Haproxy is a popular reverse proxy and load balancer. It also can act as additional firewall.
If you have a number of web- and application servers and want to limit the entry points to your infrastructure, haproxy is a great choice. But it also has it's caveats as the configuration options are almost endless. Below are some tips and tricks I went into while configuring my cloud in kubernetes,
Assume you have an application with a web interface, where certain possibly confidential information is displayed and you want to add some basic protection. Your application is third-party and there is no way to add basic authentication. Here comes haproxy handy. Follow those steps:
$ sudo yum install whois
mkpasswd -m sha-256 mypassword123
output:
$5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOm/
userlist allowed_users user example password $5$s6Subz0X7FSX2zON$r94OtF6gOfWlGmySwvn3pDFIAHbIpe6mWneueqtBOm/backend alloy_backendmode httpbalance roundrobinacl auth_ok http_auth(allowed_users)http-request auth realm "your Interface" unless auth_ok server node1 1.2.3.4:80 check # adjust to your backend settings$ haproxy -c -f /etc/haproxy/haproxy.cfg$ sudo service haproxy reloadWhen you access your application in the browser now, you get a prompt for user and password.