Haproxy and HTTP basic auth via gui

paulsnoop · May 16, 2016, 4:15 PM

Can anyone tell me if it is possible to do this via the GUI? I'm using haproxy (non-dev) to wrap https traffic to a http server and need a password prompt (don't ask ;)). At the moment I'm doing it in a config file and restarting haproxy on the command line to prevent the GUI overwriting my manual changes, it is working perfectly but not a very pretty solution.

userlist UsersFor_AcmeCorp
  user joebloggs insecure-password letmein

backend HttpServers
  .. normal backend stuff goes here as usual ..
  acl AuthOkay_AcmeCorp http_auth(UsersFor_AcmeCorp)
  http-request auth realm AcmeCorp if !AuthOkay_AcmeCorp

I've basically just copied the config from this post
https://nbevans.wordpress.com/2011/03/03/cultural-learnings-of-ha-proxy-for-make-benefit/

Any advice, I'm sure I'm missing something obvious? Thanks.

PiBa · May 16, 2016, 10:04 PM

Hi Paul,

Its currently not completely possible by clicking a few buttons/checkboxes in the gui.

You should however be able to put the user list in the advanced option on the settings tab.

As for the acl and http-request auth..
It is possible to define a 'custom acl' and use the action 'http-request auth' with that acl.
But you might want to just put it in the 'advanced' textbox on a backend edit page depends a bit what you like better..
That should be effectively included into the generated configuration parts.

Regards,
PiBa-NL

paulsnoop · May 17, 2016, 8:46 AM

Many thanks for the guidance PiBa, I'll have a go at doing it this way and let you know how it ends up.

paulsnoop · May 17, 2016, 12:28 PM

That seems to have done the job nicely, thanks very much for the advice.

vexter0944 · Feb 1, 2018, 3:44 PM

Am newer to pfsense and brand new to haproxy - but am highly interested in setting up basic auth for some things I'm running at my house behind haproxy. I have lets encrypt up and running, working fine. I understand what is being done here to a point, but when I tried pasting in something as a test - pfesense haproxy basically crashed out when I restarted it to save changes…can anyone point me in the right direction to get this going? I need to know where to put what in the pfsense config more or less. Thanks for any help ahead of time.

Lockzi · Feb 6, 2018, 8:23 PM

@PiBa:

Hi Paul,

Its currently not completely possible by clicking a few buttons/checkboxes in the gui.

You should however be able to put the user list in the advanced option on the settings tab.

As for the acl and http-request auth..
It is possible to define a 'custom acl' and use the action 'http-request auth' with that acl.
But you might want to just put it in the 'advanced' textbox on a backend edit page depends a bit what you like better..
That should be effectively included into the generated configuration parts.

Regards,
PiBa-NL

Dear PiBa-NL

Would you mind elaborating on the other option?

I have a working solution and have been running one for a long time just like explained above using the passthrough text boxes. I have now reached a situation where I would like to exclude some backends from Basic HTTP Auth. How would I choose through ACL/Actions which ones would require Basic HTTP Auth?

PiBa · Jul 3, 2018, 6:54 PM

@Lockzi , sorry for late reply.
Attached screenshots of what i meant with the custom acl. Maybe they will help you, or someone else finding this..

🔒 Log in to view 🔒 Log in to view

itbrain · Jul 3, 2018, 6:54 PM

Dear PiBa-NL

The screenshots are not visible, would be of great help if you could repost them.

Thank you!
Luc

PiBa · Feb 28, 2019, 8:27 PM

@itbrain
Added the screenshots back..