Add basic auth to a load balancer

Hi guys,

Is it possible to add some really simple basic auth to a load balancer configuration in Rancher or would a custom image be preferred (such as some nginx one’s I’ve seen)?

Regards

Dan

I tried giving a name to the backend and the following config to no avail:

global
 userlist L1
   group G1 users tiger,scott
   group G2 users xdb,scott

  user tiger password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91
  user scott insecure-password elgato
  user xdb insecure-password hello

backend conversr
    acl AuthOkay_UsersAuth http_auth(UsersAuth)
    http-request auth realm UserAuth if !AuthOkay_UsersAuth

Mostly copied from the manual. The logs say:

12/2/2016 5:32:04 PMtime="2016-12-02T17:32:04Z" level=info msg=" -- reloading haproxy config with the new config changes\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:4] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:5] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:14] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:15] : 'user' cannot handle unexpected argument 'password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:16] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg\n[WARNING] 336/173204 (112) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:50] : unable to find userlist 'UsersAuth' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'conversr'.\n[ALERT] 336/173204 (112) : Fatal errors found in configuration.\n"
12/2/2016 5:32:04 PMtime="2016-12-02T17:32:04Z" level=error msg="Failed to apply lb config on provider: error reloading  -- reloading haproxy config with the new config changes\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:4] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:5] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:14] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:15] : 'user' cannot handle unexpected argument 'password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:16] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg\n[WARNING] 336/173204 (112) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:50] : unable to find userlist 'UsersAuth' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'conversr'.\n[ALERT] 336/173204 (112) : Fatal errors found in configuration.\n: exit status 1"
1 Like

@Daniel_Skinner it is a bug on our side in custom config processing that has to be fixed:

1 Like

Awesome, thanks for investigating so quickly.

Upgraded to 1.2.1 but the fix doesn’t seem to be enough to allow basic auth to work. Here’s my custom haproxy config:

userlist L1
         user xdb insecure-password hello

backend myApp
         acl AuthOkay_UsersAuth http_auth(L1)
         http-request auth realm UserAuth if !AuthOkay_UsersAuth

The container doesn’t complain about the config and starts now but I don’t get the basic auth prompt.

Where am I going wrong?

Updated: I have attached the details on the GitHub ticket mentioned by @alena : https://github.com/rancher/rancher/issues/6888


I have the same issue, not being able to make the basic auth working.

rancher/lb-service-haproxy: v0.4.9
Rancher v1.3.2
Cattle v0.175.8
User Interface v1.3.6
Rancher Compose v0.12.1

The logs of the container indicate:
parsing [/etc/haproxy/haproxy.cfg:32] : unable to find userlist 'xxx' referenced in arg 1 of ACL

I tried with and without the global keyword.