issue - 472 OpenTrace rebase line with release 1.5.10

.gitignore

@@ -18,5 +18,5 @@ fabio
 fabio.exe
 fabio.sublime-*
 demo/cert/
-pkg/
+/pkg/
 dist/

.goreleaser.yml

@@ -26,9 +26,12 @@ sign:
   artifacts: checksum
 
 dockers:
-  - image: fabiolb/fabio
-    latest: true
-    tag_template: '{{ .Version }}-{{ .Env.GOVERSION }}'
+  -
+    dockerfile: Dockerfile-goreleaser
+    image_templates:
+      - 'fabiolb/fabio:latest'
+      - 'fabiolb/fabio:{{ .Version }}-{{ .Env.GOVERSION }}'
+      - 'magiconair/fabio:latest'
+      - 'magiconair/fabio:{{ .Version }}-{{ .Env.GOVERSION }}'
     extra_files:
-      - build/ca-certificates.crt
       - fabio.properties

CHANGELOG.md

@@ -1,11 +1,17 @@
 ## Changelog
 
-### Unreleased
+### [v1.5.10](https://github.com/fabiolb/fabio/releases/tag/v1.5.10) - 25 Oct 2018
 
 #### Breaking Changes
 
 #### Bug Fixes
 
+ * [Issue #530](https://github.com/fabiolb/fabio/issues/530): Memory leak in go-metrics library
+
+   When metrics collection was enabled within fabio instances with very dynamic route changes memory usage quickly
+   ramped above expected levels.  Research done by [@galen0624](https://github.com/galen0624) identified the issue
+   and lead to the discovery of a fix in an updated version of the go-metrics library used by fabio.
+
  * [Issue #506](https://github.com/fabiolb/fabio/issues/506): Wrong route for multiple matching host glob patterns
 
    When multiple host glob patterns match an incoming request fabio can pick the wrong backend for the request.
@@ -15,8 +21,51 @@
 
 #### Improvements
 
+ * The default Docker image is now based on alpine:3.8 and runs the full test suite during build. It also sets
+   `/usr/bin/fabio` as `ENTRYPOINT` with `-cfg /etc/fabio/fabio.properties` as default command line arguments.
+   The previous image was built on `scratch`.
+
+ * [PR #497](https://github.com/fabiolb/fabio/pull/497): Make tests pass with latest Consul and Vault versions
+
+   Thanks to [@pschultz](https://github.com/pschultz) for the patch.
+
+ * [PR #531](https://github.com/fabiolb/fabio/pull/531): Set flush buffer interval for non-SSE requests
+
+   This PR adds a `proxy.globalflushinterval` option to configure an interval when the HTTP Response
+   Buffer is flushed.
+
+   Thanks to [@samm-git](https://github.com/samm-git) for the patch.
+
+ * [Issue #542](https://github.com/fabiolb/fabio/issues/542): Ignore host case when adding and matching routes
+
+  Fabio was forcing hostnames in routes added via Consul tags to lowercase.  This caused problems
+  with table lookups that were not case-insensitive.  The patch applied in #543 forces all routes added
+  via consul tags or the internal `addRoute` to have lower case hostnames in addition to forcing
+  hostnames to lowercase before performing table lookups.  This means that the host portion of routes and
+  host based table lookups in fabio are no longer case sensitive.
+
+  Thanks to [@shantanugadgil](https://github.com/shantanugadgil) for the patch.
+
+ * [Issue #548](https://github.com/fabiolb/fabio/issues/548): Slow glob matching with large number of services
+
+   This patch adds the new `glob.matching.disabled` option which controls whether glob matching is enabled for
+   route lookups. If the number of routes is large then the glob matching can have a performance impact and
+   disabling it may help.
+
+  Thanks to [@galen0624](https://github.com/galen0624) for the patch and
+  [@leprechau](https://github.com/leprechau) for the review.
+
 #### Features
 
+ * [Issue #544](https://github.com/fabiolb/fabio/issues/544): Add $host pseudo variable
+
+  This PR added support for `$host` pseudo variable that behaves similarly to the `$path` variable.
+  You should now be able to create a global redirect for requests received on any host to the same or different
+  request host on the same or different path when combined with the `$path` variable.  This allows for a truly global
+  protocol redirect of HTTP -> HTTPS traffic irrespective of host and path.
+
+  Thanks to [@holtwilkins](https://github.com/holtwilkins) for the patch.
+
 ### [v1.5.9](https://github.com/fabiolb/fabio/releases/tag/v1.5.9) - 16 May 2018
 
 #### Notes
@@ -297,6 +346,7 @@ urlprefix-/foo redirect=301,https://www.foo.com$path
  * [PR #315](https://github.com/fabiolb/fabio/pull/315)/[Issue #135](https://github.com/fabiolb/fabio/issues/135): Vault PKI cert source
 
    This adds support for using [Vault](https://vaultproject.io/) as a PKI cert source.
+
    Thanks to [@pschultz](https://github.com/pschultz) for providing this patch!
 
