[EXAMPLES] add auth.cfg

diff --git a/examples/auth.cfg b/examples/auth.cfg
new file mode 100644 (file)
index 0000000..08d0034
--- /dev/null
+++ b/examples/auth.cfg
@@ -0,0 +1,134 @@
+global
+#      chroot /var/empty/
+#      uid 451
+#      gid 451
+       log 192.168.131.214:8514 local4 debug
+       maxconn 8192
+
+defaults
+       timeout connect         3500
+       timeout queue           11000
+       timeout tarpit          12000
+       timeout client          30000
+       timeout http-request    40000
+       timeout http-keep-alive 5000
+       timeout server          40000
+       timeout check           7000
+
+       option  contstats
+       option  log-health-checks
+
+################################
+userlist customer1
+       group adm users tiger,xdb
+       group dev users scott,tiger
+       group uat users boss,xdb,tiger
+       user scott insecure-password cat
+       user tiger insecure-password dog
+       user xdb insecure-password hello
+       user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91
+
+userlist customer1alt
+       group adm
+       group dev
+       group uat
+       user scott insecure-password cat groups dev
+       user tiger insecure-password dog groups adm,dev,uat
+       user xdb insecure-password hello groups adm,uat
+       user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat
+
+# Both customer1 and customer1alt userlist are functionally identical
+
+frontend c1
+       bind 127.101.128.1:8080
+       log global
+       mode http
+
+       acl host_stats  hdr_beg(host) -i stats.local
+       acl host_dev    hdr_beg(host) -i dev.local
+       acl host_uat    hdr_beg(host) -i uat.local
+
+       acl auth_uat    http_auth_group(customer1) uat
+
+       # auth for host_uat checked in frontend, use realm "uat"
+       http-request    auth realm uat if host_uat !auth_uat
+
+       use_backend     c1stats if host_stats
+       use_backend     c1dev   if host_dev
+       use_backend     c1uat   if host_uat
+
+backend c1uat
+       mode http
+       log global
+
+       server s6 192.168.152.206:80
+       server s7 192.168.152.207:80
+
+backend c1dev
+       mode http
+       log global
+
+       # require users from customer1 assigned to group dev
+       acl auth_ok     http_auth_group(customer1) dev
+
+       # auth checked in backend, use default realm (c1dev)
+       http-request auth if !auth_ok
+
+       server s6 192.168.152.206:80
+       server s7 192.168.152.207:80
+
+backend c1stats
+       mode http
+       log global
+
+       # stats auth checked in backend, use default realm (Stats)
+       acl nagios      src 192.168.126.31
+       acl guests      src 192.168.162.0/24
+       acl auth_ok     http_auth_group(customer1) adm
+
+       stats enable
+       stats refresh 60
+       stats uri /
+       stats scope c1
+       stats scope c1stats
+
+       # unconditionally deny guests, without checking auth or asking for a username/password
+       stats http-request deny if guests
+
+       # allow nagios without password, allow authenticated users
+       stats http-request allow if nagios
+       stats http-request allow if auth_ok
+
+       # ask for a username/password
+       stats http-request auth realm Stats
+
+
+################################
+userlist customer2
+       user peter insecure-password peter
+       user monica insecure-password monica
+
+frontend c2
+       bind 127.201.128.1:8080
+       log global
+       mode http
+
+       acl auth_ok http_auth(customer2)
+       acl host_b1 hdr(host) -i b1.local
+
+       http-request auth unless auth_ok
+
+       use_backend     c2b1 if host_b1
+       default_backend c2b0
+
+backend c2b1
+       mode http
+       log global
+
+       server s1 192.168.152.201:80
+
+backend c2b0
+       mode http
+       log global
+
+       server s1 192.168.152.201:80