/
haproxy.cfg
104 lines (73 loc) · 4.07 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
global
log stdout format raw local0 debug
lua-load /usr/local/etc/haproxy/aws_signature.lua
defaults
log global
timeout client 1s
timeout connect 1s
timeout server 1s
mode http
option httplog
listen s3v2
bind :::8080 v4v6
http-request set-var(req.region) str(us-east-1)
http-request set-var(req.endpoint) str(minio:9000)
http-request set-var(req.bucket) str(mybucket)
http-request set-var(req.access_key) str(minioadmin)
http-request set-var(req.secret_key) str(minioadmin)
http-request set-path /%[var(req.bucket)]%[path]
http-request set-var(req.date) date,http_date
http-request set-header Host %[var(req.endpoint)]
http-request set-header Date %[var(req.date)]
http-request set-var(req.secret_key_b64) var(req.secret_key),base64
http-request set-var-fmt(req.string_to_sign) %[method]\n\n\n%[var(req.date)]\n%[path]
http-request set-header StringToSign %[var(req.string_to_sign)]
http-request set-var(req.signature) var(req.string_to_sign),hmac("sha1",req.secret_key_b64),base64
http-request set-header Authorization "AWS %[var(req.access_key)]:%[var(req.signature)]"
server local localhost:8084
listen s3v2-lua
bind :::8081 v4v6
http-request set-var(req.bucket) str(mybucket)
http-request set-path /%[var(req.bucket)]%[path]
http-request lua.sign_s3v2 us-east-1 minio:9000 minioadmin minioadmin
server local localhost:8084
listen s3v4
bind :::8082 v4v6
http-request set-var(req.region) str(us-east-1)
http-request set-var(req.endpoint) str(minio:9000)
http-request set-var(req.bucket) str(mybucket)
http-request set-var(req.access_key) str(minioadmin)
http-request set-var(req.secret_key) str(minioadmin)
http-request set-path /%[var(req.bucket)]%[path]
http-request set-var(req.date) date
http-request set-var(req.x_amz_date) var(req.date),utime("%Y%m%dT%H%M%SZ")
http-request set-var(req.today) var(req.date),utime("%Y%m%d")
http-request set-header Host %[var(req.endpoint)]
http-request set-header x-amz-date %[var(req.x_amz_date)]
http-request set-var(req.x_amz_content_sha256) str(e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) if { req.body_size eq 0 }
http-request set-var(req.x_amz_content_sha256) var(req.body),sha2(256),hex,lower if { req.body_size gt 0 }
http-request set-header x-amz-content-sha256 %[var(req.x_amz_content_sha256)]
http-request set-var-fmt(req.scope) %[var(req.today)]/%[var(req.region)]/s3/aws4_request
http-request set-var-fmt(req.canonical_request) %[method]\n%[path]\n\nhost:%[var(req.endpoint)]\nx-amz-content-sha256:%[var(req.x_amz_content_sha256)]\nx-amz-date:%[var(req.x_amz_date)]\n\nhost;x-amz-content-sha256;x-amz-date\n%[var(req.x_amz_content_sha256)]
http-request set-var-fmt(req.string_to_sign) AWS4-HMAC-SHA256\n%[var(req.x_amz_date)]\n%[var(req.scope)]\n%[var(req.canonical_request),sha2(256),hex,lower]
http-request set-var(req.key) str(),concat(AWS4,req.secret_key),base64
http-request set-var(req.date_key) var(req.today),hmac("sha256",req.key),base64
http-request set-var(req.date_region_key) var(req.region),hmac("sha256",req.date_key),base64
http-request set-var(req.date_region_service_key) str(s3),hmac("sha256",req.date_region_key),base64
http-request set-var(req.signing_key) str(aws4_request),hmac("sha256",req.date_region_service_key),base64
http-request set-var(req.signature) var(req.string_to_sign),hmac("sha256",req.signing_key),hex,lower
http-request set-header Authorization "AWS4-HMAC-SHA256 Credential=%[var(req.access_key)]/%[var(req.scope)],SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=%[var(req.signature)]"
server local localhost:8084
listen s3v4-lua
bind :::8083 v4v6
http-request set-var(req.bucket) str(mybucket)
http-request set-path /%[var(req.bucket)]%[path]
http-request lua.sign_s3v4 us-east-1 minio:9000 minioadmin minioadmin
server local localhost:8084
listen upstream
bind :::8084 v4v6
capture request header Authorization len 1000
capture request header Date len 1000
capture request header X-Amz-Content-Sha256 len 1000
capture request header X-Amz-Date len 1000
server minio minio:9000