- golang-jwt has been updated to version 4.5.1 to fix CVE-2024-51744 and boo#1232940
- Version 3.2.1 changes - acme * Update go-acme/lego to v4.20.2 (gh#traefik/traefik#11263 by ldez) - logs * Change level of peeking first byte error log to DEBUG for Postgres (gh#traefik/traefik#11270 by rtribotte) - k8s/ingress,k8s * Fix HostRegexp config for rule syntax v2 (gh#traefik/traefik#11288 by kevinpollet) - logs Change level of peeking first byte error log to DEBUG for Postgres (gh#traefik/traefik#11270 by rtribotte, gh#traefik/traefik#11254 by rtribotte) - service * Fix internal handlers ServiceBuilder composition (gh#traefik/traefik#11281 by juliens) - service,fastproxy Fix case problem for websocket upgrade (gh#traefik/traefik#11246 by juliens) - server * Change level of peeking first byte error log to DEBUG (gh#traefik/traefik#11254 by rtribotte) * Apply keepalive config to h2c entrypoints (gh#traefik/traefik#11276 by davefu113) - middleware,server * Drop untrusted X-Forwarded-Prefix header (gh#traefik/traefik#11253 by rtribotte) OBS-URL: https://build.opensuse.org/package/show/devel:kubic/traefik?expand=0&rev=57
This commit is contained in:
commit
a9c701c51d
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
9
90-traefik.conf
Normal file
9
90-traefik.conf
Normal file
@ -0,0 +1,9 @@
|
||||
#
|
||||
# Increase the maximum UDP Buffer size to prevent dropping
|
||||
# incoming packaets by the kernel
|
||||
#
|
||||
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
|
||||
#
|
||||
|
||||
net.core.rmem_max=7500000
|
||||
net.core.wmem_max=7500000
|
8
_service
Normal file
8
_service
Normal file
@ -0,0 +1,8 @@
|
||||
<services>
|
||||
<service name="download_files" mode="manual">
|
||||
</service>
|
||||
<service name="go_modules" mode="manual">
|
||||
<param name="archive">traefik*.src.tar.gz</param>
|
||||
<param name="basename">./</param>
|
||||
</service>
|
||||
</services>
|
3
traefik-user.conf
Normal file
3
traefik-user.conf
Normal file
@ -0,0 +1,3 @@
|
||||
#Type Name ID GECOS Home directory Shell
|
||||
u traefik - "HTTP reverse proxy and load balancer" /etc/traefik -
|
||||
m traefik traefik
|
3
traefik-v3.0.3.src.tar.gz
Normal file
3
traefik-v3.0.3.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4c0ac5053256bcd8d71ab311bae8505f65d802e04f59c44867de2898539de6d7
|
||||
size 11531116
|
3
traefik-v3.0.4.src.tar.gz
Normal file
3
traefik-v3.0.4.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6e9fff2f62ea01592e2530f36a7db6bb14cabd5161543d7b01faf48366a0ada8
|
||||
size 11531035
|
3
traefik-v3.1.0.src.tar.gz
Normal file
3
traefik-v3.1.0.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:266091d5c477afd8814bf0a94e07e79044f8e6092b71930b09cfa3046ef67b4e
|
||||
size 11490625
|
3
traefik-v3.1.2.src.tar.gz
Normal file
3
traefik-v3.1.2.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d8cada1d42e2fad4cbe15b75e8db21647b520ffd49dd09814cc1131c3fe02d00
|
||||
size 11491439
|
3
traefik-v3.1.4.src.tar.gz
Normal file
3
traefik-v3.1.4.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ef3c05ff29ff5fa57a14c220c1eff43b2441852d6f2b8f2cc92c7faf39656254
|
||||
size 11498368
|
3
traefik-v3.1.6.src.tar.gz
Normal file
3
traefik-v3.1.6.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:88cd6b1f871894bcae5e2c9eb356b13aaea815368b9c68a0ff4a466b6a05d02f
|
||||
size 11485716
|
3
traefik-v3.2.0.src.tar.gz
Normal file
3
traefik-v3.2.0.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2c9a788a6207350999a49cc086e456f1287233df3000a25e1147d7b935dc99f2
|
||||
size 11548319
|
3
traefik-v3.2.1.src.tar.gz
Normal file
3
traefik-v3.2.1.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5867a58f5bc5379d31815a038fad3fc05ed9cf25e170dd8875052cbedc18d400
|
||||
size 11562444
|
692
traefik.changes
Normal file
692
traefik.changes
Normal file
@ -0,0 +1,692 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 21 15:19:14 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- golang-jwt has been updated to version 4.5.1 to fix CVE-2024-51744 and boo#1232940
|
||||
|
||||
- Version 3.2.1 changes
|
||||
- acme
|
||||
* Update go-acme/lego to v4.20.2 (gh#traefik/traefik#11263 by ldez)
|
||||
- logs
|
||||
* Change level of peeking first byte error log to DEBUG for Postgres
|
||||
(gh#traefik/traefik#11270 by rtribotte)
|
||||
- k8s/ingress,k8s
|
||||
* Fix HostRegexp config for rule syntax v2 (gh#traefik/traefik#11288 by kevinpollet)
|
||||
- logs Change level of peeking first byte error log to DEBUG for Postgres
|
||||
(gh#traefik/traefik#11270 by rtribotte, gh#traefik/traefik#11254 by rtribotte)
|
||||
- service
|
||||
* Fix internal handlers ServiceBuilder composition (gh#traefik/traefik#11281 by juliens)
|
||||
- service,fastproxy Fix case problem for websocket upgrade
|
||||
(gh#traefik/traefik#11246 by juliens)
|
||||
- server
|
||||
* Change level of peeking first byte error log to DEBUG (gh#traefik/traefik#11254 by rtribotte)
|
||||
* Apply keepalive config to h2c entrypoints (gh#traefik/traefik#11276 by davefu113)
|
||||
- middleware,server
|
||||
* Drop untrusted X-Forwarded-Prefix header (gh#traefik/traefik#11253 by rtribotte)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 31 01:26:24 UTC 2024 - Eric Torres <eric.torres@its-et.me>
|
||||
|
||||
- Update from 3.1.6 to 3.2.0
|
||||
|
||||
- Important: please read the migration guide when migrating to version 3.2.0
|
||||
|
||||
- Version 3.2.0 changes
|
||||
- acme
|
||||
* Remove same email requirement for certresolvers (#11019 by Emrio)
|
||||
* Add support for custom CA certificates by certificate resolver (#10816 by ldez)
|
||||
* Add 30 day certificatesDuration step (#10970 by luker983)
|
||||
- docker
|
||||
* Support HTTP BasicAuth for docker and swarm endpoint (#10776 by 985492783)
|
||||
- k8s, k8s/gatewayapi
|
||||
* Add supported features to the Gateway API GatewayClass status (#11056 by rtribotte)
|
||||
* Update sigs.k8s.io/gateway-api to v1.2.0-rc1 (#11124 by rtribotte)
|
||||
* Add support for backend protocol selection in HTTP and GRPC routes (#11051 by rtribotte)
|
||||
* Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support (#11042 by rtribotte)
|
||||
* Support HTTPRoute destination port matching (#11134 by kevinpollet)
|
||||
* Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 (#11131 by kevinpollet)
|
||||
* Add support for Gateway API BackendTLSPolicies (#11009 by rtribotte)
|
||||
* Support NativeLB option in GatewayAPI provider (#11147 by rtribotte)
|
||||
* Support ResponseHeaderModifier filter (#10987 by kevinpollet)
|
||||
* Support GRPC routes (#10975 by kevinpollet)
|
||||
* Bump sigs.k8s.io/gateway-api to v1.2.0 (#11167 by rtribotte)
|
||||
* Ensuring Gateway API reflected Traefik resource name unicity (#11222 by rtribotte)
|
||||
* Preserve GRPCRoute filters order (#11199 by kevinpollet)
|
||||
* Support http and https appProtocol for Kubernetes Service (#11176 by WillDaSilva)
|
||||
* Avoid updating Accepted status for routes matching no Gateways (#11170 by rtribotte)
|
||||
* Do not update gateway status when not selected by a gateway class (#11169 by kevinpollet)
|
||||
* Document nativeLBByDefault annotation on Kubernetes Gateway provider (#11209 by mloiseleur)
|
||||
- k8s/crd, k8s
|
||||
* Detail CRD update with v3.2 in the migration guide (#11164 by mloiseleur)
|
||||
- k8s/gatewayapi
|
||||
* Add missing RBAC in the migration guide (#11189 by mloiseleur)
|
||||
- k8s
|
||||
* Fix instructions for downloading CRDs of Gateway API v1.2 (#11191 by mloiseleur)
|
||||
- metrics, otel
|
||||
* Allow setting service.name for OTLP metrics (#10917 by cmartell-at-ocp)
|
||||
- middleware
|
||||
* Record trace id and EntryPoint span id into access log (#10921 by weijiany)
|
||||
* Support LogUserHeader with forwardAuth middleware (#10833 by GaleHuang)
|
||||
* Add encodings option to the compression middleware (#10943 by wollomatic)
|
||||
* Add support for ipv6 subnet in ipStrategy (#9747 by michal-kralik)
|
||||
- nomad
|
||||
* Support for watching instead of polling Nomad (#10997 by deverton-godaddy)
|
||||
- server
|
||||
* Introduce a fast proxy mode to improve HTTP/1.1 performances with backends (#11122 by kevinpollet)
|
||||
* Configurable max request header size (#10995 by lucasrod16)
|
||||
- service
|
||||
* Add mirrorBody option to HTTP mirroring (#11032 by MatteoPaier)
|
||||
* Add an option to preserve server path (#11192 by mmatur)
|
||||
* Detect and drop broken conns in the fastproxy pool (#11212 by kevinpollet)
|
||||
- Merge branch v3.1 into v3.2 (#11219 by kevinpollet)
|
||||
- Merge branch v3.1 into master (#11153 by kevinpollet)
|
||||
|
||||
- Version 3.1.7 changes
|
||||
- k8s
|
||||
* Preserve HTTPRoute filters order (#11198 by kevinpollet)
|
||||
- Merge branch v2.11 into v3.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 16 03:46:25 UTC 2024 - Eric Torres <eric.torres@its-et.me>
|
||||
|
||||
- Update from 3.1.4 to 3.1.6
|
||||
|
||||
- Version 3.1.6 changes
|
||||
- middleware
|
||||
* Reuse compression writers (#11168 by michelheusschen)
|
||||
* Use correct default weight in Accept-Encoding (#11084 by michelheusschen)
|
||||
- plugins
|
||||
* Close wasm middleware to prevent memory leak (#11151 by ttys3)
|
||||
|
||||
- Version 3.1.5 changes
|
||||
- k8s, ingress
|
||||
* Disable IngressClass lookup when disableClusterScopeResources is enabled (#11111 by jnoordsij)
|
||||
- server
|
||||
* Rework condition to not log on timeout (#11132 by rtribotte)
|
||||
- Merge branch v2.11 into v3.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 24 00:25:39 UTC 2024 - Eric Torres <eric.torres@its-et.me>
|
||||
|
||||
- Update to version 3.1.4
|
||||
- Fixes CVE-2024-45410, boo#1230842
|
||||
- k8s, ingress, rules, crd
|
||||
* Allow configuring rule syntax with Kubernetes Ingress annotation
|
||||
* Re-allow empty configuration for Kubernetes Ingress provider
|
||||
* Remove mentions about APIVersion traefik.io/v1
|
||||
* Update quick-start-with-kubernetes.md to include required permissions
|
||||
- middlewares, metrics
|
||||
* Wrap capture for services used by pieces of middleware
|
||||
* Mention missing metrics removal in the migration guide
|
||||
* Guess Datadog socket type when prefix is unix
|
||||
- plugins
|
||||
* Removes goexport dependency and adds _initialize
|
||||
- tracing
|
||||
* Fix tracing documentation
|
||||
* OTLP doc + potential panic
|
||||
|
||||
- Update ldflags to point to correct traefik version (v3 instead of v2)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 12 14:50:28 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
|
||||
running with "ProtectSystem=full" write access to the certificate store.
|
||||
|
||||
The acme.json file will be automatically moved and the configuration will be
|
||||
updated accordingly.
|
||||
|
||||
- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
|
||||
at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 7 08:03:10 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Fixed service-file: set working directory, so that the /etc/traefik/acme.json
|
||||
file can be written in /etc/traefik/acme.json
|
||||
|
||||
- Update to version 3.1.1
|
||||
- Bug fixes:
|
||||
* grpc: Bump google.golang.org/grpc to v1.64.1
|
||||
* k8s/gatewayapi: Do not update route status when nothing changed
|
||||
* metrics
|
||||
- Fix grafana dashboard to work with scrape interval greater than 15s
|
||||
- Update open connections gauge with connections count
|
||||
- Use ServiceName in traefik_service_server_up metric
|
||||
* docker: Update to github.com/docker/docker v27.1.1
|
||||
* webui: Upgrade webui dependencies - fixes boo#1224308 and CVE-2024-4068
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 31 16:47:51 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Run traefik as traefik user, fixes boo#1227226
|
||||
- Added ACME confiuration template
|
||||
|
||||
- Update to version 3.1.1
|
||||
- Bug fixes:
|
||||
* k8s/gatewayapi
|
||||
- Do not update route status when nothing changed
|
||||
* metrics
|
||||
- Fix grafana dashboard to work with scrape interval greater than 15s
|
||||
- Update open connections gauge with connections count
|
||||
- Use ServiceName in traefik_service_server_up metric
|
||||
- Updates
|
||||
|
||||
- Fix for CVE-2024-6104, boo#1227059
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 15 17:22:18 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
Important: Please read the migration guide
|
||||
https://doc.traefik.io/traefik/v3.1/migration/v3/#v30-to-v31
|
||||
|
||||
- Update to version 3.1.0
|
||||
- enhancements:
|
||||
* k8s/crd,k8s
|
||||
- Support HealthCheck for ExternalName services
|
||||
* k8s/ingress,k8s/crd,k8s
|
||||
- Allow to use internal Node IPs for NodePort services
|
||||
- Change log level from Warning to Info when ExternalName services
|
||||
is enabled
|
||||
* k8s/ingress,k8s/crd,k8s,k8s/gatewayapi
|
||||
- Migrate to EndpointSlices API
|
||||
* k8s,k8s/gatewayapi
|
||||
- Bump Gateway API to v1.1.0
|
||||
- Compute HTTPRoute priorities
|
||||
- Fix route attachments to gateways
|
||||
- KubernetesGateway provider is no longer experimental
|
||||
- Set Gateway HTTPRoute status
|
||||
- Support HTTPRoute method and query param matching
|
||||
- Support HTTPURLRewrite filter
|
||||
- Support invalid HTTPRoute status
|
||||
- Support ReferenceGrant for HTTPRoute backends
|
||||
- Support RegularExpression for path matching
|
||||
* middleware
|
||||
- Add support for Zstandard to the compression middleware
|
||||
* middleware,k8s,k8s/gatewayapi
|
||||
- Improve HTTPRoute Redirect Filter with port and scheme
|
||||
- Support HTTPRoute redirect port and scheme
|
||||
* middleware
|
||||
- Support Content-Security-Policy-Report-Only in the headers middleware
|
||||
* plugins
|
||||
- Add logs for plugins load
|
||||
- Enhance wasm plugins
|
||||
* server
|
||||
- Support systemd socket-activation
|
||||
- Bug fixes:
|
||||
* healthcheck,k8s/crd,k8s
|
||||
- Fix Healthcheck default value for ExternalName services
|
||||
* k8s,k8s/gatewayapi
|
||||
- Do not disable Gateway API provider if not enabled in experimental
|
||||
- Retry on Gateway API resource status update
|
||||
* middleware,metrics,tracing
|
||||
- Upgrade to OpenTelemetry Semantic Conventions v1.26.0
|
||||
* otel
|
||||
- Bump opentelemetry-go to v1.28
|
||||
* plugins
|
||||
- Fix build only linux and darwin support wazergo
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 4 08:50:50 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Update to version 3.0.4
|
||||
* Bug fixes:
|
||||
- Fix for CVE-2024-39321 bsc#1227515
|
||||
- [ecs] Fix ECS config for OIDC + IRSA (gh#traefik/traefik#10814 by mmatur)
|
||||
- [http3] Disable QUIC 0-RTT (gh#traefik/traefik#10867 by mmatur)
|
||||
- [middleware,server] Remove interface names from IPv6 (gh#traefik/traefik#10813 by JeroenED)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 19 15:45:49 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Update to version 3.0.3
|
||||
* Updated libraries
|
||||
|
||||
- Update to version 3.0.2
|
||||
* Bug fixes:
|
||||
[logs] Bump OTel dependencies (#10763 by DrFaust92)
|
||||
[logs] Append to log file if it exists (#10756 by lbenguigui)
|
||||
[metrics] Fix service name label_replace in Grafana (#10758 by xdavidwu)
|
||||
[middleware] Forward the correct status code when compression is disabled within the Brotli handler (#10780 by rtribotte)
|
||||
[middleware] Support Accept-Encoding header weights with Compress middleware (#10777 by ldez)
|
||||
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 29 08:20:42 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Fix in traefik.yml configuration file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 23 15:02:13 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Update to version 3.0.1
|
||||
* CVEs:
|
||||
* CVE-2024-24788 (bsc#1224018): A malformed DNS message in response to a
|
||||
query can cause the Lookup functions to get stuck in an infinite loop.
|
||||
* Bug fixes:
|
||||
* [k8s/ingress] Fix rule syntax version for all internal routers
|
||||
(gh#traefik/traefik#10689 by HalloTschuess)
|
||||
* [metrics,tracing] Allow empty configuration for OpenTelemetry metrics
|
||||
and tracing (gh#traefik/traefik#10729 by rtribotte)
|
||||
* [provider,tls] Bump tscert dependency to 28a91b69a046
|
||||
(gh#traefik/traefik#10668 by kevinpollet)
|
||||
* [rules,tcp] Fix the rule syntax mechanism for TCP
|
||||
(gh#traefik/traefik#10680 by lbenguigui)
|
||||
* [tls,server] Remove deadlines when handling PostgreSQL connections
|
||||
(gh#traefik/traefik#10675 by rtribotte)
|
||||
* [webui] Add support for IP White list
|
||||
(gh#traefik/traefik#10740 by davidbaptista)
|
||||
|
||||
- Packaging:
|
||||
* Use Traefik's src.tar.gz files containing a pre-built frontend to simplify the packaging process
|
||||
* Fixes bsc#1224308 and bsc#1224384
|
||||
|
||||
- Removed allow-node-21.patch and prepare-sources.sh script
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 6 12:59:25 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Moved configuraton from .toml to .yml config
|
||||
|
||||
- Update to version 3.0.0
|
||||
* Announcment: https://traefik.io/blog/announcing-traefik-proxy-v3-rc/
|
||||
* added support for popular, emerging technologies—WebAssembly (Wasm),
|
||||
OpenTelemetry, and Kubernetes Gateway API
|
||||
* revamped some key parts of the routing rules
|
||||
* added support for some leading edge technologies like HTTP/3, SPIFFE, and Tailscale
|
||||
|
||||
* Migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/
|
||||
|
||||
* Details: https://github.com/traefik/traefik/releases/tag/v3.0.0
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 3 15:14:17 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Added allow-node-21.patch to allow building with nodejs21, too
|
||||
- Removed traefik-fix-int-overflow-with-go-generate-10452.patch
|
||||
|
||||
- Update to version 2.11.2
|
||||
* Important
|
||||
* Read the migration guide at https://doc.traefik.io/traefik/migration/v2/#v2112
|
||||
|
||||
* CVEs:
|
||||
* GHSA-7f4j-64p6-5h5v (related to CVE-2023-45288)
|
||||
* CVE-2024-28869 (bsc#1222825)
|
||||
|
||||
* Bug fixes:
|
||||
* [server] Revert LingeringTimeout and change default value for ReadTimeout
|
||||
* [server] Set default ReadTimeout value to 60s
|
||||
|
||||
- Update to version 2.11.1:
|
||||
* Bug fixes:
|
||||
* [acme,tls] Enforce handling of ACME-TLS/1 challenges
|
||||
* [acme] Update go-acme/lego to v4.16.1
|
||||
* [acme] Close created file in ACME local store CheckFile func
|
||||
* [docker,http3] Update to quic-go v0.42.0 and docker/cli v24.0.9
|
||||
* [docker,marathon,rancher,ecs,tls,nomad] Allow to configure TLSStore default generated certificate with labels
|
||||
* [ecs] Adjust ECS network interface detection logi
|
||||
* [logs,tls] Fix log when default TLSStore and TLSOptions are defined multiple times
|
||||
* [middleware] Allow empty replacement with ReplacePathRegex middleware
|
||||
* [plugins] Update Yaegi to v0.16.1
|
||||
* [provider,rules] Don't allow routers higher than internal ones
|
||||
* [rules] Reserve priority range for internal router
|
||||
* [server,tcp] Introduce Lingering Timeout
|
||||
* [tcp] Enforce failure for TCP HostSNI with hostname
|
||||
* [tracing] Bump Elastic APM to v2.4.8
|
||||
* [webui] Fix dashboard exposition through a router
|
||||
* [webui] Display IPAllowlist middleware configuration in dashboard
|
||||
* [webui] Make text more readable in dark mode
|
||||
* [webui] Migrate to Quasar 2.x and Vue.js 3.x
|
||||
* [webui] Add a horizontal scroll for the mobile view
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 6 11:13:51 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Remove node_modules.sums left over by obs-service-node_modules
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 5 10:54:13 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- configuration changes:
|
||||
* Enhanced default configuration file, including configs for http3 support.
|
||||
* Docker configuration has been disabled per default, file provider has been enabled.
|
||||
The directory for the file provider has been set to /etc/traefik/conf.d
|
||||
* Prepared directories for logging in /var/log/traefik
|
||||
* Enhanced default configuration file, including configs for http3 support. Settings
|
||||
are disabled per default.
|
||||
|
||||
- packaging general:
|
||||
* Use standard source-download feature, modified _service file and removed _servicedata
|
||||
* packagers can invoke `prepare-sources.sh` to doenload sources and prepare go-packages
|
||||
as well as node_modules for the built process.
|
||||
|
||||
- frontend packaging:
|
||||
* The frontend will now be packaged on OBS to have reproduceable builds.
|
||||
|
||||
- Go packaging:
|
||||
* Added upstream patch traefik-fix-int-overflow-with-go-generate-10452.patch to
|
||||
allow packaging on 32bit architectures gh#traefik/traefik#10451
|
||||
* Enabled CGO because there is no cross compilation needed in OSB (we build
|
||||
packages for every distribution/architecture seperately). PIE can not be used
|
||||
with CGO enabled for most architectures and is reported as failure sinc go 1.22.
|
||||
See https://github.com/golang/go/issues/64875
|
||||
* Don't use pie-buildmode for ppc64 and s390x architectures
|
||||
|
||||
- Update to version 2.11.0:
|
||||
* Enhancements:
|
||||
* [middleware] Deprecate IPWhiteList middleware in favor of IPAllowList
|
||||
* [redis] Add Redis Sentinel support
|
||||
* [server] Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints
|
||||
* [sticky-session] Hash WRR sticky cookies
|
||||
* Bug fixes:
|
||||
* [acme] Update go-acme/lego to v4.15.0
|
||||
* [authentication] Fix NTLM and Kerberos
|
||||
* [file] Fix file watcher
|
||||
* [file] Update github.com/fsnotify/fsnotify to v1.7.0
|
||||
* [http3] Update quic-go to v0.40.1
|
||||
* [middleware,tcp] Add missing TCP IPAllowList middleware constructor
|
||||
* [nomad] Update the Nomad API dependency to v1.7.2
|
||||
* [server] Fix ReadHeaderTimeout for PROXY protocol
|
||||
* [webui] Fixes the Header Button
|
||||
* [webui] Fix URL encode resource's id before calling API endpoints
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 21 14:21:09 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
|
||||
|
||||
- Fixed packaging of UI
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 08 12:51:12 UTC 2023 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.10.7:
|
||||
* CVEs:
|
||||
* CVE-2023-45283 (boo#1216943)
|
||||
* CVE-2023-45284 (boo#1216944)
|
||||
* CVE-2023-47124 (boo#1217806)
|
||||
* CVE-2023-47633 (boo#1217807)
|
||||
* CVE-2023-47106 (boo#1217804)
|
||||
* GHSA-7v4p-328v-8v5g, CVE-2023-39325 (boo#1216109)
|
||||
* Bug fixes:
|
||||
* [accesslogs] Fix preflight response status in access logs
|
||||
* [accesslogs] Move origin fields capture to service level
|
||||
* [acme] Do not check for wildcard domains for non DNS challenge
|
||||
* [acme] Remove backoff for http challenge (CVE-2023-47124)
|
||||
* [acme] Update go-acme/lego to v4.14.0
|
||||
* [consul,consulcatalog] Update github.com/hashicorp/consul/api
|
||||
* [http3] Update quic-go to v0.39.1
|
||||
* [k8s/crd] Fix multiple subsets endpoint
|
||||
* [k8s/ingress,k8s/crd,k8s,hub] Clean code related to Hub
|
||||
* [k8s/ingress,k8s] fix: avoid panic on resource backends
|
||||
* [kv] Ignore ErrKeyNotFound error for the KV provider
|
||||
* [logs] Fixed datadog logs json format issue
|
||||
* [metrics] Enable Prometheus provider cleanup when only the router's metrics level is activated
|
||||
* [middleware,authentication] Adjust forward auth to avoid connection leak
|
||||
* [middleware,server] Improve CNAME flattening to avoid unnecessary error logging
|
||||
* [middleware,tracing,plugins] fix: traceability of the middleware plugins
|
||||
* [middleware] Allow X-Forwarded-For delete operation
|
||||
* [middleware] Encode query semicolons
|
||||
* [middleware] Fix stripPrefix middleware is not applied to retried attempts
|
||||
* [middleware] Missing trailer with custom errors middleware
|
||||
* [middleware] Support informational headers in middlewares redefining the response writer
|
||||
* [plugins] Improve error messages related to plugins
|
||||
* [provider] Refuse recursive requests (CVE-2023-47633)
|
||||
* [server] Deny request with fragment in URL path (CVE-2023-47106)
|
||||
* [server] Update x/net and grpc/grpc-go
|
||||
* [tracing] Remove deprecated code usage for datadog tracer
|
||||
* [tracing] Update DataDog tracing dependency to v1.50.1
|
||||
* [webui] Add missing accessControlAllowOriginListRegex to middleware view
|
||||
* Fix false positive in url anonymization
|
||||
* Misc:
|
||||
* [webui] Updates the Hub tooltip content using a web component and adds an option to disable Hub button
|
||||
- Update Go version (CVE-2023-45283, CVE-2023-45284, CVE-2023-39325)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 12 17:26:46 UTC 2023 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.10.1:
|
||||
* CVEs
|
||||
* CVE-2022-41724 (bsc#1208271)
|
||||
* CVE-2023-24534 (bsc#1210127)
|
||||
* CVE-2023-29013 (bsc#1210505)
|
||||
* Enhancements
|
||||
* [docker] Expose ContainerName in Docker provider
|
||||
* [hub] Remove hub configuration out of experimental
|
||||
* [k8s/crd] Introduce traefik.io API Group CRDs
|
||||
* [k8s/ingress,k8s/crd,k8s] Native Kubernetes service load-balancing
|
||||
* [middleware,metrics] Add prometheus metric requests_total with headers
|
||||
* [nomad] Support multiple namespaces in the Nomad Provider
|
||||
* [tracing] Add support to send DataDog traces via Unix Socket
|
||||
* [webui] Display period setting of the RateLimit middleware in the webui
|
||||
* [webui] Modify the Hub Button
|
||||
* Bug fixes
|
||||
* [docker] Expose ContainerName in Docker provider
|
||||
* [docker] Only warn about missing docker network when network_mode is not host or container
|
||||
* [ecs] Prevent panicking when a container has no network interfaces
|
||||
* [file] Make file provider more resilient wrt first configuration
|
||||
* [hub] hub: get out of experimental.
