Hi guys,
Is it possible to add some really simple basic auth to a load balancer configuration in Rancher or would a custom image be preferred (such as some nginx one’s I’ve seen)?
Regards
Dan
I tried giving a name to the backend and the following config to no avail:
global
userlist L1
group G1 users tiger,scott
group G2 users xdb,scott
user tiger password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91
user scott insecure-password elgato
user xdb insecure-password hello
backend conversr
acl AuthOkay_UsersAuth http_auth(UsersAuth)
http-request auth realm UserAuth if !AuthOkay_UsersAuth
Mostly copied from the manual. The logs say:
12/2/2016 5:32:04 PMtime="2016-12-02T17:32:04Z" level=info msg=" -- reloading haproxy config with the new config changes\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:4] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:5] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:14] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:15] : 'user' cannot handle unexpected argument 'password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:16] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg\n[WARNING] 336/173204 (112) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:50] : unable to find userlist 'UsersAuth' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'conversr'.\n[ALERT] 336/173204 (112) : Fatal errors found in configuration.\n"
12/2/2016 5:32:04 PMtime="2016-12-02T17:32:04Z" level=error msg="Failed to apply lb config on provider: error reloading -- reloading haproxy config with the new config changes\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:4] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:5] : 'group' cannot handle unexpected argument 'users'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:14] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:15] : 'user' cannot handle unexpected argument 'password'.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:16] : 'user' cannot handle unexpected argument 'insecure-password'.\n[ALERT] 336/173204 (112) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg\n[WARNING] 336/173204 (112) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[ALERT] 336/173204 (112) : parsing [/etc/haproxy/haproxy.cfg:50] : unable to find userlist 'UsersAuth' referenced in arg 1 of ACL keyword 'http_auth' in proxy 'conversr'.\n[ALERT] 336/173204 (112) : Fatal errors found in configuration.\n: exit status 1"
1 Like
Awesome, thanks for investigating so quickly.
Upgraded to 1.2.1 but the fix doesn’t seem to be enough to allow basic auth to work. Here’s my custom haproxy config:
userlist L1
user xdb insecure-password hello
backend myApp
acl AuthOkay_UsersAuth http_auth(L1)
http-request auth realm UserAuth if !AuthOkay_UsersAuth
The container doesn’t complain about the config and starts now but I don’t get the basic auth prompt.
Where am I going wrong?
Updated: I have attached the details on the GitHub ticket mentioned by @alena : https://github.com/rancher/rancher/issues/6888
I have the same issue, not being able to make the basic auth working.
rancher/lb-service-haproxy: v0.4.9
Rancher v1.3.2
Cattle v0.175.8
User Interface v1.3.6
Rancher Compose v0.12.1
The logs of the container indicate:
parsing [/etc/haproxy/haproxy.cfg:32] : unable to find userlist 'xxx' referenced in arg 1 of ACL
I tried with and without the global keyword.