HAProxy community

Authentication by client certificate OR basic auth

Hi,

I’m just getting started with HAProxy, and would be grateful for help with what’s probably a stupid question.

I have some users accessing from a desktop (for whom basic authentication is fine), and others by iphone, which doesn’t work well with basic authentication, so use client-side certificates. I’ve achieved this with two different ports and front ends, one requiring basic auth, and one requiring a client certificate (example cfg below). But it would be much neater to combine them, with one front end permitting access with EITHER a client certificate OR basic authentication.

Is that possible?

Current config as follows:

frontend example_server_password
   bind *:443 ssl crt  /path/to/ssl_cert.pem
   acl Auth_Users http_auth(AuthUsers)
   http-request auth realm example_server_back if !Auth_Users
   default_backend example_server_back
 
frontend example_server_cert
   bind *:444 ssl crt  /path/to/ssl_cert.pem ca-file /path/to/client_cert.pem verify required 
   default_backend example_server_back

backend example_server_back
	http-request del-header Authorization
	server web01 localhost:8080 check
 
userlist AuthUsers
        user exampleuser insecure-password sillypassword