Hi,
I’m just getting started with HAProxy, and would be grateful for help with what’s probably a stupid question.
I have some users accessing from a desktop (for whom basic authentication is fine), and others by iphone, which doesn’t work well with basic authentication, so use client-side certificates. I’ve achieved this with two different ports and front ends, one requiring basic auth, and one requiring a client certificate (example cfg below). But it would be much neater to combine them, with one front end permitting access with EITHER a client certificate OR basic authentication.
Is that possible?
Current config as follows:
frontend example_server_password
bind *:443 ssl crt /path/to/ssl_cert.pem
acl Auth_Users http_auth(AuthUsers)
http-request auth realm example_server_back if !Auth_Users
default_backend example_server_back
frontend example_server_cert
bind *:444 ssl crt /path/to/ssl_cert.pem ca-file /path/to/client_cert.pem verify required
default_backend example_server_back
backend example_server_back
http-request del-header Authorization
server web01 localhost:8080 check
userlist AuthUsers
user exampleuser insecure-password sillypassword