DEV Community

Cover image for HAProxy Basic Login Authentication
🚀 Vu Dao 🚀
🚀 Vu Dao 🚀

Posted on

6 1

HAProxy Basic Login Authentication

- In haproxy config, there is no limit to the number of http-request statements per instance so we can add the rules to request basic login to the site but whitelist specials IPs


🚀 Setup HAProxy config which contains basic login to access the dashboard and allow access for special resource IP

  • Generate haproxy encrypted password
printf "thepassword" | mkpasswd --stdin --method=sha-256
Enter fullscreen mode Exit fullscreen mode
  • Modify haproxy.cfg which allow access for requests from source 18.69.61.21 but requires login for others
userlist AuthUsers
        user haproxyreport password $5$3VeorK1XxvgRseQ$VBkOPCY2enWZsas.C6X9Iif0FPHDknXXXXXXXXX

frontend fe-verify
        bind *:443 ssl crt /etc/certs

        acl haproxy_report hdr(host) haproxy-report.cloudopz.co

        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        use_backend haproxy-report-backend if haproxy_report

# haproxy-report-backend
backend haproxy-report-backend
        acl authorized http_auth(AuthUsers)
        acl nagios src 18.69.61.21
        http-request allow if nagios
        http-request auth realm haproxyreport if !authorized
        server haproxy-report 127.0.0.1:1800
Enter fullscreen mode Exit fullscreen mode

More about haproxy

Reference

🌠 Blog · Github · Web · Linkedin · Group · Page · Twitter 🌠

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (1)

Collapse
 
gruentee profile image
Constantin

I don't get why everyone seems to suggest echoing your password and piping it to mkpassword. To my mind this only makes sense in a programmatic use-case where one wants to avoid the script from showing a prompt.
But when generating your password manually using mkpasswd interactively has one security advantage: you don't leave your clear-text password in your history!

So instead of echo "the password" | mkpasswd --stdin one would better just use mkpassword … IMHO.

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay