Haproxy and HTTP basic auth via gui
-
Can anyone tell me if it is possible to do this via the GUI? I'm using haproxy (non-dev) to wrap https traffic to a http server and need a password prompt (don't ask ;)). At the moment I'm doing it in a config file and restarting haproxy on the command line to prevent the GUI overwriting my manual changes, it is working perfectly but not a very pretty solution.
userlist UsersFor_AcmeCorp user joebloggs insecure-password letmeinbackend HttpServers .. normal backend stuff goes here as usual .. acl AuthOkay_AcmeCorp http_auth(UsersFor_AcmeCorp) http-request auth realm AcmeCorp if !AuthOkay_AcmeCorpI've basically just copied the config from this post
https://nbevans.wordpress.com/2011/03/03/cultural-learnings-of-ha-proxy-for-make-benefit/Any advice, I'm sure I'm missing something obvious? Thanks.
-
Hi Paul,
Its currently not completely possible by clicking a few buttons/checkboxes in the gui.
You should however be able to put the user list in the advanced option on the settings tab.
As for the acl and http-request auth..
It is possible to define a 'custom acl' and use the action 'http-request auth' with that acl.
But you might want to just put it in the 'advanced' textbox on a backend edit page depends a bit what you like better..
That should be effectively included into the generated configuration parts.Regards,
PiBa-NL -
Many thanks for the guidance PiBa, I'll have a go at doing it this way and let you know how it ends up.
-
That seems to have done the job nicely, thanks very much for the advice.
-
Am newer to pfsense and brand new to haproxy - but am highly interested in setting up basic auth for some things I'm running at my house behind haproxy. I have lets encrypt up and running, working fine. I understand what is being done here to a point, but when I tried pasting in something as a test - pfesense haproxy basically crashed out when I restarted it to save changes…can anyone point me in the right direction to get this going? I need to know where to put what in the pfsense config more or less. Thanks for any help ahead of time.
-
Hi Paul,
Its currently not completely possible by clicking a few buttons/checkboxes in the gui.
You should however be able to put the user list in the advanced option on the settings tab.
As for the acl and http-request auth..
It is possible to define a 'custom acl' and use the action 'http-request auth' with that acl.
But you might want to just put it in the 'advanced' textbox on a backend edit page depends a bit what you like better..
That should be effectively included into the generated configuration parts.Regards,
PiBa-NLDear PiBa-NL
Would you mind elaborating on the other option?
I have a working solution and have been running one for a long time just like explained above using the passthrough text boxes. I have now reached a situation where I would like to exclude some backends from Basic HTTP Auth. How would I choose through ACL/Actions which ones would require Basic HTTP Auth?
-
@Lockzi , sorry for late reply.
Attached screenshots of what i meant with the custom acl. Maybe they will help you, or someone else finding this..
-
Dear PiBa-NL
The screenshots are not visible, would be of great help if you could repost them.
Thank you!
Luc -
@itbrain
Added the screenshots back..