Configuration for Subdomain | question

[aHVzY2g]

Hey Guys,

I am new to HaProxy and therefore this plugin. I need some help to protect certain backends with auth-request. Let say I want to protect the subdomain v2.example.org.

frontend example
        mode http
        bind 122.64.3.1:80
        bind 122.64.3.1:443 ssl crt /etc/ssl/certs/haproxy.pem crt /etc/haproxy/certs/v1Example.pem crt /home/lxc-pve/.acme.sh/example.org/v2Example.pem
        http-request redirect scheme https code 301 unless { ssl_fc }
        option forwardfor

        acl v1Example hdr(host) -i v1.example.org
        acl v2Example hdr(host) -i v2.example.org

        use_backend v1Example if v1Example
        use_backend v2Example if v2Example

backend v1Example
    server v1Example 122.64.3.32:443 check ssl ca-file /usr/local/share/ca-certificates/example.crt

backend v2Example
    mode http
    server v2Example 122.123.35.51:8023 check

From your documentation, I understand how to protect a single path for one backend. So how can I protect hole subdomain, with multiple backends?

[TimWolla]

From your documentation, I understand how to protect a single path for one backend.

Actually the example in the README does not explain how to protect a single path, it makes the authentication request for all requests. Are you confusing this with the /is-allowed which is the path of the authentication service?

[aHVzY2g]

Yes sorry, I mixed this up. For clarification is it possible to protect a single backend with authentication, without spamming the authentication backend if other resources are accessed?

[TimWolla]

Sure, either put the http-request lua.auth-request line into the backend or add an if at the end.

[aHVzY2g]

All right got it working, anyone looking for examples check out https://www.authelia.com/docs/deployment/supported-proxies/haproxy.html .