global # chroot /var/empty/ # uid 451 # gid 451 log 192.168.131.214:8514 local4 debug maxconn 8192 defaults timeout connect 3500 timeout queue 11000 timeout tarpit 12000 timeout client 30000 timeout http-request 40000 timeout http-keep-alive 5000 timeout server 40000 timeout check 7000 option contstats option log-health-checks ################################ userlist customer1 group adm users tiger,xdb group dev users scott,tiger group uat users boss,xdb,tiger user scott insecure-password cat user tiger insecure-password dog user xdb insecure-password hello user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 userlist customer1alt group adm group dev group uat user scott insecure-password cat groups dev user tiger insecure-password dog groups adm,dev,uat user xdb insecure-password hello groups adm,uat user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat # Both customer1 and customer1alt userlist are functionally identical frontend c1 bind 127.101.128.1:8080 log global mode http acl host_stats hdr_beg(host) -i stats.local acl host_dev hdr_beg(host) -i dev.local acl host_uat hdr_beg(host) -i uat.local acl auth_uat http_auth_group(customer1) uat # auth for host_uat checked in frontend, use realm "uat" http-request auth realm uat if host_uat !auth_uat use_backend c1stats if host_stats use_backend c1dev if host_dev use_backend c1uat if host_uat backend c1uat mode http log global server s6 192.168.152.206:80 server s7 192.168.152.207:80 backend c1dev mode http log global # require users from customer1 assigned to group dev acl auth_ok http_auth_group(customer1) dev # auth checked in backend, use default realm (c1dev) http-request auth if !auth_ok server s6 192.168.152.206:80 server s7 192.168.152.207:80 backend c1stats mode http log global # stats auth checked in backend, use default realm (Stats) acl nagios src 192.168.126.31 acl guests src 192.168.162.0/24 acl auth_ok http_auth_group(customer1) adm stats enable stats refresh 60 stats uri / stats scope c1 stats scope c1stats # unconditionally deny guests, without checking auth or asking for a username/password stats http-request deny if guests # allow nagios without password, allow authenticated users stats http-request allow if nagios stats http-request allow if auth_ok # ask for a username/password stats http-request auth realm Stats ################################ userlist customer2 user peter insecure-password peter user monica insecure-password monica frontend c2 bind 127.201.128.1:8080 log global mode http acl auth_ok http_auth(customer2) acl host_b1 hdr(host) -i b1.local http-request auth unless auth_ok use_backend c2b1 if host_b1 default_backend c2b0 backend c2b1 mode http log global server s1 192.168.152.201:80 backend c2b0 mode http log global server s1 192.168.152.201:80