|
||||
* [k8s/crd] Introduce traefik.io API Group CRDs
|
||||
* [k8s/ingress,k8s/crd,k8s] Native Kubernetes service load-balancing
|
||||
* [logs] Differentiate UDP stream and TCP connection in logs
|
||||
* [metrics] Include user-defined default cert for traefik_tls_certs_not_after metric
|
||||
* [middleware,metrics] Add prometheus metric requests_total with headers
|
||||
* [middleware] Prevent from no rate limiting when average is zero
|
||||
* [middleware] Prevents superfluous WriteHeader call in the error middleware
|
||||
* [middleware] Sanitize X-Forwarded-Proto header in RedirectScheme middleware
|
||||
* [nomad] Fix default configuration settings for Nomad Provider
|
||||
* [nomad] Fix Nomad client TLS defaults
|
||||
* [nomad] Support multiple namespaces in the Nomad Provider
|
||||
* [plugins] Improve DeepCopy of PluginConf
|
||||
* [server] Remove User-Agent header removal from ReverseProxy director func
|
||||
* [tls,tcp] Adds the support for IPv6 in the TCP HostSNI matcher
|
||||
* [tracing] Add support to send DataDog traces via Unix Socket
|
||||
* [server] Update golang.org/x/net to v0.7.0 (CVE-2022-41724)
|
||||
- Update Go version (CVE-2023-24534, CVE-2023-29013)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 17 09:48:46 UTC 2023 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.9.6:
|
||||
* CVEs
|
||||
* CVE-2022-23469
|
||||
* CVE-2022-46153
|
||||
* CVE-2022-41717
|
||||
* Bug fixes
|
||||
* [acme] Update go-acme/lego to v4.9.1
|
||||
* [k8s/crd] Support of allowEmptyServices in TraefikService
|
||||
* [logs] Remove logs of the request
|
||||
* [plugins] Increase the timeout on plugin download
|
||||
* [server] Update golang.org/x/net (CVE-2022-41717, bsc#1207208)
|
||||
* [tls] Handle broken TLS conf better
|
||||
* [tracing] Update DataDog tracing dependency to v1.43.1
|
||||
* [webui] Add missing serialNumber passTLSClientCert option to middleware panel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 28 12:10:58 UTC 2022 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.9.5:
|
||||
* Enhancements
|
||||
* [acme,tls] ACME Default Certificate
|
||||
* [consul,etcd,zk,kv,redis] Update valkeyrie to v1.0.0
|
||||
* [consulcatalog,nomad] Support Nomad canary deployment
|
||||
* [consulcatalog] Move consulcatalog provider to only use health apis
|
||||
* [docker] Add support for reaching containers using host networking on Podman
|
||||
* [docker] Use IPv6 address
|
||||
* [docker] Add allowEmptyServices for Docker provider
|
||||
* [ecs] Add support for ECS Anywhere
|
||||
* [healthcheck] Add a method option to the service Health Check
|
||||
* [http3] Upgrade quic-go to v0.28.0
|
||||
* [http] Start polling HTTP provider at the beginning
|
||||
* [k8s/crd,plugins] Load plugin configuration field value from Kubernetes Secret
|
||||
* [logs,tcp] Quiet down TCP RST packet error on read operation
|
||||
* [metrics] Add traffic size metrics
|
||||
* [middleware,pilot] Remove Pilot support
|
||||
* [rules,tcp] Support ALPN for TCP + TLS routers
|
||||
* [tcp,service,udp] Make the loadbalancers servers order random
|
||||
* [tls] Change default TLS options for more security
|
||||
* [tracing] Add Datadog GlobalTags support
|
||||
* Bug fixes
|
||||
* [logs,middleware] Create a new capture instance for each incoming request
|
||||
* [acme] Update go-acme/lego to v4.9.0
|
||||
* [kv,redis] Fix Redis configuration type
|
||||
* [logs,middleware,metrics] Handle capture on redefined http.responseWriters
|
||||
* [middleware,k8s] Remove raw cert escape in PassTLSClientCert middleware
|
||||
* [plugins] Update Yaegi to v0.14.3
|
||||
* Remove side effect on default transport tests
|
||||
* [acme] Fix ACME panic
|
||||
* [server] Update golang.org/x/net to latest version
|
||||
* [consulcatalog] Fix UDP loadbalancer tags not being used with Consul Catalog
|
||||
* [docker,rancher,ecs,provider] Simplify AddServer algorithm
|
||||
* [plugins] Allow empty plugin configuration
|
||||
* [rules] Fix query parameter matching with equal
|
||||
* [server] Optimize websocket headers handling
|
||||
* [plugins] Update Yaegi to v0.14.2
|
||||
* [server] Fix IPv6 addr with square brackets
|
||||
* [webui,api] Display default TLS options in the dashboard
|
||||
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 07 10:11:41 UTC 2022 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.8.4:
|
||||
* Enhancements
|
||||
* [consul,consulcatalog] Support multiple namespaces for Consul and ConsulCatalog providers
|
||||
* [logs] Add destination address to debug log
|
||||
* [middleware,provider,tls] Deprecate caOptional option in client TLS configuration
|
||||
* [middleware] Support URL replacement in errors middleware
|
||||
* [middleware] Allow config of additional CircuitBreaker params
|
||||
* [provider] Implement Traefik provider for Nomad orchestrator
|
||||
* [server] Allow HTTP/2 max concurrent stream configuration
|
||||
* [tls,k8s/crd] Support certificates configuration in TLSStore CRD
|
||||
* [webui,pilot,hub] Add Traefik Hub button and deprecate Pilot
|
||||
