0x88e
main.main.func2(0x18b93880, 0x18b6f4a0, 0x18b24c58, 0x18b24c50, 0x18b25a50)
        /go/src/github.com/emilevauge/traefik/traefik.go:125 +0x441
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:146 +0x967

goroutine 1 [chan receive]:
main.main()
        /go/src/github.com/emilevauge/traefik/traefik.go:208 +0x132d

goroutine 5 [syscall]:
os/signal.loop()
        /usr/local/go/src/os/signal/signal_unix.go:22 +0x1a
created by os/signal.init.1
        /usr/local/go/src/os/signal/signal_unix.go:28 +0x36

goroutine 6 [sleep]:
time.Sleep(0x3b9aca00, 0x0)
        /usr/local/go/src/runtime/time.go:59 +0xe6
github.com/emilevauge/traefik/vendor/github.com/thoas/stats.New.func1(0x18b185f0)
        /go/src/github.com/emilevauge/traefik/vendor/github.com/thoas/stats/stats.go:33 +0x35
created by github.com/emilevauge/traefik/vendor/github.com/thoas/stats.New
        /go/src/github.com/emilevauge/traefik/vendor/github.com/thoas/stats/stats.go:35 +0x152

goroutine 7 [select, locked to thread]:
runtime.gopark(0x86af1f0, 0x18b22f8c, 0x85aa3b0, 0x6, 0x8934f18, 0x2)
        /usr/local/go/src/runtime/proc.go:185 +0x12d
runtime.selectgoImpl(0x18b22f8c, 0x0, 0xc)
        /usr/local/go/src/runtime/select.go:392 +0x9ee
runtime.selectgo(0x18b22f8c)
        /usr/local/go/src/runtime/select.go:212 +0xf
runtime.ensureSigM.func1()
        /usr/local/go/src/runtime/signal1_unix.go:227 +0x2f9
runtime.goexit()
        /usr/local/go/src/runtime/asm_386.s:1662 +0x1

goroutine 8 [chan receive]:
main.main.func1(0x18b93840, 0x18b6f4a0, 0x18b93880)
        /go/src/github.com/emilevauge/traefik/traefik.go:90 +0x1aa
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:109 +0x924

goroutine 12 [chan receive]:
main.main.func4(0x18b938c0, 0x18b24c50, 0x18b93900)
        /go/src/github.com/emilevauge/traefik/traefik.go:191 +0x3f
created by main.main
        /go/src/github.com/emilevauge/traefik/traefik.go:196 +0x1071

Add SSL certificates chain management

Il serait intéressant de pouvoir ajouter une chaine de certificat. Aujourd'hui on ne peut qu'ajouter que la clef et le certificat.

Le but serait se pouvoir dialoguer avec un backend sans avoir l'erreur SNI.

Pour rappel voila le code côté HAProxy:
backend bk_www_cca
mode http
log 127.0.0.1 local1
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request add-header X-Forwarded-Host "rlon6666-cca.intra.laposte.fr"
http-request set-header Host "rlon6667-cca.intra.laposte.fr"
http-request set-header Referer "rlon6666-cca.intra.laposte.fr"
# ProxyPassReverseCookieDomain bk.dom.com dom.com
acl hdr_set_cookie_dom res.hdr(Set-cookie) -m sub Domain= .rlon6667-cca.intra.laposte.fr
rspirep ^(Set-Cookie:.)\ Domain=.rlon6667-cca.intra.laposte.fr(.) \1\ Domain=.rlon6666-cca.intra.laposte.fr\2 if hdr_set_cookie_dom
acl hdr_location res.hdr(Location) -m found
rspirep ^Location:\ (http|https)://rlon6667-cca.intra.laposte.fr/(.*) Location:\ \1://rlon6666-cca.intra.laposte.fr/\2 if hdr_location
#http-response lua.cca2
server cca rlon6667-cca.intra.laposte.fr:443 check ssl sni req.hdr(host) verify none no-ssl-reuse

TCP support

Would be awesome if this also supported TCP backends (ideally with optional TLS support)!

Bug in marathon provider

https://github.com/EmileVauge/traefik/blob/master/marathon.go#L114
application can be nil. Should be tested, or make getApplication return error.

Multiple port and site support

It would be nice if traefik can handle multiple ports and connect different web applications to different port, such as docker-gen works.

At the moment I work wich docker-gen and my docker-compose file from each of my application looks like this:

web:
  image: nginx:latest
  ports:
    - "50020:80"
    - "50021:443"
  environment:
    VIRTUAL_HOST: demo-project
  links:
    - "php"
  volumes:
    - ./logs/nginx:/var/log/nginx
    - ./nginx/ssl:/etc/nginx/ssl
  volumes_from:
    - php

php:
  image: mc388/docker-php:latest
  ...

The docker-gen maps this application to port 50020 and 50021. Via the VIRTUAL_HOST parameter the proxy knows to which port the request is forwarded.

An other feature could be to config separate ssl certs for each web application.

If traefik can handle something like this, it would be very nice.

Traefik Crashes -- various

Was doing some stress testing with some app deployment/teardown and found a few cases where Traefik is dying on us =(

I quickly deployed 100 ghost blogs and Traefik crashed.

After tearing down those containers and relaunching Traefik, I managed to relaunch 100 ghost blogs successfully but Traefik crashed when I tore them down.

Don't know what would be causing this but it would be awesome if there was a fix :)

I'll do some more stress tests and try and capture some logs to attach to this in the next day or two.

Ozzadar

Explain the wildcard DNS magic

$ head /etc/dnsmasq.conf 
address=/localhost/172.17.42.1

docker run \
  -e DOCKER_ENDPOINT="unix:///tmp/docker.sock" \
  -e DOCKER_DOMAIN="docker.localhost" \
  -e DOCKER_WATCH=true \
  -v /var/run/docker.sock:/tmp/docker.sock \
  emilevauge/traefik