So researching authentication, I came across : https://blog.taragana.com/guide-haproxy-http-basic-authentication-for-specific-sites-ssl-termination-15813
I am running haproxy within an LXD container. No authentication works fine with SSL. However I need to
require authentication to another LXD container that is running a nodejs app. I figured this haproxy authentication would be very simple to implement. And it was. However, it is only working one time. Subsequent access to the same site is not requiring authentication. Is it because I already authenticated?
I am using multiple Chrome tabs. So the first time with Chrome as well as Firefox required authentication but not subsequent to that.
Here is my frontend:
frontend http_lb bind *:80 bind *:443 ssl crt /etc/haproxy/certs/bcast.mydomain.us.pem redirect scheme https if !{ ssl_fc } acl website hdr(host) -i mydomain.us www.mydomain.us acl broadcast hdr(host) -i bcast.mydomain.us acl authorized http_auth(AuthUsers) http-request auth realm bcast1 if broadcast !authorized acl acl_letsencrypt path_beg /.well-known/acme-challenge/ use_backend be_letsencrypt if acl_letsencrypt # acl conf hdr(host) -i conf.mydomain.us use_backend mainweb if website use_backend bcast1 if broadcast authorized
And backend bcast1:
backend bcast1
balance leastconn
http-request set-header X-Client-IP %[src]
redirect scheme https if ! { ssl_fc }
server broadcast1 broadcast.lxd:9001 check ssl verify none
http-request del-header Authorization
So, keep in mind all un-authenticataed access works as SSL. It’s when I add the above cfg, authentication works one time only, then un-authenticated access is allowed.
Thanks and look forward to your responses.