Implement basic authentication


#1

Hi Team,

Lets suppose I’ve configured a my website with domain name “abc.zahid.com” configured in nginx. I also use subdomains like “static1.abc.zahid.com”, “static2.abc.zahid.com”, “static3.abc.zahid.com” which are configured in same vhost as “abc.zahid.com

Now I want a simple authentication on my haproxy where anybody who visits “abc.zahid.com” should be prompted (ONLY once) from a username and password. once the desired password is entered it should allow all sub domains as well.

I’ve done this on my setup on haproxy, however, it is prompting for authorization on every request plz help.

Following is my haproxy config:

userlist UsersFor_kennel
user username insecure-password password

frontend http-mpweb
bind 192.168.1.10:80
reqadd X-Forwarded-Proto:\ http
mode http
option http-server-close

    acl host_zahid hdr(host) -i abc.zahid.com
    use_backend static-backend if host_zahid

    acl host_zahid hdr(host) -i static1.abc.zahid.com
    use_backend static-backend if host_zahid

    acl host_zahid hdr(host) -i static2.abc.zahid.com
    use_backend static-backend if host_zahid

    acl host_zahid hdr(host) -i static3.abc.zahid.com
    use_backend static-backend if host_zahid

backend static-backend

acl AuthOkay_kennel http_auth(UsersFor_kennel)
http-request auth realm kennel if !AuthOkay_kennel

    balance roundrobin
    option http-server-close
    option forwardfor
    cookie mpstatic insert indirect nocache
    option httpchk HEAD /LoadBalancer_HealthCheck.php HTTP/1.0
    server web 192.168.1.20:80 cookie mpstatic1 check

Kindly let me know if any issue with above config.

Best Regards,
Zahid


#2

That’s not how HTTP authentication works. Each request has to be authenticated. If it isn’t, haproxy will ask for it via a “401 Unauthorized” response.

Also see:


#3

Hi,

Could you please correct me with my config to only ask for authentication once and then allow me withou redundant 401.

Thanks for your kind help in advance
Best regards,
Zahid


#4

What I am saying is that what you are asking is not possible with HTTP Basic authentication.

Also see:



#5

Hi Lukastribus,

Ohh!! Is there a workaround.

I’ve done a lot of research but not able to find anything concrete. It keeps on asking me the haproxy basic authentication credentials. Please help!!

The following is my architecture

haproxy --> Nginx (abc.zahid.com, static[123].abc.zahid.com) --> tomcat

Best Regards,
Zahid


#6

I will repeat myself for the third time now, hoping you understand:

This is not possible with HTTP Basic Auth, there is no workaround. It would be possible with Digest Auth, but haproxy doesn’t support it.