* [webui,plugins] Reach the catalog of plugins from the Traefik dashboard
|
||||
* Bug fixes
|
||||
* [docker,docker/swarm] Fix Docker provider mem leak on operation retries
|
||||
* [middleware] Fix retry middleware on panic
|
||||
* [plugins] Allow Traefik starting even if plugin service is unavailable
|
||||
* [marathon] Add missing context in backoff for Marathon
|
||||
* [k8s/ingress,k8s] Place namespace before name in router key for Ingress
|
||||
* [logs,middleware,tracing] Remove request dump from IPWhitelist debug log and tracing message
|
||||
* [metrics] Control allocation and copy of labelNamesValues type
|
||||
* [metrics] Fix service up gauge for Prometheus metrics
|
||||
* [yaml] Add missing inline tag for YAML serialization
|
||||
* [middleware,metrics] Improve performances when Prometheus metrics are enabled
|
||||
* [middleware] Support forwarded websocket protocol in RedirectScheme
|
||||
* [nomad] Use configured token in the Nomad client
|
||||
* [metrics] Ensure Datadog client is cleanly stopped
|
||||
* [healthcheck,service] Do not make multiple requests to the same URL for balancer healthcheck
|
||||
* [healthcheck,service] Add log when missing path in health check
|
||||
* [k8s/gatewayapi] Allow multiple listeners on same port in Gateway API provider
|
||||
* [middleware] RedirectScheme redirects based on X-Forwarded-Proto header
|
||||
* [rules] Fix HostRegexp and Query muxers
|
||||
* [logs] Fix invalid placeholder in log message
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 07 08:27:42 UTC 2022 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.7.0:
|
||||
* Enhancements
|
||||
* [consulcatalog] Watch for Consul events to rebuild the dynamic configuration
|
||||
* [healthcheck] Add Failover service
|
||||
* [http3] Configure advertised port using h3 server option
|
||||
* [hub] Add Traefik Hub Integration
|
||||
* [k8s/crd,k8s] Allow empty services in Kubernetes CRD
|
||||
* [metrics] Support InfluxDB v2 metrics backend
|
||||
* [plugins] Remove Pilot token setup constraint to use plugins
|
||||
* [provider] Refactor configuration reload/throttling
|
||||
* [rules,tcp] Add HostSNIRegexp rule matcher for TCP
|
||||
* [tcp] Add muxer for TCP Routers
|
||||
* [webui,pilot] Add Traefik Hub access and remove Pilot access
|
||||
* [webui] Add a link to service on router detail view
|
||||
* Bug fixes
|
||||
* [hub] Skip Provide when TLS is nil
|
||||
* [tcp] Fix TCP-TLS/HTTPS routing precedence
|
||||
* [webui,hub] Use dedicated entrypoint for the tunnels
|
||||
* [logs,k8s/crd] Fix log statement for ExternalName misconfig
|
||||
* [tcp,service] Fix initial tcp lookup when address is not available
|
||||
* [tls] Fix panic when getting certificates with non-existing store
|
||||
* [acme] Fix RenewInterval computation in ACME provider
|
||||
* [ecs,logs] Remove duplicate error logs
|
||||
* [ecs] Filter out ECS anywhere instance IDs
|
||||
* [middleware] Re-add missing writeheader call in flush
|
||||
* [middleware] Fix bug for when custom page is large enough
|
||||
* [middleware] Fix regexp handling in redirect middleware
|
||||
* [plugins] Fix slice parsing for plugins
|
||||
* [tls] Return TLS unrecognized_name error when no certificate is available
|
||||
* [acme] Add domain to HTTP challenge errors
|
||||
* [metrics] Fix metrics bucket key high cardinality
|
||||
* [middleware,tls] Use CNAME for SNI check on host header
|
||||
* [middleware,tracing] Rename Datadog span tags
|
||||
* [tls] Apply the same approach as the rules system on the TLS configuration choice
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 04 13:37:58 UTC 2022 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.6.0:
|
||||
* Updated Kubernetes Gateway API provider
|
||||
* Consul Enterprise support
|
||||
* Consul Connect support
|
||||
* Inflight request middleware for TCP routers
|
||||
* HTTP/3 support (experimental)
|
||||
* Added support for loading plugins directly from the filesystem (Local Plugins)
|
||||
* Added ability to create Provider Plugins
|
||||
* Added TCP Middleware
|
||||
* Kubernetes 1.22 API changes
|
||||
* Dropped support for Ingress API versions extensions/v1beta1
|
||||
* Updated Traefik Proxy CRDs to use API apiextensions.k8s.io/v1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 28 15:46:39 UTC 2021 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.4.12:
|
||||
* Get Kubernetes server version early
|
||||
* Don't remove ingress config on API call failure
|
||||
* Ratelimiter: use correct ttlSeconds value, and always call Set
|
||||
* Check if defaultcertificate is defined in store
|
||||
* Disable ExternalName Services by default on Kubernetes providers
|
||||
* Fix: malformed Kubernetes resource names and references in tests
|
||||
* Disable Cross-Namespace by default for IngressRoute provider
|
||||
* Accesslog: support multiple values for a given header
|
||||
* Ignore http 1.0 request host missing errors
|
||||
* Headers Middleware: support http.CloseNotifier interface
|
||||
* Detect certificates content modifications
|
||||
* Update go-acme/lego to v4.4.0
|
||||
* Fix: ACME preferred chain.
