I’m just getting started with HAProxy, and would be grateful for help with what’s probably a stupid question.
I have some users accessing from a desktop (for whom basic authentication is fine), and others by iphone, which doesn’t work well with basic authentication, so use client-side certificates. I’ve achieved this with two different ports and front ends, one requiring basic auth, and one requiring a client certificate (example cfg below). But it would be much neater to combine them, with one front end permitting access with EITHER a client certificate OR basic authentication.
Is that possible?
Current config as follows:
frontend example_server_password bind *:443 ssl crt /path/to/ssl_cert.pem acl Auth_Users http_auth(AuthUsers) http-request auth realm example_server_back if !Auth_Users default_backend example_server_back frontend example_server_cert bind *:444 ssl crt /path/to/ssl_cert.pem ca-file /path/to/client_cert.pem verify required default_backend example_server_back backend example_server_back http-request del-header Authorization server web01 localhost:8080 check userlist AuthUsers user exampleuser insecure-password sillypassword