haproxy 1.7.5-2 / usr / share / doc / haproxy / examples / auth.cfg

This file is indexed.

/usr/share/doc/haproxy/examples/auth.cfg is in haproxy 1.7.5-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
global
#	chroot /var/empty/
#	uid 451
#	gid 451
	log 192.168.131.214:8514 local4 debug
	maxconn 8192

defaults
	timeout connect		3500
	timeout queue		11000
	timeout tarpit		12000
	timeout client		30000
	timeout http-request	40000
	timeout http-keep-alive	5000
	timeout server		40000
	timeout check		7000

	option	contstats
	option	log-health-checks

################################
userlist customer1
	group adm users tiger,xdb
	group dev users scott,tiger
	group uat users boss,xdb,tiger
	user scott insecure-password cat
	user tiger insecure-password dog
	user xdb insecure-password hello
	user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91

userlist customer1alt
	group adm
	group dev
	group uat
	user scott insecure-password cat groups dev
	user tiger insecure-password dog groups adm,dev,uat
	user xdb insecure-password hello groups adm,uat
	user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat

# Both customer1 and customer1alt userlist are functionally identical

frontend c1
	bind 127.101.128.1:8080
	log global
	mode http

	acl host_stats	hdr_beg(host) -i stats.local
	acl host_dev	hdr_beg(host) -i dev.local
	acl host_uat	hdr_beg(host) -i uat.local

	acl auth_uat	http_auth_group(customer1) uat

	# auth for host_uat checked in frontend, use realm "uat"
	http-request	auth realm uat if host_uat !auth_uat

	use_backend	c1stats if host_stats
	use_backend	c1dev	if host_dev
	use_backend	c1uat	if host_uat

backend c1uat
	mode http
	log global

	server s6 192.168.152.206:80
	server s7 192.168.152.207:80

backend c1dev
	mode http
	log global

	# require users from customer1 assigned to group dev
	acl auth_ok	http_auth_group(customer1) dev

	# auth checked in backend, use default realm (c1dev)
	http-request auth if !auth_ok

	server s6 192.168.152.206:80
	server s7 192.168.152.207:80

backend c1stats
	mode http
	log global

	# stats auth checked in backend, use default realm (Stats)
	acl nagios	src 192.168.126.31
	acl guests	src 192.168.162.0/24
	acl auth_ok	http_auth_group(customer1) adm

	stats enable
	stats refresh 60
	stats uri /
	stats scope c1
	stats scope c1stats

	# unconditionally deny guests, without checking auth or asking for a username/password
	stats http-request deny if guests

	# allow nagios without password, allow authenticated users
	stats http-request allow if nagios
	stats http-request allow if auth_ok

	# ask for a username/password
	stats http-request auth realm Stats


################################
userlist customer2
	user peter insecure-password peter
	user monica insecure-password monica

frontend c2
	bind 127.201.128.1:8080
	log global
	mode http

	acl auth_ok http_auth(customer2)
	acl host_b1 hdr(host) -i b1.local

	http-request auth unless auth_ok

	use_backend	c2b1 if host_b1
	default_backend	c2b0

backend c2b1
	mode http
	log global

	server s1 192.168.152.201:80

backend c2b0
	mode http
	log global

	server s1 192.168.152.201:80

APT Browse - Built by Thomas Orozco.