Skip to content

Instantly share code, notes, and snippets.

@virtuman

virtuman/guide.md

Forked from vothanhkiet/guide.md
Created January 30, 2017 20:08
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save virtuman/6506e7036f3ae2b71aaad8ff7d26d70c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save virtuman/6506e7036f3ae2b71aaad8ff7d26d70c to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @vothanhkiet vothanhkiet revised this gist Nov 6, 2016. 1 changed file with 0 additions and 2 deletions.
    2 changes: 0 additions & 2 deletions guide.md
    View file
    Original file line number Diff line number Diff line change
    @@ -150,8 +150,6 @@ Create SHA512 passwords
    # generates -> $6$RZ86vRkQ$aRKN1HOsk6bDHBbMhS7jSo/p1NGFl4PvwY3KpU.72i./LvITi41nL84EkxOFXl.6Bmhynj/L7pYbfF0rUHtOB0
    ```

    Edit /etc/haproxy/haproxy.cfg

    ```
    userlist users
    group all
  2. @vothanhkiet vothanhkiet created this gist Nov 5, 2016.
    163 changes: 163 additions & 0 deletions guide.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,163 @@
    ## HA-Proxy configuration for Portainer

    Here is a working configuration for HA-Proxy version 1.6.6 2016/06/26 to serve Portainer at **portainer.127.0.0.1.xip.io** :

    ```
    global
    maxconn 10000
    daemon
    ssl-server-verify none
    tune.ssl.default-dh-param 2048
    defaults
    mode http
    log global
    option httplog
    option dontlognull
    option http-server-close
    option forwardfor except 127.0.0.0/8
    option redispatch
    retries 30
    timeout http-request 300s
    timeout queue 1m
    timeout connect 10s
    timeout client 1m
    timeout server 1m
    timeout http-keep-alive 10s
    timeout check 10s
    maxconn 10000
    userlist users
    group all
    group demo
    group haproxy
    listen stats
    bind *:2100
    mode http
    stats enable
    maxconn 10
    timeout client 10s
    timeout server 10s
    timeout connect 10s
    timeout queue 10s
    stats hide-version
    stats refresh 30s
    stats show-node
    stats realm Haproxy\ Statistics
    stats uri /
    stats admin if TRUE
    frontend www-http
    bind *:80
    stats enable
    mode http
    option http-keep-alive
    acl portainer hdr_end(host) -i portainer.127.0.0.1.xip.io
    use_backend portainer if portainer
    backend portainer
    stats enable
    option forwardfor
    option http-keep-alive
    server portainer 127.0.0.1:9000 check
    ```

    NOTE: **http-keep-alive** must be set for both frontend and backend

    ## Setup Basic HTTP Authentication

    ##### Simple setup with cleartext password

    ```
    global
    maxconn 10000
    daemon
    ssl-server-verify none
    tune.ssl.default-dh-param 2048
    defaults
    mode http
    log global
    option httplog
    option dontlognull
    option http-server-close
    option forwardfor except 127.0.0.0/8
    option redispatch
    retries 30
    timeout http-request 300s
    timeout queue 1m
    timeout connect 10s
    timeout client 1m
    timeout server 1m
    timeout http-keep-alive 10s
    timeout check 10s
    maxconn 10000
    userlist users
    group all
    group dev
    group haproxy
    user demo insecure-password Abc@123456 groups all,dev
    listen stats
    bind *:2100
    mode http
    stats enable
    maxconn 10
    timeout client 10s
    timeout server 10s
    timeout connect 10s
    timeout queue 10s
    stats hide-version
    stats refresh 30s
    stats show-node
    stats realm Haproxy\ Statistics
    stats uri /
    stats admin if TRUE
    frontend www-http
    bind *:80
    stats enable
    mode http
    option http-keep-alive
    acl portainer hdr_end(host) -i portainer.127.0.0.1.xip.io
    use_backend portainer if portainer
    backend portainer
    acl auth_ok http_auth_group(users) dev
    http-request auth if !auth_ok
    stats enable
    option forwardfor
    option http-keep-alive
    server portainer 127.0.0.1:9000 check
    ```

    ##### Advance setup with secure password

    Create SHA512 passwords

    ```
    # make sure to use a leading space so that the command is not stored in your bash history!!
    mkpasswd -m sha-512 password1
    # generates -> $6$yMgsow58.g/Z$mBjHfdVzqcF/LN.iwV23Eyqg.yGPTsp9pOwaStsJ6c4I4zL7BhucVVAkv5guf7OVRr8Pw0mHF4NrWBRCG5ci7/
    mkpasswd -m sha-512 password2
    # generates -> $6$RZ86vRkQ$aRKN1HOsk6bDHBbMhS7jSo/p1NGFl4PvwY3KpU.72i./LvITi41nL84EkxOFXl.6Bmhynj/L7pYbfF0rUHtOB0
    ```

    Edit /etc/haproxy/haproxy.cfg

    ```
    userlist users
    group all
    group dev
    group haproxy
    user userone password $6$yMgsow58.g/Z$mBjHfdVzqcF/LN.iwV23Eyqg.yGPTsp9pOwaStsJ6c4I4zL7BhucVVAkv5guf7OVRr8Pw0mHF4NrWBRCG5ci7/ groups all,dev
    user usertwo password $6$RZ86vRkQ$aRKN1HOsk6bDHBbMhS7jSo/p1NGFl4PvwY3KpU.72i./LvITi41nL84EkxOFXl.6Bmhynj/L7pYbfF0rUHtOB0 groups all,dev
    ```