0

I have two subdomains of 3-th level in single domain of 2-nd level, look up below:

  1. www.test.com
  2. dev.test.com

When I adjust basic authentication in HAproxy for dev.test.com only and trying open website in browser the system forces me pass authorization for both subdomains, I mean www.test.com want be authenticated too .

So my HAproxy configuration to your attention:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
        # bit setting for Diffie - Hellman key size.
        tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        stats enable
        stats uri /haproxy
        stats realm Haproxy\ Statistics
        stats auth admin:password
        stats refresh 30s
        stats hide-version
        stats show-legends
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

userlist AuthUsers
        user admin password $6$JP..........T6HgNKY

frontend www-http

        http-request redirect prefix http://www.%[hdr(host)] code 301 if { hdr(host) -i test.com }

        #   _   _   _   _  
        #  / \ / \ / \ / \ 
        # ( A | u | t | h )
        #  \_/ \_/ \_/ \_/
        acl authusers_acl http_auth(AuthUsers)
        http-request auth realm dev.test.com_backend if !authusers_acl

        acl proxy_www.test.com hdr(host) -i www.test.com
        use_backend www.test.com_backend if proxy_www.test.com

        acl proxy_dev.test.com hdr(host) -i dev.test.com
        use_backend dev.test.com_backend if proxy_dev.test.com

backend www.test.com_backend
        server www.test.com 192.168.1.99:8881

backend dev.test.com_backend
        server dev.test.com 192.168.1.100:8881

I've been inspired by this article, but goals are not reached. In this case of HAproxy configuratuion, Basic Auth works for both domains, when I try open them in web browser HAproxy force me pass authentication. I need make Basic Auth for one sub domain, for dev.test.com only! Domains www.test.com and test.com should works without authentication on web-server. Any ideas guys?

If apply this configuration case for different domains, I mean different domains of 2-nd level, this schema works fine. Difference of 3-th level domains are not affecting on differences in domains ‍♂️

Mikhail Shitikov
  • 11
  • 4

1 Answers1

1

For authentication to work the way you want, put authentication in the backend. try:

backend dev.test.com_backend
    acl authusers_acl http_auth(AuthUsers)
    http-request auth unless is_authenticated
    server dev.test.com 192.168.1.100:8881
luvres
  • 11
  • 1