Re: [*EXT*] Re: haproxy hiding url/minio
Hi All, On Fri, Dec 25, 2020 at 6:37 PM Willy Tarreau wrote: > On Thu, Dec 24, 2020 at 06:04:05PM +0500, ??? wrote: > > as far as I recall, AWS4 uses digitally signed several headers. if you > > change some of those headers, security is broken so you get 401. > > I'm not sure it allows to change URL on the fly or not. > > > > but I recall proxying S3 pretty complicated task. > > > > should we document best practices how to reverse proxy S3 ? > > Probably. Another useful thing to put into the wiki. > Thanks for all the info, url gave me issues, using path fixed it. Thanks again for your replies here, it's really appreciated. Have a good day, and Merry Christmas. Cheers Jonathan > > Willy >
Re: [*EXT*] Re: haproxy hiding url/minio
On Thu, Dec 24, 2020 at 06:04:05PM +0500, ??? wrote: > as far as I recall, AWS4 uses digitally signed several headers. if you > change some of those headers, security is broken so you get 401. > I'm not sure it allows to change URL on the fly or not. > > but I recall proxying S3 pretty complicated task. > > should we document best practices how to reverse proxy S3 ? Probably. Another useful thing to put into the wiki. Willy
Re: [*EXT*] Re: haproxy hiding url/minio
as far as I recall, AWS4 uses digitally signed several headers. if you change some of those headers, security is broken so you get 401. I'm not sure it allows to change URL on the fly or not. but I recall proxying S3 pretty complicated task. should we document best practices how to reverse proxy S3 ? чт, 24 дек. 2020 г. в 18:01, Ionel GARDAIS : > I would have add the trailing slash to avoid "/storages" being rewote. > 'http-request set-path %[regsub(^/storage/,/minio/)]' > > -- > Ionel > > - Mail original - > De: "Chad Lavoie" > À: "haproxy" > Cc: "Jonathan Opperman" > Envoyé: Jeudi 24 Décembre 2020 02:04:57 > Objet: [*EXT*] Re: haproxy hiding url/minio > > Greetings, > > On 12/23/2020 7:10 PM, Jonathan Opperman wrote: > > > > Works perfectly fine, what is the best way to hide /minio so it will > > rather say /storage so externally > > I hide the fact that we are using minio? > > You can do that by using 'http-request set-path > %[regsub(^/storage,/minio)]' to rewrite the path that the backend sees > from what the client sent. > > - Chad > -- > 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON > Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301 > > >
Re: [*EXT*] Re: haproxy hiding url/minio
I would have add the trailing slash to avoid "/storages" being rewote. 'http-request set-path %[regsub(^/storage/,/minio/)]' -- Ionel - Mail original - De: "Chad Lavoie" À: "haproxy" Cc: "Jonathan Opperman" Envoyé: Jeudi 24 Décembre 2020 02:04:57 Objet: [*EXT*] Re: haproxy hiding url/minio Greetings, On 12/23/2020 7:10 PM, Jonathan Opperman wrote: > > Works perfectly fine, what is the best way to hide /minio so it will > rather say /storage so externally > I hide the fact that we are using minio? You can do that by using 'http-request set-path %[regsub(^/storage,/minio)]' to rewrite the path that the backend sees from what the client sent. - Chad -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301