Haproxy is a popular reverse proxy and load balancer. It also can act as additional firewall.
If you have a number of web- and application servers and want to limit the entry points to your infrastructure, haproxy is a great choice. But it also has it's caveats as the configuration options are almost endless. Below are some tips and tricks I went into while configuring my cloud in kubernetes,
Assume you have an application with a web interface, where certain possibly confidential information is displayed and you want to add some basic protection. Your application is third-party and there is no way to add basic authentication. Here comes haproxy handy. Follow those steps:
$ sudo yum install httpd-tools$ htpasswd -B -c /path/to/file/users exampleNew password:Re-type new password:Adding password for user example$ cat /path/to/file/usersexample:$2y$05$zuouw2cY27sd/MVHm3V.huSNGbGEOH2rD/cO0aTcLDILBHB0/r0kWuserlist allowed_users user example password $2y$05$zuouw2cY27sd/MVHm3V.huSNGbGEOH2rD/cO0aTcLDILBHB0/r0kWbackend alloy_backendmode httpbalance roundrobinacl auth_ok http_auth(allowed_users)http-request auth realm "your Interface" unless auth_ok server node1 1.2.3.4:80 check # adjust to your backend settings$ haproxy -c -f /etc/haproxy/haproxy.cfg$ sudo service haproxy reloadWhen you access your application in the browser now, you get a prompt for user and password.