DEV Community

Cover image for HAProxy Basic Login Authentication
🚀 Vu Dao 🚀
🚀 Vu Dao 🚀

Posted on

6 1

HAProxy Basic Login Authentication

- In haproxy config, there is no limit to the number of http-request statements per instance so we can add the rules to request basic login to the site but whitelist specials IPs


🚀 Setup HAProxy config which contains basic login to access the dashboard and allow access for special resource IP

  • Generate haproxy encrypted password
printf "thepassword" | mkpasswd --stdin --method=sha-256
Enter fullscreen mode Exit fullscreen mode
  • Modify haproxy.cfg which allow access for requests from source 18.69.61.21 but requires login for others
userlist AuthUsers
        user haproxyreport password $5$3VeorK1XxvgRseQ$VBkOPCY2enWZsas.C6X9Iif0FPHDknXXXXXXXXX

frontend fe-verify
        bind *:443 ssl crt /etc/certs

        acl haproxy_report hdr(host) haproxy-report.cloudopz.co

        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        use_backend haproxy-report-backend if haproxy_report

# haproxy-report-backend
backend haproxy-report-backend
        acl authorized http_auth(AuthUsers)
        acl nagios src 18.69.61.21
        http-request allow if nagios
        http-request auth realm haproxyreport if !authorized
        server haproxy-report 127.0.0.1:1800
Enter fullscreen mode Exit fullscreen mode

More about haproxy

Reference

🌠 Blog · Github · Web · Linkedin · Group · Page · Twitter 🌠

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (1)

Collapse
 
gruentee profile image
Constantin

I don't get why everyone seems to suggest echoing your password and piping it to mkpassword. To my mind this only makes sense in a programmatic use-case where one wants to avoid the script from showing a prompt.
But when generating your password manually using mkpasswd interactively has one security advantage: you don't leave your clear-text password in your history!

So instead of echo "the password" | mkpasswd --stdin one would better just use mkpassword … IMHO.

Bump.sh

Hate writing docs?

Hate undocumented APIs even more?

Bump.sh generates an always up-to-date API reference site for REST and Event-Driven Architectures.

Plug it in your CI. It fetches your OpenAPI and AsyncAPI (GraphQL pending) spec files, and even generates a diff. Gather all of your API docs in a single source of truth.

Try it for free

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay