Re: [*EXT*] Re: haproxy hiding url/minio

2020-12-25 Thread Jonathan Opperman 
Hi All,

On Fri, Dec 25, 2020 at 6:37 PM Willy Tarreau  wrote:

> On Thu, Dec 24, 2020 at 06:04:05PM +0500,  ??? wrote:
> > as far as I recall, AWS4 uses digitally signed several headers. if you
> > change some of those headers, security is broken so you get 401.
> > I'm not sure it allows to change URL on the fly or not.
> >
> > but I recall proxying S3 pretty complicated task.
> >
> > should we document best practices how to reverse proxy S3 ?
>
> Probably. Another useful thing to put into the wiki.
>

Thanks for all the info, url gave me issues, using path fixed it. Thanks
again for your replies
here, it's really appreciated.

Have a good day, and Merry Christmas.

Cheers
Jonathan


>
> Willy
>

Re: [PATCH] enable coverity daily scan again

2020-12-25 Thread Илья Шипицин 
final patch attached.

пт, 25 дек. 2020 г. в 17:05, Илья Шипицин :

> seems we need " ... || true" back
> https://github.com/chipitsine/haproxy/runs/1608451465
>
> пт, 25 дек. 2020 г. в 16:04, Tim Düsterhus :
>
>> Ilya,
>>
>> Am 25.12.20 um 06:28 schrieb Илья Шипицин:
>> > I modified patch to run against my own coverity repo
>> 'chipitsine/haproxy'
>> >
>> >
>> > Tim, can you have a look ?
>> >
>> > https://github.com/chipitsine/haproxy/actions/runs/443552484
>> >
>>
>> Apparently it is not possible to use secrets within an `if` condition.
>> See this one: https://github.com/actions/runner/issues/520.
>>
>> In one comment the following example was posted:
>>
>> if: ${{ github.repository_owner == 'haproxy' }}
>>
>> It's not perfect, because it does not actually check the token, but it
>> will prevent the job from running in forks. And for our repository it
>> will effectively always have the token.
>>
>> Best regards
>> Tim Düsterhus
>>
>
From 12c9385c962ab511f143751df99b8f9f5b99124c Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Fri, 25 Dec 2020 23:36:52 +0500
Subject: [PATCH] CI: GitHub Actions: enable daily Coverity scan

That scan was previously implemented on Travis. Let us migrate
it to GitHub Actions.

Co-authored-by: Tim Duesterhus 
---
 .github/workflows/coverity.yml | 34 ++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0..51051cc1f
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,34 @@
+
+#
+# scan results: https://scan.coverity.com/projects/haproxy
+#
+
+name: Coverity
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  scan:
+runs-on: ubuntu-latest
+if: ${{ github.repository_owner == 'haproxy' }}
+env:
+  COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+  COVERITY_SCAN_BRANCH_PATTERN: '*' 
+  COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
+  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+steps:
+- uses: actions/checkout@v2
+- name: Install apt dependencies
+  run: |
+sudo apt-get update 
+sudo apt-get install -y \
+  liblua5.3-dev \
+  libsystemd-dev
+- name: Run Coverity Scan
+  env:
+COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+  run: |
+make -C contrib/wurfl
+curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash || true
-- 
2.29.2

Re: [PATCH] enable coverity daily scan again

2020-12-25 Thread Илья Шипицин 
seems we need " ... || true" back
https://github.com/chipitsine/haproxy/runs/1608451465

пт, 25 дек. 2020 г. в 16:04, Tim Düsterhus :

> Ilya,
>
> Am 25.12.20 um 06:28 schrieb Илья Шипицин:
> > I modified patch to run against my own coverity repo 'chipitsine/haproxy'
> >
> >
> > Tim, can you have a look ?
> >
> > https://github.com/chipitsine/haproxy/actions/runs/443552484
> >
>
> Apparently it is not possible to use secrets within an `if` condition.
> See this one: https://github.com/actions/runner/issues/520.
>
> In one comment the following example was posted:
>
> if: ${{ github.repository_owner == 'haproxy' }}
>
> It's not perfect, because it does not actually check the token, but it
> will prevent the job from running in forks. And for our repository it
> will effectively always have the token.
>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-25 Thread Tim Düsterhus 
Ilya,

Am 25.12.20 um 06:28 schrieb Илья Шипицин:
> I modified patch to run against my own coverity repo 'chipitsine/haproxy'
> 
> 
> Tim, can you have a look ?
> 
> https://github.com/chipitsine/haproxy/actions/runs/443552484
> 

Apparently it is not possible to use secrets within an `if` condition.
See this one: https://github.com/actions/runner/issues/520.

In one comment the following example was posted:

if: ${{ github.repository_owner == 'haproxy' }}

It's not perfect, because it does not actually check the token, but it
will prevent the job from running in forks. And for our repository it
will effectively always have the token.

Best regards
Tim Düsterhus