Traefik 1.5 — Cancoillotte Is Here!
After 3 months of development, we are thrilled to announce the fresh new release of Traefik: 1.5, codename cancoillotte.
We merged 175 pull requests from more than 67 contributors ! Huge thanks goes to all of you who helped on this new version 😘.
The full changelog can be found here but here are some new features we want to highlight:
Let’s Encrypt HTTP Challenge
On January the 9th, a little surprise appeared on our Twitter timeline:
And then:
TL;DR: Let’s Encrypt permanently disabled TLS-SNI-0x
challenge due to a vulnerability.
And yes, Traefik was using TLS-SNI-01
challenge by default. Ouch…
Even though we were at the end of a release cycle (1.5.0-rc4 was already out), we decided to push a new release candidate in emergency to add HTTP-01
challenge support. This fix was big enough to end in the new 1.5 and not as a bug fix on 1.4 branch. Users will need to enable it with the new acme.httpChallenge
section.
Stats Collection
Few months ago, we created a proposal in which we came up with the idea of collecting stats from running Traefik instances:
As you may know, the Traefik core development team is quite small and as with a lot of open source projects, we lack time and resources. As a consequence, we have to carefully choose which tasks and features need our attention. As a result, we usually invest our time on features needed or requested by most of the community. In order to efficiently do this, we have to know how our community uses Traefik.
As this is a super sensitive topic, we preferred to open a public debate, and build a transparent and trusted solution with the community. We are excited to say that we quickly reached a consensus, and Ludovic Fernandez successfully implemented a safe configuration export mechanism.
We chose to make it opt-in, which means that no data will be sent without enabling this feature. If enabled, only anonymous configuration options will be sent to a collecting server.
We really hope that all of our efforts will pay off, and that you will help us improve Traefik enabling this feature in your infrastructure:
sendAnonymousUsage = true
We invite you to read the constructive discussion that led to this new feature and the documentation to get more details. Many thanks to the community for its positive feedback!
Dynamic TLS Certificates
Nicolas Mengin did a great job at making TLS certificates management dynamic. You can now add or remove TLS certificates while Traefik is started! In addition to backends
and frontends
, there is now a dedicated tls
section in the dynamic configuration. Let’s declare two new certificates using the file provider, you can now add a new tls
section in your TOML:
[frontends]
...
[backends]
...
# HTTPS certificates
[[tls]]
entryPoints = ["https"]
[tls.certificate]
certFile = "path/to/my.cert"
keyFile = "path/to/my.key"
[[tls]]
entryPoints = ["https"]
[tls.certificate]
certFile = "path/to/my/other.cert"
keyFile = "path/to/my/other.key"
Each change of this file will make Traefik reload its TLS certificates. You can also split your configuration into multiple files if you prefer.
Rate Limiting
We received a wonderful gift from Ben Parli who added rate limiting by frontend. You can even add multiple sets of rates to each frontend. Here is an example taken from the documentation:
[frontends]
[frontends.frontend1]
entrypoints = ["http"]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Path:/"
[frontends.frontend1.ratelimit]
extractorfunc = "client.ip"
[frontends.frontend1.ratelimit.rateset.rateset1]
period = "10s"
average = 100
burst = 200
[frontends.frontend1.ratelimit.rateset.rateset2]
period = "3s"
average = 5
burst = 10
In the above example, frontend1
is configured to limit requests by the client’s ip address. An average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. These can “burst” up to 10 and 200 in each period respectively.
Azure Service Fabric Support
Lawrence Gripper and Joni Collinge from Microsoft made a great contribution (with the help of Ludovic Fernandez) adding Azure Service Fabric support to Traefik.
Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers.
This new provider uses labels to configure how services are exposed through Traefik using the services ServiceManifest.xml
file.
Have a look at the documentation, we will give more update on this soon!
In A Nutshell
Daniel Tomcej added Kubernetes annotations and Docker labels for security headers, Nicolas Mengin added support to etcd v3, our great Manuel Zapf implemented the redirection to another entryPoint per frontend.
Thanks to Aditya C S, Traefik can now export its metrics to InfluxDB. Michael Matur and Ludovic Fernandez did a great job adding multi-versioning to our documentation. Julien Salleyron refactored the web provider into API/Dashboard, ping, metric and Rest Provider.
But that’s not all, check the whole changelog to get an idea of the awesome work that has been done on this release. Lots of bugs have been fixed and we also have been working on background refactoring tasks that will help us improving Traefik in future releases.
Grab the latest binary for Linux, Windows, Mac on Github or get the official Docker image!
docker pull traefik:v1.5.0 (or 1.5.0, v1.5, 1.5, cancoillotte)
docker pull traefik:v1.5.0-alpine (or 1.5.0-alpine, v1.5-alpine, 1.5-alpine, cancoillotte-alpine)
The versioned documentation can be found on https://docs.traefik.io.
We are hiring developers and evangelists, try to solve our puzzle: containo.us/#jobs !
Traefik is still growing fast, we just passed 12k stars on Github and 42M downloads!
We would love to hear your feedback on this new release. Join us on GitHub, Twitter or on the Community Forum!