HAProxy: Setting Up Basic Authentication

You can secure access to private or protected sites in HAProxy by enabling basic authentication, which prompts users for a username and password.

Steps for Setting Up Basic Authentication:

1. Create User Details: In /etc/haproxy/haproxy.cfg, add the user list:

 userlist listofuser
   user udhay insecure-password udhayspassword
   user optionalAnotherUser insecure-password unsafepasswordbash  

Replace with your own credentials. However, using plain-text passwords is insecure. To create hashed passwords, follow these steps:

2. Hash the Password: Install the mkpasswd tool:

2.1 Install the mkpasswd tool:

sudo apt install whoisbash

2.2 Has the password

mkpasswd -m sha-256 mypassword

The above will command will prove the hashed password as output like below,

$5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOl/

2.3 Replace the plain password

So you can replace the plain text password by hashed password. Then, the userlist will be

userlist listofuser
   user udhay password $5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOl/

3. Add Basic Auth in HAProxy: Update your HAProxy configuration:

 # Other config goes here
 frontend example_frontend
   # Other config goes here....
   bind :443 ssl crt /etc/haproxy/ssl/udhay.dev.pem
   use_backend private_site if { hdr(host) -i udhay.dev }
   # Other backends will go here..

 backend private_site
   # Add your other configs
   http-request auth unless { http_auth(listofusers) }
   server web_server 127.0.0.1:80

By following these steps, you’ll have basic authentication enabled to secure your site.

Originally published at https://blog.udhay.dev on September 27, 2024.