Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 6e0128630b80d691c915cba5cec43db59d191898 / . / examples / auth.cfg
blob: 08d00342cbe7db6f9920827b34fcff5f2942d749 [file] [log] [blame]
Krzysztof Piotr Oledzki56317a22010-02-07 16:50:08 +0100[diff] [blame]1global
2# chroot /var/empty/
3# uid 451
4# gid 451
5 log 192.168.131.214:8514 local4 debug
6 maxconn 8192
7
8defaults
9 timeout connect 3500
10 timeout queue 11000
11 timeout tarpit 12000
12 timeout client 30000
13 timeout http-request 40000
14 timeout http-keep-alive 5000
15 timeout server 40000
16 timeout check 7000
17
18 option contstats
19 option log-health-checks
20
21################################
22userlist customer1
23 group adm users tiger,xdb
24 group dev users scott,tiger
25 group uat users boss,xdb,tiger
26 user scott insecure-password cat
27 user tiger insecure-password dog
28 user xdb insecure-password hello
29 user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91
30
31userlist customer1alt
32 group adm
33 group dev
34 group uat
35 user scott insecure-password cat groups dev
36 user tiger insecure-password dog groups adm,dev,uat
37 user xdb insecure-password hello groups adm,uat
38 user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat
39
40# Both customer1 and customer1alt userlist are functionally identical
41
42frontend c1
43 bind 127.101.128.1:8080
44 log global
45 mode http
46
47 acl host_stats hdr_beg(host) -i stats.local
48 acl host_dev hdr_beg(host) -i dev.local
49 acl host_uat hdr_beg(host) -i uat.local
50
51 acl auth_uat http_auth_group(customer1) uat
52
53 # auth for host_uat checked in frontend, use realm "uat"
54 http-request auth realm uat if host_uat !auth_uat
55
56 use_backend c1stats if host_stats
57 use_backend c1dev if host_dev
58 use_backend c1uat if host_uat
59
60backend c1uat
61 mode http
62 log global
63
64 server s6 192.168.152.206:80
65 server s7 192.168.152.207:80
66
67backend c1dev
68 mode http
69 log global
70
71 # require users from customer1 assigned to group dev
72 acl auth_ok http_auth_group(customer1) dev
73
74 # auth checked in backend, use default realm (c1dev)
75 http-request auth if !auth_ok
76
77 server s6 192.168.152.206:80
78 server s7 192.168.152.207:80
79
80backend c1stats
81 mode http
82 log global
83
84 # stats auth checked in backend, use default realm (Stats)
85 acl nagios src 192.168.126.31
86 acl guests src 192.168.162.0/24
87 acl auth_ok http_auth_group(customer1) adm
88
89 stats enable
90 stats refresh 60
91 stats uri /
92 stats scope c1
93 stats scope c1stats
94
95 # unconditionally deny guests, without checking auth or asking for a username/password
96 stats http-request deny if guests
97
98 # allow nagios without password, allow authenticated users
99 stats http-request allow if nagios
100 stats http-request allow if auth_ok
101
102 # ask for a username/password
103 stats http-request auth realm Stats
104
105
106################################
107userlist customer2
108 user peter insecure-password peter
109 user monica insecure-password monica
110
111frontend c2
112 bind 127.201.128.1:8080
113 log global
114 mode http
115
116 acl auth_ok http_auth(customer2)
117 acl host_b1 hdr(host) -i b1.local
118
119 http-request auth unless auth_ok
120
121 use_backend c2b1 if host_b1
122 default_backend c2b0
123
124backend c2b1
125 mode http
126 log global
127
128 server s1 192.168.152.201:80
129
130backend c2b0
131 mode http
132 log global
133
134 server s1 192.168.152.201:80