I’m trying to figure out how to add user authentication to my HAProxy setup. I’ve got a frontend called loadbalancer set up on port 4000 with this config:
frontend loadbalancer
bind *:4000
mode http
log global
default_backend proxy-backend
option httplog
option http_proxy
Right now I can use it like this:
curl -v --proxy 'http://localhost:4000' example.com/status
But I want to add a username and password, like:
curl -v --proxy 'http://user:pass@localhost:4000' example.com/status
How do I update my HAProxy config to make this work? I’m new to this and could use some help. Thanks!
To add user authentication to your HAProxy frontend, you’ll need to modify your configuration to include a userlist and use the ‘auth’ option. Here’s how you can update your setup:
Create a userlist section in your HAProxy configuration:
userlist proxy_users
user myuser password mypassword
Then, update your frontend configuration to utilize this userlist:
frontend loadbalancer
bind *:4000
mode http
log global
default_backend proxy-backend
option httplog
option http_proxy
acl auth_ok http_auth(proxy_users)
http-request auth realm Proxy if !auth_ok
This configuration prompts for authentication when accessing the proxy. Ensure you restart HAProxy after applying these changes and consider using encrypted passwords for enhanced security in production environments.
i’d add a userlist for creds and then enforce basic auth in the frontend. for example:
userlist proxy_users
user myuser insecure-password mypass
in the loadbalancer, use: acl auth_ok http_auth(proxy_users) and http-request auth unless auth_ok. dont forget to restart haproxy!
hey owen, have u considered using a reverse proxy like nginx instead? it might be easier to set up auth that way. just curious - what’s the use case for adding authentication to ur HAProxy setup? could be fun to explore other options too if you’re open to it!