OPNsense Forum

English Forums => General Discussion => Topic started by: morcom on July 19, 2016, 05:39:56 pm

Title: [SOLVED]: HAProxy with authentication
Post by: morcom on July 19, 2016, 05:39:56 pm

Hi,

I have HA Proxy finally working - modifying some firewall rules - but as expected.

Now I have second question...
Server should be accessible after authentication - just basic.
I know in HAProxy I can do that  in theory adding some extra configuration like

Code: [Select]

userlist httpusers
  user username insecure-password password

frontend server2
  acl auth_acl http_auth(httpusers)
  http-request auth realm basicauth unless auth_acl
Can I do that through HAProxy GUI - or the only possibility is to dig inside the config file from CLI?

If GUI is possible to use - any suggestions?

Thanks in advance for help

Mike

Title: Re: HAProxy with authentication
Post by: morcom on July 20, 2016, 11:31:26 am

 :)

Looks like solved.

So actually Advanced configuration is needed.

In General -> Global Parameters in Advanced mode:

Custom options:

Code: [Select]

userlist httpusers
  user username insecure-password password
Then in Frontend -> Advanced configuration

Options pass-through:

Code: [Select]

  acl auth_acl http_auth(httpusers)
  http-request auth realm basicauth unless auth_acl
Then you test syntax and then you Apply.

I would suggest to restart as well HAProxy.

I have noticed after changes that after restart HAProxy is not always up. In that case if I Disable and Enable HAProxy - it is up back. Starting from dashboard was not working for me... but maybe it is just me.

After that be sure to clean all your cookies and access the site. It should ask for authentication.

That is what was needed.... So it works fine.

Self solving - I need just to be more familiar with the way how the OPNsense is working. But so far - I like this. I like flexibility - and so far in most cases it is very flexibel.

Thanks

Mike

Title: Re: [SOLVED]: HAProxy with authentication
Post by: franco on July 21, 2016, 09:45:36 am

Hi Mike,

Thanks for the step by step guide. This will be helpful for others down the road. :)

"Fraenki" is the maintainer of the HAProxy plugin, talking to him directly may be of value to you too.


Cheers,
Franco

Title: Re: [SOLVED]: HAProxy with authentication
Post by: dragon2611 on January 13, 2018, 01:58:34 pm

Just a couple notes:

1) It's now in Settings > Global Paramaters

2) The config to use HTTP auth can either go in Virtual Services  > Public Services (New name for Frontend) OR Virtual Services > Backend Pools

what you do in 2 largely depends if you want to force authentication for everything served by that frontend instance or if you have multiple backend servers/sites you may only want to force authentication on some of them.