 #### Bug Fixes

Dockerfile

@@ -1,6 +1,22 @@
-FROM scratch
-ADD ca-certificates.crt /etc/ssl/certs/
+FROM golang:1.11.1-alpine AS build
+
+ARG consul_version=1.3.0
+ADD https://releases.hashicorp.com/consul/${consul_version}/consul_${consul_version}_linux_amd64.zip /usr/local/bin
+RUN cd /usr/local/bin && unzip consul_${consul_version}_linux_amd64.zip
+
+ARG vault_version=0.11.4
+ADD https://releases.hashicorp.com/vault/${vault_version}/vault_${vault_version}_linux_amd64.zip /usr/local/bin
+RUN cd /usr/local/bin && unzip vault_${vault_version}_linux_amd64.zip
+
+WORKDIR /go/src/github.com/fabiolb/fabio
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go test  -ldflags "-s -w" ./...
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -w"
+
+FROM alpine:3.8
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+COPY --from=build /go/src/github.com/fabiolb/fabio/fabio /usr/bin
 ADD fabio.properties /etc/fabio/fabio.properties
-ADD fabio /
 EXPOSE 9998 9999
-CMD ["/fabio", "-cfg", "/etc/fabio/fabio.properties"]
+ENTRYPOINT ["/usr/bin/fabio"]
+CMD ["-cfg", "/etc/fabio/fabio.properties"]

Dockerfile-goreleaser

@@ -0,0 +1,7 @@
+FROM alpine:3.8
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+COPY fabio /usr/bin
+ADD fabio.properties /etc/fabio/fabio.properties
+EXPOSE 9998 9999
+ENTRYPOINT ["/usr/bin/fabio"]
+CMD ["-cfg", "/etc/fabio/fabio.properties"]

Makefile

@@ -20,16 +20,9 @@ GOVERSION = $(shell go version | awk '{print $$3;}')
 # GORELEASER is the path to the goreleaser binary.
 GORELEASER = $(shell which goreleaser)
 
-# GOVENDOR is the path to the govendor binary.
-GOVENDOR = $(shell which govendor)
-
-# VENDORFMT is the path to the vendorfmt binary.
-VENDORFMT = $(shell which vendorfmt)
-
 # pin versions for CI builds
-CI_CONSUL_VERSION=1.0.6
-CI_VAULT_VERSION=0.9.6
-CI_GO_VERSION=1.10.2
+CI_CONSUL_VERSION=1.3.0
+CI_VAULT_VERSION=0.11.4
 
 # all is the default target
 all: test
@@ -46,23 +39,13 @@ help:
 	@echo "clean     - remove temp files"
 
 # build compiles fabio and the test dependencies
-build: checkdeps vendorfmt gofmt
+build: gofmt
 	go build
 
 # test runs the tests
 test: build
 	go test -v -test.timeout 15s `go list ./... | grep -v '/vendor/'`
 
-# checkdeps ensures that all required dependencies are vendored in
-checkdeps:
-	[ -x "$(GOVENDOR)" ] || go get -u github.com/kardianos/govendor
-	govendor list +e | grep '^ e ' && { echo "Found missing packages. Please run 'govendor add +e'"; exit 1; } || : echo
-
-# vendorfmt ensures that the vendor/vendor.json file is formatted correctly
-vendorfmt:
-	[ -x "$(VENDORFMT)" ] || go get -u github.com/magiconair/vendorfmt/cmd/vendorfmt
-	vendorfmt
-
 # gofmt runs gofmt on the code
 gofmt:
 	gofmt -s -w `find . -type f -name '*.go' | grep -v vendor`
@@ -87,7 +70,7 @@ pkg: build test
 # later targets can pick up the new tag value.
 release:
 	$(MAKE) tag
-	$(MAKE) preflight docker-test gorelease homebrew docker-aliases
+	$(MAKE) preflight docker-test gorelease homebrew
 
 # preflight runs some checks before a release
 preflight:
@@ -108,35 +91,19 @@ gorelease:
 homebrew:
 	build/homebrew.sh $(LAST_TAG)
 
