Hi all.
I currently give access to the stats page using a simple profiling by groups
. amministratori that have admin access to everything
. readonly that have no admin acces to everything
All users see the full set of "listen", "frontend" and "backend" sections.
userlist stats-auth
group amministratori users ADMIN1, ADMIN2
group readonly users OPERATOR
user ADMIN1 password PASS1
user ADMIN2 password PASS2
user OPERATOR password PASS3
listen stats XX.XX.XX.XX:80
mode http
option httplog
compression algo gzip
stats enable
stats uri /haproxystats
stats refresh 60s
acl AUTH http_auth(stats-auth)
acl AUTH_ADMIN http_auth_group(stats-auth) amministratori
stats http-request auth unless AUTH
stats admin if AUTH_ADMIN
I would like to have another group of users that have admin access to a
subset of the servers configured in the various "listen", "frontend"
"backend" sections.
In other words, these other users only should see and administer a
subset of the servers.
Should I add a "stats enable" section to all objects that I want to give
acces to?
Should I create a separate "listen" section?
Should I use ACLs in this section?
Is there any "best" or "suggested" way to do this?
Thank you a lot
.marcoc
