Re: [*EXT*] Re: haproxy hiding url/minio
Hi All, On Fri, Dec 25, 2020 at 6:37 PM Willy Tarreau wrote: > On Thu, Dec 24, 2020 at 06:04:05PM +0500, ??? wrote: > > as far as I recall, AWS4 uses digitally signed several headers. if you > > change some of those headers, security is broken so you get 401. > > I'm not sure it allows to change URL on the fly or not. > > > > but I recall proxying S3 pretty complicated task. > > > > should we document best practices how to reverse proxy S3 ? > > Probably. Another useful thing to put into the wiki. > Thanks for all the info, url gave me issues, using path fixed it. Thanks again for your replies here, it's really appreciated. Have a good day, and Merry Christmas. Cheers Jonathan > > Willy >
Re: [PATCH] enable coverity daily scan again
final patch attached. пт, 25 дек. 2020 г. в 17:05, Илья Шипицин : > seems we need " ... || true" back > https://github.com/chipitsine/haproxy/runs/1608451465 > > пт, 25 дек. 2020 г. в 16:04, Tim Düsterhus : > >> Ilya, >> >> Am 25.12.20 um 06:28 schrieb Илья Шипицин: >> > I modified patch to run against my own coverity repo >> 'chipitsine/haproxy' >> > >> > >> > Tim, can you have a look ? >> > >> > https://github.com/chipitsine/haproxy/actions/runs/443552484 >> > >> >> Apparently it is not possible to use secrets within an `if` condition. >> See this one: https://github.com/actions/runner/issues/520. >> >> In one comment the following example was posted: >> >> if: ${{ github.repository_owner == 'haproxy' }} >> >> It's not perfect, because it does not actually check the token, but it >> will prevent the job from running in forks. And for our repository it >> will effectively always have the token. >> >> Best regards >> Tim Düsterhus >> > From 12c9385c962ab511f143751df99b8f9f5b99124c Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Fri, 25 Dec 2020 23:36:52 +0500 Subject: [PATCH] CI: GitHub Actions: enable daily Coverity scan That scan was previously implemented on Travis. Let us migrate it to GitHub Actions. Co-authored-by: Tim Duesterhus --- .github/workflows/coverity.yml | 34 ++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/coverity.yml diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0..51051cc1f --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,34 @@ + +# +# scan results: https://scan.coverity.com/projects/haproxy +# + +name: Coverity + +on: + schedule: + - cron: "0 0 * * *" + +jobs: + scan: +runs-on: ubuntu-latest +if: ${{ github.repository_owner == 'haproxy' }} +env: + COVERITY_SCAN_PROJECT_NAME: 'Haproxy' + COVERITY_SCAN_BRANCH_PATTERN: '*' + COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com' + COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1" +steps: +- uses: actions/checkout@v2 +- name: Install apt dependencies + run: | +sudo apt-get update +sudo apt-get install -y \ + liblua5.3-dev \ + libsystemd-dev +- name: Run Coverity Scan + env: +COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + run: | +make -C contrib/wurfl +curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash || true -- 2.29.2
Re: [PATCH] enable coverity daily scan again
seems we need " ... || true" back https://github.com/chipitsine/haproxy/runs/1608451465 пт, 25 дек. 2020 г. в 16:04, Tim Düsterhus : > Ilya, > > Am 25.12.20 um 06:28 schrieb Илья Шипицин: > > I modified patch to run against my own coverity repo 'chipitsine/haproxy' > > > > > > Tim, can you have a look ? > > > > https://github.com/chipitsine/haproxy/actions/runs/443552484 > > > > Apparently it is not possible to use secrets within an `if` condition. > See this one: https://github.com/actions/runner/issues/520. > > In one comment the following example was posted: > > if: ${{ github.repository_owner == 'haproxy' }} > > It's not perfect, because it does not actually check the token, but it > will prevent the job from running in forks. And for our repository it > will effectively always have the token. > > Best regards > Tim Düsterhus >
Re: [PATCH] enable coverity daily scan again
Ilya, Am 25.12.20 um 06:28 schrieb Илья Шипицин: > I modified patch to run against my own coverity repo 'chipitsine/haproxy' > > > Tim, can you have a look ? > > https://github.com/chipitsine/haproxy/actions/runs/443552484 > Apparently it is not possible to use secrets within an `if` condition. See this one: https://github.com/actions/runner/issues/520. In one comment the following example was posted: if: ${{ github.repository_owner == 'haproxy' }} It's not perfect, because it does not actually check the token, but it will prevent the job from running in forks. And for our repository it will effectively always have the token. Best regards Tim Düsterhus