|
||||
* Remove error when HTTProutes is empty
|
||||
* Fix incorrect behaviour with multi-port endpoint subsets
|
||||
* Kubernetes ingress provider to search via all endpoints
|
||||
* Fix plugin unzip call on windows
|
||||
* Update Yaegi to v0.9.17
|
||||
* Bump paerser to v0.1.4
|
||||
* Create buffered signals channel
|
||||
* Fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter
|
||||
* Use a dynamic buffer to handle client Hello SNI detection
|
||||
* Error span on 5xx only
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 19 09:06:54 UTC 2021 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||
|
||||
- Allow to override build date with SOURCE_DATE_EPOCH
|
||||
in order to make builds reproducible (boo#1047218)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 29 10:07:36 UTC 2021 - alexandre.vicenzi@suse.com
|
||||
|
||||
- Update to version 2.4.8:
|
||||
* Prepare release v2.4.8
|
||||
* Raise errors for non-ASCII domain names in a router's rules
|
||||
* Adding an option to (de)activate Pilot integration into the Traefik dashboard
|
||||
* Doc: improve basic auth middleware httpasswd example
|
||||
* Add missing `traefik.` prefix across sample config
|
||||
* Fix travis docker image pulling for docs
|
||||
* updating docs to remove a no longer needed note
|
||||
* Update to gateway-api v0.2.0
|
||||
* server: updating go-proxyproto with security bugfix from upstream
|
||||
* Update go-acme/lego to v4.3.1
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 10 14:50:22 UTC 2019 - pgeorgiadis@suse.com
|
||||
|
||||
- Initial package release to version 1.7.7:
|
||||
* Check for watched namespace before getting kubernetes objects
|
||||
* Allow empty path with App-root annotation
|
||||
* kubernetes: sort and uniq TLS secrets
|
||||
* Skip TLS section with no secret in Kubernetes ingress
|
22
traefik.service
Normal file
22
traefik.service
Normal file
@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=Traefik
|
||||
Documentation=https://doc.traefik.io/traefik/
|
||||
After=network.target network-online.target
|
||||
Requires=network-online.target
|
||||
AssertFileIsExecutable=/usr/bin/traefik
|
||||
AssertPathExists=/etc/traefik/traefik.yml
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.yml
|
||||
User=traefik
|
||||
WorkingDirectory=~
|
||||
Restart=always
|
||||
WatchdogSec=1s
|
||||
PrivateTmp=true
|
||||
ProtectSystem=full
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
KillMode=mixed
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
168
traefik.spec
Normal file
168
traefik.spec
Normal file
@ -0,0 +1,168 @@
|
||||
#
|
||||
# spec file for package traefik
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define project github.com/traefik/traefik
|
||||
%ifarch ppc64 s390x
|
||||
%define buildmode default
|
||||
%else
|
||||
%define buildmode pie
|
||||
%endif
|
||||
Name: traefik
|
||||
Version: 3.2.1
|
||||
Release: 0
|
||||
Summary: The Cloud Native Application Proxy
|
||||
License: MIT
|
||||
Group: Productivity/Networking/Web/Proxy
|
||||
URL: https://traefik.io/
|
||||
# set the desired version in the spec-file
|
||||
# download the source files and create the vendor tarball with "osc service mr"
|
||||
Source0: https://github.com/traefik/traefik/releases/download/v%{version}/%{name}-v%{version}.src.tar.gz
|
||||
Source1: vendor.tar.gz
|
||||
Source2: %{name}.service
|
||||
Source3: %{name}.yml
|
||||
Source4: %{name}-user.conf
|
||||
Source5: 90-%{name}.conf
|
||||
BuildRequires: go-bindata
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: sysuser-tools
|
||||
BuildRequires: (golang(API) >= 1.22)
|
||||
Recommends: podman
|
||||
Conflicts: traefik2
|
||||
Provides: group(%{name})
|
||||
Provides: user(%{name})
|
||||
%sysusers_requires
|
||||
%{?systemd_requires}
|
||||
%{go_provides}
|
||||
|
||||
%description
|
||||
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer
|
||||
that makes deploying microservices easy. Traefik integrates with your existing
|
||||
infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul,
|
||||
Etcd, Rancher, Amazon ECS) and configures itself automatically and dynamically.
|
||||
|
||||
Pointing Traefik at your orchestrator should be the only configuration step you need.
|
||||
|
||||
%prep
|
||||
%setup -q -c %{name}-%{version} -b0 -a1
|
||||
%autopatch -p1
|
||||
|
||||
%build
|
||||
%sysusers_generate_pre %{SOURCE4} %{name} %{name}-user.conf
|
||||
%{goprep} %{project}
|
||||
# see script/generate
|
||||
go generate
|
||||
|
||||
build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
|
||||
# see script/binary
|
||||
CGO_ENABLED=1 GOGC=off go build \
|
||||
-buildmode=%{buildmode} \
|
||||
-mod=vendor \
|
||||
-ldflags "-X github.com/traefik/traefik/v3/pkg/version.Version=%{version} \
|
||||
-X github.com/traefik/traefik/v3/pkg/version.Codename='' \
|
||||
-X github.com/traefik/traefik/v3/pkg/version.BuildDate=${build_date}" \
|
||||
-installsuffix nocgo \
|
||||
-o traefik \
|
||||
./cmd/traefik
|
||||
|
||||
%install
|
||||
# system user
|
||||
install -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/%{name}-user.conf
|
||||
|
||||
install -d %{buildroot}/%{_sbindir}
|
||||
install -D -p -m 0755 %{name} %{buildroot}%{_bindir}/%{name}
|
||||
|
||||
# service
|
||||
install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
|
||||
# configuration
|
||||
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/%{name}.yml
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/conf.d
|
||||
|
||||
# install configuration to increase UDP buffer sizes
|
||||
install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/sysctl.d/90-%{name}.conf
|
||||
|
||||
# acme storage
|
||||
install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
|
||||
touch %{buildroot}%{_localstatedir}/lib/%{name}/acme.json
|
||||
|
||||
# logging
|
||||
mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
|
||||
|
||||
%pre -f %{name}.pre
|
||||
%service_add_pre %{name}.service
|
||||
|
||||
%post
|
||||
%service_add_post %{name}.service
|
||||
%{fillup_only -n %{name}}
|
||||
# fix ownership for config and logging directory
|
||||
chown -R traefik: %{_sysconfdir}/%{name} %{_localstatedir}/log/%{name}
|
||||
|
||||
# try to move acme.json file from old directory to new
|
||||
if [ -e "%{_sysconfdir}/%{name}/acme.json" ] ; then
|
||||
if [ -s "%{_sysconfdir}/%{name}/acme.json" ] ; then
|
||||
if [ -s "%{_localstatedir}/lib/%{name}/acme.json" ] ; then
|
||||
# if not-empty acme.json files exists on old and new location, write warning
|
||||
echo "A non-empty acme.json file exists in:" 1>&2
|
||||
echo "%{_sysconfdir}/%{name} and %{_localstatedir}/lib/%{name}" 1>&2
|
||||
echo "Please clean up this situation and place the correct file in %{_localstatedir}/lib/%{name}" 1>&2
|
||||
else
|
||||
# if not-empty acme.json exists on old location and no file or empty file exists on new location
|
||||
# move it to the new location
|
||||
mv "%{_sysconfdir}/%{name}/acme.json" "%{_localstatedir}/lib/%{name}/acme.json"
|
||||
sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
|
||||
fi
|
||||
else
|
||||
# remove empty acme.json file from old location
|
||||
rm "%{_sysconfdir}/%{name}/acme.json"
|
||||
sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