-# docker-aliases creates aliases for the docker containers
-# since goreleaser doesn't handle that properly yet
-docker-aliases:
-	docker tag fabiolb/fabio:$(VERSION)-$(GOVERSION) magiconair/fabio:$(VERSION)-$(GOVERSION)
-	docker tag fabiolb/fabio:$(VERSION)-$(GOVERSION) magiconair/fabio:latest
-	docker push magiconair/fabio:$(VERSION)-$(GOVERSION)
-	docker push magiconair/fabio:latest
-
 # docker-test runs make test in a Docker container with
 # pinned versions of the external dependencies
 #
 # We download the binaries outside the Docker build to
 # cache the binaries and prevent repeated downloads since
 # ADD <url> downloads the file every time.
 docker-test:
-	test -r consul_$(CI_CONSUL_VERSION)_linux_amd64.zip || \
-		wget https://releases.hashicorp.com/consul/$(CI_CONSUL_VERSION)/consul_$(CI_CONSUL_VERSION)_linux_amd64.zip
-	test -r vault_$(CI_VAULT_VERSION)_linux_amd64.zip || \
-		wget https://releases.hashicorp.com/vault/$(CI_VAULT_VERSION)/vault_$(CI_VAULT_VERSION)_linux_amd64.zip
-	test -r go$(CI_GO_VERSION).linux-amd64.tar.gz || \
-		wget https://dl.google.com/go/go$(CI_GO_VERSION).linux-amd64.tar.gz
 	docker build \
 		--build-arg consul_version=$(CI_CONSUL_VERSION) \
 		--build-arg vault_version=$(CI_VAULT_VERSION) \
-		--build-arg go_version=$(CI_GO_VERSION) \
 		-t test-fabio \
-		-f Dockerfile-test \
+		-f Dockerfile \
 		.
-	docker run -it test-fabio make test
 
 # codeship runs the CI on codeship
 codeship:
@@ -156,4 +123,4 @@ clean:
 	rm -rf pkg dist fabio
 	find . -name '*.test' -delete
 
-.PHONY: all build checkdeps clean codeship gofmt gorelease help homebrew install linux pkg preflight release tag test vendorfmt
+.PHONY: all build clean codeship gofmt gorelease help homebrew install linux pkg preflight release tag test

NOTICES.txt

@@ -157,8 +157,3 @@ golang.org/x/sync/singleflight
 https://golang.org/x/sync/singleflight
 License: BSD 3-clause (https://golang.org/x/sync/LICENSE)
 Copyright (c) 2009 The Go Authors. All rights reserved.
-
-github.com/mholt/caddy
-https://github.com/mholt/caddy
-License: Apache 2.0 (https://github.com/mholt/caddy/LICENSE.txt)
-Copyright (c) 2015, Light Code Labs, LLC

cert/source_test.go

@@ -9,6 +9,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"math/big"
@@ -250,8 +251,18 @@ func TestConsulSource(t *testing.T) {
 			resp, err := http.Get("http://127.0.0.1:8500/v1/status/leader")
 			// /v1/status/leader returns '\n""' while consul is in leader election mode
 			// and '"127.0.0.1:8300"' when not. So we punt by checking the
-			// Content-Length header instead of the actual body content :)
-			return err == nil && resp.StatusCode == 200 && resp.ContentLength > 10
+			// body length instead of the actual body content :)
+			if err != nil {
+				return false
+			}
+			defer resp.Body.Close()
+
+			if resp.StatusCode != 200 {
+				return false
+			}
+
+			n, err := io.Copy(ioutil.Discard, resp.Body)
+			return err == nil && n > 10
 		}
 
 		// We need give consul ~8-10 seconds to become ready until I've
@@ -339,6 +350,15 @@ func vaultServer(t *testing.T, addr, rootToken string) (*exec.Cmd, *vaultapi.Cli
 	  capabilities = ["read"]
 	}
 
+	# Vault >= 0.10. (KV Version 2)
+	path "secret/metadata/fabio/cert/" {
+	  capabilities = ["list"]
+	}
+
+	path "secret/data/fabio/cert/*" {
+	  capabilities = ["read"]
+	}
+
 	path "test-pki/issue/fabio" {
 	  capabilities = ["update"]
 	}
@@ -425,7 +445,26 @@ func TestVaultSource(t *testing.T) {
 	// create a cert and store it in vault
 	certPEM, keyPEM := makePEM("localhost", time.Minute)
 	data := map[string]interface{}{"cert": string(certPEM), "key": string(keyPEM)}
-	if _, err := client.Logical().Write(certPath+"/localhost", data); err != nil {
+
+	var nilSource *VaultSource // for calling helper methods
+
+	mountPath, v2, err := nilSource.isKVv2(certPath, client)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	p := certPath + "/localhost"
+	if v2 {
+		t.Log("Vault: KV backend: V2")
+		data = map[string]interface{}{
+			"data":    data,
+			"options": map[string]interface{}{},
+		}
+		p = nilSource.addPrefixToVKVPath(p, mountPath, "data")
+	} else {
+		t.Log("Vault: KV backend: V1")
+	}
+	if _, err := client.Logical().Write(p, data); err != nil {
 		t.Fatalf("logical.Write failed: %s", err)
 	}