HAProxy Basic Authentication

HAProxy Basic Authentication

You can secure access to private or protected sites in HAProxy by enabling basic authentication, which prompts users for a username and password.

Steps for Setting Up Basic Authentication:

  1. Create User Details: In /etc/haproxy/haproxy.cfg, add the user list:

     userlist listofuser
       user udhay insecure-password udhayspassword
       user optionalAnotherUser insecure-password unsafepassword
    

    Replace with your own credentials. However, using plain-text passwords is insecure. To create hashed passwords, follow these steps:

  2. Hash the Password: Install the mkpasswd tool:

    1. Install the mkpasswd tool:

       sudo apt install whois
      
    2. Has the password

       mkpasswd -m sha-256 mypassword
      

      The above will command will prove the hashed password as output like below,

       $5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOl/
      
    3. Replace the plain password

      So you can replace the plain text password by hashed password. Then, the userlist will be

       userlist listofuser
         user udhay password $5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOl/
         # Other users
      
  3. Add Basic Auth in HAProxy: Update your HAProxy configuration:

     # Other config goes here
     frontend example_frontend
       # Other config goes here....
       bind :443 ssl crt /etc/haproxy/ssl/udhay.dev.pem
       use_backend private_site if { hdr(host) -i udhay.dev }
       # Other backends will go here..
    
     backend private_site
       # Add your other configs
       http-request auth unless { http_auth(listofusers) }
       server web_server 127.0.0.1:80
    

By following these steps, you'll have basic authentication enabled to secure your site.