Basic Auth

HAProxy can prompt for basic auth. This saves you from modifying back-end services.

Change a backend like this:

backend logs
    mode http
    server logs 10.40.0.8:5601 check

To:

backend logs
    mode http
    server logs 10.40.0.8:5601 check
    acl authorized http_auth(users)
    http-request auth unless authorized
    http-request del-header Authorization

This requires a user list as well, so I included this at the bottom

userlist users
  user admin password aBigLongHashHere

It seems one can add groups and such for more granular control. A remote password database would be a better solution.

Resources

https://blog.sleeplessbeastie.eu/2018/03/08/how-to-define-basic-authentication-on-haproxy/

https://blog.taragana.com/guide-haproxy-http-basic-authentication-for-specific-sites-ssl-termination-15813

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified April 14, 2026: Old site imports (677647f)