Hi guys,
Is it possible to add some really simple basic auth to a load balancer configuration in Rancher or would a custom image be preferred (such as some nginx one’s I’ve seen)?
Regards
Dan
Hi guys,
Is it possible to add some really simple basic auth to a load balancer configuration in Rancher or would a custom image be preferred (such as some nginx one’s I’ve seen)?
Regards
Dan
I tried giving a name to the backend and the following config to no avail:
global
userlist L1
group G1 users tiger,scott
group G2 users xdb,scott
user tiger password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91
user scott insecure-password elgato
user xdb insecure-password hello
backend conversr
acl AuthOkay_UsersAuth http_auth(UsersAuth)
http-request auth realm UserAuth if !AuthOkay_UsersAuth
Mostly copied from the manual. The logs say:
12/2/2016 5:32:04 PMtime="2016-12-02T17:32:04Z" level=info msg=" -- reloading haproxy config with the new config changes\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:4] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:5] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:14] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:15] : 'user' cannot handle unexpected argument 'password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:16] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg\n[WARNING] 336/173204 (112) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:50] : unable to find userlist 'UsersAuth' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'conversr'.\n[ALERT] 336/173204 (112) : Fatal errors found in configuration.\n"
12/2/2016 5:32:04 PMtime="2016-12-02T17:32:04Z" level=error msg="Failed to apply lb config on provider: error reloading -- reloading haproxy config with the new config changes\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:4] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:5] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:14] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:15] : 'user' cannot handle unexpected argument 'password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:16] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg\n[WARNING] 336/173204 (112) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:50] : unable to find userlist 'UsersAuth' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'conversr'.\n[ALERT] 336/173204 (112) : Fatal errors found in configuration.\n: exit status 1"
Awesome, thanks for investigating so quickly.
Upgraded to 1.2.1 but the fix doesn’t seem to be enough to allow basic auth to work. Here’s my custom haproxy config:
userlist L1
user xdb insecure-password hello
backend myApp
acl AuthOkay_UsersAuth http_auth(L1)
http-request auth realm UserAuth if !AuthOkay_UsersAuth
The container doesn’t complain about the config and starts now but I don’t get the basic auth prompt.
Where am I going wrong?
Updated: I have attached the details on the GitHub ticket mentioned by @alena : https://github.com/rancher/rancher/issues/6888
I have the same issue, not being able to make the basic auth working.
rancher/lb-service-haproxy: v0.4.9
Rancher v1.3.2
Cattle v0.175.8
User Interface v1.3.6
Rancher Compose v0.12.1
The logs of the container indicate:
parsing [/etc/haproxy/haproxy.cfg:32] : unable to find userlist 'xxx' referenced in arg 1 of ACL
I tried with and without the global keyword.