|
||||
fi
|
||||
fi
|
||||
|
||||
# fix ownership for acme file
|
||||
chown -R traefik: %{_localstatedir}/lib/%{name}/*
|
||||
|
||||
%preun
|
||||
%service_del_preun %{name}.service
|
||||
|
||||
%postun
|
||||
%service_del_postun %{name}.service
|
||||
|
||||
%files
|
||||
%{_sysusersdir}/%{name}-user.conf
|
||||
|
||||
%license LICENSE.md
|
||||
%doc README.md SECURITY.md CONTRIBUTING.md
|
||||
%{_bindir}/%{name}
|
||||
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_sbindir}/rc%{name}
|
||||
%{_prefix}/lib/sysctl.d/90-%{name}.conf
|
||||
|
||||
%defattr(0600, traefik, traefik, 0700)
|
||||
%dir %{_sysconfdir}/%{name}
|
||||
%dir %{_sysconfdir}/%{name}/conf.d
|
||||
|
||||
%dir %{_localstatedir}/lib/%{name}
|
||||
%config(noreplace) %{_localstatedir}/lib/%{name}/acme.json
|
||||
|
||||
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.yml
|
||||
%dir %{_localstatedir}/log/%{name}
|
||||
|
||||
%changelog
|
153
traefik.yml
Normal file
153
traefik.yml
Normal file
@ -0,0 +1,153 @@
|
||||
# ------------------------------------------------------------------------
|
||||
# Configuration for Traefik v3
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Global configuration
|
||||
# ------------------------------------------------------------------------
|
||||
global:
|
||||
checkNewVersion: false
|
||||
sendAnonymousUsage: false
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# TLS specific configuration
|
||||
# ------------------------------------------------------------------------
|
||||
#tls:
|
||||
# options:
|
||||
# default:
|
||||
# sniStrict: true
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Entrypoints configuration
|
||||
# https://doc.traefik.io/traefik/routing/entrypoints/
|
||||
# ------------------------------------------------------------------------
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
# ------------------------------------------------------------------------
|
||||
# Redirect all requests incoming from http to https
|
||||
# websecure/https must be enabled to be use this configuration
|
||||
# https://doc.traefik.io/traefik/routing/entrypoints/#redirection
|
||||
# ------------------------------------------------------------------------
|
||||
#http:
|
||||
# redirections:
|
||||
# entryPoint:
|
||||
# to: websecure
|
||||
# scheme: https
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Enable the https endpoint at port 443
|
||||
# ------------------------------------------------------------------------
|
||||
#websecure:
|
||||
# address: :443
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Enable the http3 and advertize it at UDP port 443
|
||||
# ------------------------------------------------------------------------
|
||||
#http3: {}
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Traefik logs configuration
|
||||
# Enabled if uncommented
|
||||
# https://doc.traefik.io/traefik/observability/logs/
|
||||
# ------------------------------------------------------------------------
|
||||
log:
|
||||
# Set traefik's log-level
|
||||
# Default: ERROR
|
||||
#level: DEBUG
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Traefik access-log destination and format
|
||||
# uncomment to enable
|
||||
# https://doc.traefik.io/traefik/observability/logs/
|
||||
# ------------------------------------------------------------------------
|
||||
#accessLog:
|
||||
# ------------------------------------------------------------------------
|
||||
# Set the filepath for the traefik log-file.
|
||||
# Default: os.Stdout
|
||||
#filePath: /var/log/traefik/traefik.log
|
||||
# ------------------------------------------------------------------------
|
||||
# Write logs in the 'common' or 'json' format.
|
||||
# Default: common
|
||||
#format: json
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# API and dashboard configuration.
|
||||
# Uncomment to enable
|
||||
# https://doc.traefik.io/traefik/operations/api/
|
||||
# ------------------------------------------------------------------------
|
||||
api:
|
||||
# ------------------------------------------------------------------------
|
||||
# Enable the API in insecure mode
|
||||
# Default: false
|
||||
insecure: false
|
||||
# ------------------------------------------------------------------------
|
||||
# Enable the dashboard
|
||||
# Default: true
|
||||
dashboard: true
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# Ping configuration
|
||||
# https://doc.traefik.io/traefik/operations/ping/
|
||||
# --------------------------------------------------------------------------
|
||||
ping:
|
||||
# --------------------------------------------------------------------------
|
||||
# Name of the related entry point
|
||||
# Default: "traefik"
|
||||
entryPoint: traefik
|
||||
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Provider configuration
|
||||
# --------------------------------------------------------------------------
|
||||
providers:
|
||||
# ------------------------------------------------------------------------
|
||||
# Docker configuration provider
|
||||
# Default: disabled
|
||||
# https://doc.traefik.io/traefik/providers/docker/
|
||||
# ------------------------------------------------------------------------
|
||||
#docker:
|
||||
# ----------------------------------------------------------------------
|
||||
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
|
||||
# Default: "unix:///var/run/docker.sock"
|
||||
#endpoint: tcp://10.10.10.10:2375
|
||||
# ----------------------------------------------------------------------
|
||||
# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
|
||||
# ----------------------------------------------------------------------
|
||||
# Expose containers by default in traefik
|
||||
# Default: true
|
||||
#exposedByDefault: false
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
# File configuration provider
|
||||
# Default: disabled
|
||||
# https://doc.traefik.io/traefik/providers/docker/
|
||||
# ------------------------------------------------------------------------
|
||||
file:
|
||||
# ----------------------------------------------------------------------
|
||||
# Defines the path to the directory that contains the configuration files.
|
||||
# Default: unset
|
||||
directory: /etc/traefik/conf.d
|
||||
# ----------------------------------------------------------------------
|
||||
# Set the watch option to true to allow Traefik to automatically
|
||||
# watch for file changes
|
||||
# Default: false
|
||||
watch: true
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# ACME Certificate Resolvers configuration
|
||||
# Default: not configured
|
||||
# https://doc.traefik.io/traefik/https/acme/
|
||||
# --------------------------------------------------------------------------
|
||||
#certificatesResolvers:
|
||||
# letsencryptResolver:
|
||||
# acme:
|
||||
# email: your@email
|
||||
# storage: /var/lib/traefik/acme.json
|
||||
# httpChallenge:
|
||||
# entryPoint: web
|
||||
|
3
vendor.tar.gz
Normal file
3
vendor.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1bbfe6e2c4f9da01488d228604053aae993f6fa7fb5ed31fccd0c6d07d5c9ade
|
||||
size 25586550
|
Loading…
Reference in New Issue
Block a user