Commit d9aac289 authored by Lukáš Lalinský's avatar Lukáš Lalinský

Support for HTTP auth

parent 51cb52b6
Pipeline #20271 passed with stage
in 30 seconds
......@@ -30,6 +30,8 @@ type siteInfo struct {
SSL sslCertInfo
Backends []siteBackendInfo `json:"backends"`
Routes []siteRouteInfo `json:"routes"`
EnableAuth bool `json:"authenticate"`
Users []siteUserInfo `json:"users"`
}
type letsEncryptInfo struct {
......@@ -42,6 +44,11 @@ type letsEncryptServerInfo struct {
Port int
}
type siteUserInfo struct {
Name string
Password string
}
type siteBackendInfo struct {
Name string
Servers []siteBackendServerInfo `json:"servers"`
......@@ -81,6 +88,14 @@ defaults
resolvers main
nameserver dns1 {{$.Resolver}}:53
{{range .Sites}}
{{if .EnableAuth -}}
userlist users_{{.Name}}
{{- range .Users}}
user {{.Name}} password {{.Password}}
{{- end}}
{{- end}}
{{end}}
frontend fe_http
bind *:80
......@@ -97,13 +112,20 @@ frontend fe_https
{{range $i, $domain := .AltDomains -}}
{{"\t"}}acl alt_domain_{{$site.Name}}_{{$i}} ssl_fc_sni -i {{.}}
{{end -}}
{{if .EnableAuth -}}
{{"\t"}}acl auth_{{$site.Name}} http_auth(users_{{$site.Name}})
{{"\t"}}http-request auth realm private if domain_{{$site.Name}} !auth_{{$site.Name}}
{{range $i, $domain := .AltDomains -}}
{{"\t"}}http-request auth realm private if alt_domain_{{$site.Name}}_{{$i}} !auth_{{$site.Name}}
{{end -}}
{{end -}}
{{range $i, $route := .Routes -}}
{{"\t"}}acl route_{{$site.Name}}_{{$i}} path_beg {{.Path}}
{{end -}}
{{range $i, $route := $site.Routes -}}
{{"\t"}}use_backend be_{{$site.Name}}_{{.Backend}} if domain_{{$site.Name}} route_{{$site.Name}}_{{$i}}
{{"\t"}}use_backend be_{{$site.Name}}_{{.Backend}} if domain_{{$site.Name}} route_{{$site.Name}}_{{$i}}{{if $site.EnableAuth}} auth_{{$site.Name}}{{end}}
{{range $j, $domain := $site.AltDomains -}}
{{"\t"}}use_backend be_{{$site.Name}}_{{$route.Backend}} if alt_domain_{{$site.Name}}_{{$j}} route_{{$site.Name}}_{{$i}}
{{"\t"}}use_backend be_{{$site.Name}}_{{$route.Backend}} if alt_domain_{{$site.Name}}_{{$j}} route_{{$site.Name}}_{{$i}}{{if $site.EnableAuth}} auth_{{$site.Name}}{{end}}
{{end -}}
{{end}}
{{- end}}
......@@ -122,6 +144,9 @@ backend be_{{$site.Name}}_{{.Name}}
option httpchk GET {{.HealthCheck.Path}}
http-check expect status 200
{{- end}}
{{- if $site.EnableAuth}}
http-request del-header Authorization
{{- end}}
{{- range $i, $server := .Servers}}
{{"\t"}}server-template srv_{{$i}}_ 100 {{.Host}}:{{.Port}} check resolvers main
{{- end}}
......
......@@ -77,6 +77,17 @@ func TestRenderTemplate(t *testing.T) {
Backend: "default",
},
},
EnableAuth: true,
Users: []siteUserInfo{
{
Name: "lukas",
Password: "pass",
},
{
Name: "lukas2",
Password: "pass2",
},
},
})
proxy.EnableHTTPLog = true
var builder strings.Builder
......@@ -103,6 +114,13 @@ resolvers main
nameserver dns1 127.0.0.11:53
userlist users_example2
user lukas password pass
user lukas2 password pass2
frontend fe_http
bind *:80
acl is_letsencrypt path_beg /.well-known/acme-challenge
......@@ -124,8 +142,10 @@ frontend fe_https
use_backend be_example_web if alt_domain_example_0 route_example_1
acl domain_example2 ssl_fc_sni -i example2.com
acl auth_example2 http_auth(users_example2)
http-request auth realm private if domain_example2 !auth_example2
acl route_example2_0 path_beg /
use_backend be_example2_default if domain_example2 route_example2_0
use_backend be_example2_default if domain_example2 route_example2_0 auth_example2
backend be_letsencrypt
......@@ -150,6 +170,7 @@ backend be_example_api
backend be_example2_default
balance roundrobin
http-request del-header Authorization
server-template srv_0_ 100 srv1.example2.com:8090 check resolvers main
`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment