Openshift HTTP Authentication through HAProxy

StackOverflow https://stackoverflow.com//questions/23033692

  •  21-12-2019
  •  | 
  •  

Question

I'm having a hard time getting basic http authentication working on my scalable Openshift PHP app. In my .htaccess file I have:

AuthUserFile path/to/.htpasswd
AuthType Basic
AuthName "My App"
Require valid-user

This works great on my local testing server, but when I try to use it on Openshift, I get a 503 Service Unavailable, and in my haproxy.log I get:

[WARNING] 101/113040 (368468) : Server express/local-gear is DOWN, reason: Layer7 wrong status, code: 401, info: "Authorization Required", check duration: 2ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[ALERT] 101/113040 (368468) : proxy 'express' has no server available!

So I guess the problem must be with the HAProxy server, but I have no clue how to fix it. Any ideas?

Many thanks!

Was it helpful?

Solution

You need to have a URL that haproxy can access, or else it will throw a 503 error. If you want just make an up.html page and exclude it from your .htpasswd settings, then change your haproxy/haproxy.cfg to poll that url instead of /.

Also, if that .htpasswd file is not stored inside of your git repo, then it will not be copied to each gear in your scaled application. If it is in your git repo, and hence in your web accessible folders, then that is insecure.

OTHER TIPS

haproxy offers a feature which checks a certain url as a sanitycheck. Openshift enables this by default. Make sure its pointed to the right url, or disable it by changing ~/haproxy/conf/haproxy.cfg:

option httpchk GET /

into

#option httpchk GET /

read more in this openshift thread

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top