Hello, I'm looking into possibilities to implement some slightly more complex logic into haproxy that's being used when talking to origins. Looking through the documentation, I see I can obviously use Lua, which offers great flexibility.
I'm looking to implement a few additional checks and balances before I forward requests to the origin/backend for being processed. Two of these things are: - validation of bearer tokens (API tokens) on haproxy level - S3 signing Bearer tokens are stored in a Redis instance, and I can obviously write Lua that's ran for a given http-request, but from what I understand, the way the Lua is ran, means I obviously have to establish the whole Redis instance/connection every time the code is executed, and I can't keep a connection open. Would it be possible for using the SPOE feature of haproxy to essentially run a separate program, that would bridge this gap, basically being a super fast processing engine for tokens, where I keep this persistent Redis connection open, or are there better ways of doing it? Likewise for S3 signing ( I know it's supported by haproxy enterprise, but in this particular case, I'm not there yet, to where I can justify it, sorry!) , there's, from what I can see, quite a few ways this can be done: - I can use Lua to do the hash calculations (again, likely store these AWS access key/secret in Redis) - Possibly use SPOE (assuming this is one of the possible use-cases - it mentions ldap and SSO for example, this is just another kind of signing) - I can do it the ugly way, and proxy the request from haproxy to a small Golang app or similar, and then let the Go application talk to S3 backend directly - Proxy from haproxy to nginx, and do a bunch of logic in nginx using Lua, and forward onto the origin. However, introducing a nginx into the stack, is ideally something I'd like to avoid Any pointers to whether SPOE would make sense here, would be great, or if you have any other suggestions, or possibly even experience doing something similar! Thanks in advance! 👌 Best Regards, Lucas Rolff