proxy.auth configures one or more authorization schemes.

Each authorization scheme is configured with a list of key/value options. Each scheme must have a unique name which can then be referred to in a routing rule.


The following types of authorization schemes are available:


The basic authorization scheme leverages Http Basic Auth and reads a htpasswd file at startup and credentials are cached until the service exits.

The file option contains the path to the htpasswd file. The realm parameter is optional (default is to use the name). The refresh option can set the htpasswd file refresh interval. Minimal refresh interval is 1s to void busy loop. By default refresh is disabled i.e. set to zero. Note: removing the htpasswd file will cause all requests to fail with HTTP status code 401 (Unauthorized) until the file is restored.


Supported htpasswd formats are detailed here


# single basic auth scheme

# single basic auth scheme with refresh interval set to 30 seconds

# basic auth with multiple schemes
proxy.auth = name=mybasicauth;type=basic;file=p/creds.htpasswd;refresh=30s

The default is

proxy.auth =