Hello there.
I’m using HaProxy reverse proxy with https for a few months now.
Here is my conf :
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
option forwardfor except 127.0.0.0/8
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
############################################
frontend port80-redirect
mode http
bind 192.168.10.5:80
redirect scheme https
############################################
frontend port443-relay
bind 192.168.10.5:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend backendgogs if { req_ssl_sni -i mydomain1 }
use_backend backendmulticraft if { req_ssl_sni -i mydomain2 }
use_backend backendwigo if { req_ssl_sni -i mydomain3 }
default_backend backendgogs
############################################
backend backendgogs
mode tcp
server vm-git ip1:443 maxconn 32
backend backendmulticraft
mode tcp
server vm-multicraft ip2:443 maxconn 32
backend backendwigo
mode tcp
server vm-wigo ip3:443 maxconn 32
Here is my question :
One of my web interface (mydomain3, the last backend) does not have an authentification system.
As I know it is possible to have an basic authentification with HaProxy, but i’m not sure about how it works.
I tried to add an userlist :
userlist Admins
group AdminGroup users admin
user admin password 1d4cdafaac5871387085b898f4ff81be
And then add this to the backend :
acl AuthOkay_UsersAuth http_auth(Admins)
http-request auth realm Admins if !AuthOkay_Admins
But HaProxy fail to start, so I guess something is wrong.
If someone could enlight me, I would be grateful