Front End Authentication


#1

Hi Everyone,

New to HAProxy and trying to figure out how to get authentication to work on the front end. using haproxy 1.7.8

What i am aiming to do is the following:

Client -> HAProxy(as a proxy tunnel) -> server/1/2/3/4/5

I am running squid on the back end, everything is working but then i wanted to add authentication to HAProxy as i have white listed my HAProxy VM in the squid configuration which allows access to all connections. Note the ‘#’ are there as that is the configuration that works, when i remove them i get a ‘ERR_TUNNEL_CONNECTION_FAILED’ error.

Always the squid server is also local on another VM where i am using my /64 ipv6 from my ISP. Just trying to learn all these things.

Configuration:

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
#userlist Admins
#group AdminGroup users admin
#user admin insecure-password 1234

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

frontend http_front
#acl AuthOkay_UsersAuth http_auth(Admins)
#http-request auth realm Admins unless AuthOkay_UsersAuth
bind *:8000
stats uri /haproxy?stats
default_backend http_back

backend http_back
option http-tunnel
server squid0 x.x.x.x:20100 check
server squid1 x.x.x.x:20101 check
server squid2 x.x.x.x:20102 check
server squid3 x.x.x.x:20103 check
server squid4 x.x.x.x:20104 check
balance roundrobin

listen stats
bind *:8181
stats enable
stats uri /
stats realm Haproxy\ Statistics
stats auth test:test

Any tips would be great, Thanks!


#2

Authentication works for HTTP only. Exactly what is the protocol you are using here? Share client and squid configuration please.