You can secure access to private or protected sites in HAProxy by enabling basic authentication, which prompts users for a username and password.
Steps for Setting Up Basic Authentication:
Create User Details: In
/etc/haproxy/haproxy.cfg
, add the user list:userlist listofuser user udhay insecure-password udhayspassword user optionalAnotherUser insecure-password unsafepassword
Replace with your own credentials. However, using plain-text passwords is insecure. To create hashed passwords, follow these steps:
Hash the Password: Install the
mkpasswd
tool:Install the
mkpasswd
tool:sudo apt install whois
Has the password
mkpasswd -m sha-256 mypassword
The above will command will prove the hashed password as output like below,
$5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOl/
Replace the plain password
So you can replace the plain text password by hashed password. Then, the userlist will be
userlist listofuser user udhay password $5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOl/ # Other users
Add Basic Auth in HAProxy: Update your HAProxy configuration:
# Other config goes here frontend example_frontend # Other config goes here.... bind :443 ssl crt /etc/haproxy/ssl/udhay.dev.pem use_backend private_site if { hdr(host) -i udhay.dev } # Other backends will go here.. backend private_site # Add your other configs http-request auth unless { http_auth(listofusers) } server web_server 127.0.0.1:80
By following these steps, you'll have basic authentication enabled to secure your site.