Sonya* Posted October 6, 2020 Posted October 6, 2020 (edited) I need to login in Marketplace on my test installation, that is protected by .htaccess. It's a Plesk managed server, I am server admin dummie, I can only Plesk 😁 How can I allow Marketplace login without opening test installation for the public? Btw opening test installation for the public is not allowed by IPS rules. Yes, I know that I can open it, login und then protect again. But if login is lost, I have to make it again and again and on every test installation I have. It is tedious. Is there a simple way to allow Marketplace login without removing .htaccess protection for the whole installation? Edited October 6, 2020 by Sonya* Claudia999 1
bosss Posted October 6, 2020 Posted October 6, 2020 1 hour ago, Sonya* said: I need to login in Marketplace on my test installation, that is protected by .htaccess. It's a Plesk managed server, I am server admin dummie, I can only Plesk 😁 How can I allow Marketplace login without opening test installation for the public? Btw opening test installation for the public is not allowed by IPS rules. Yes, I know that I can open it, login und then protect again. But if login is lost, I have to make it again and again and on every test installation I have. It is tedious. Is there a simple way to allow Marketplace login without removing .htaccess protection for the whole installation? Asked same question support and got this answer - maybe will help you! Quote Rhett 1 day ago Hello, the marketplace requires the site be open to the public, which a test site cannot be, so if you need to use the marketplace on a test site, you would need to enable public access, then once you are done processing this, lock it back down with htaccess. Thank you. Rhett Support and Cloud Manager Invision Power Services, Inc.
Sonya* Posted October 6, 2020 Author Posted October 6, 2020 @bosss thanks. This is what I mean as tedious with many test installations. E. g. I was logged in and now I am suddenly logged out. I have to run through all this (delete .htaccess, login into marketplace, re-setup .htacess). I hope that someone does know a way of how to solve it on the server.
Stuart Silvester Posted October 6, 2020 Posted October 6, 2020 I'm not familiar with Plesk so I'm unsure if you can edit the .htaccess file (although, I don't see why you wouldn't be able to). You can use something like this to exclude a path from the password requirement - https://stackoverflow.com/a/41289289 You would need to exclude /index.php?app=core&module=system&controller=marketplace Alternatively, you could set the test community offline instead of using a password prompt, it pretty much does the same thing. Don't forget though, our license terms do provide allowance for one test installation 😉 Quote You may install and test one additional instance of the Software for the purpose of development and testing. This installation must be and remain isolated and inaccessible to the general public at all times. Sonya* 1
Sonya* Posted October 6, 2020 Author Posted October 6, 2020 11 minutes ago, Stuart Silvester said: Don't forget though, our license terms do provide allowance for one test installation 😉 I have many licenses DawPi, Stuart Silvester and WP V0RT3X 1 2
Sonya* Posted October 6, 2020 Author Posted October 6, 2020 I have figured out that I do not have .htaccess and the server uses nginx. I have tried additional directive for nginx in Plesk: location = /index.php?app=core&module=system&controller=marketplace { auth_basic off; allow all; # Allow all to see content } But this is ignored. The URL still requires authentication. Any idea of what can be false in the nginx directive above?
CoffeeCake Posted October 6, 2020 Posted October 6, 2020 41 minutes ago, Sonya* said: I have figured out that I do not have .htaccess and the server uses nginx. I have tried additional directive for nginx in Plesk: location = /index.php?app=core&module=system&controller=marketplace { auth_basic off; allow all; # Allow all to see content } But this is ignored. The URL still requires authentication. Any idea of what can be false in the nginx directive above? You can't match by querystring like that (the things after the ? in the URL) for a location block in nginx. In our testing, we left basic authentication on and did not have issues with Marketplace. Not sure if something has changed with 4.5.3 making that a prerequisite. I was told the same thing by support at one point, yet there appeared to be no actual requirement for removing basic auth. We did have the /api url open though....
Stuart Silvester Posted October 6, 2020 Posted October 6, 2020 3 hours ago, Paul E. said: You can't match by querystring like that (the things after the ? in the URL) for a location block in nginx. In our testing, we left basic authentication on and did not have issues with Marketplace. Not sure if something has changed with 4.5.3 making that a prerequisite. I was told the same thing by support at one point, yet there appeared to be no actual requirement for removing basic auth. We did have the /api url open though.... Good to know, I don't use Nginx personally. This is only for the initial login process, other Marketplace actions will work fine before a password prompt.
Sonya* Posted October 7, 2020 Author Posted October 7, 2020 13 hours ago, Paul E. said: In our testing, we left basic authentication on and did not have issues with Marketplace. This is not a case for me on the latest version. I still cannot sign in without wiping out .htaccess protection for the whole project. 19 hours ago, Stuart Silvester said: Alternatively, you could set the test community offline instead of using a password prompt, it pretty much does the same thing. This does not allow me to test guest features 🤔 13 hours ago, Paul E. said: You can't match by querystring like that (the things after the ? in the URL) for a location block in nginx. Oh.. That's a pity. We need a friendly URL to use it, right?
Sonya* Posted October 7, 2020 Author Posted October 7, 2020 I have now try this nginx directive: location = /index.php { error_page 418 = @queryone; if ( $args ~ "app=core&module=system&controller=marketplace" ) { return 418; } } location @queryone { auth_basic "off"; } It matches index.php and does not require authentication. But it now offers index.php as download and does not execute the php script. The "download" behavior is there for any URL parameters. It does not matter what I use: index.php oder index.php?bla oder index.php?app=core&module=system&controller=marketplace I am lost here. Can somebody give me a tip of how to execute the script instead of download it?
CoffeeCake Posted October 7, 2020 Posted October 7, 2020 (edited) 17 hours ago, Stuart Silvester said: Good to know, I don't use Nginx personally. This is only for the initial login process, other Marketplace actions will work fine before a password prompt. I don't think we ever removed the password prompt for the onboarding process--does part of the onboarding process attempt to access the ACP or is it a call back to /api? You can achieve this in nginx with something like map. Here's a good example (and those look like Xenforo URLs): https://serverfault.com/questions/930145/nginx-redirect-based-on-query-string-parameters 4 hours ago, Sonya* said: I have now try this nginx directive: I think the issue in your configuration is that you are returning an error (418) for matches instead of passing it to IPS. Someone here had a good guide to Nginx + php-fpm + IPS. I think it was @Makoto. Edit: Here it is! Edited October 7, 2020 by Paul E.
Adriano Faria Posted August 26, 2021 Posted August 26, 2021 On 10/6/2020 at 6:37 AM, Stuart Silvester said: Alternatively, you could set the test community offline instead of using a password prompt, it pretty much does the same thing. Is this still valid, @Stuart Silvester?
Stuart Silvester Posted August 26, 2021 Posted August 26, 2021 15 minutes ago, Adriano Faria said: Is this still valid, @Stuart Silvester? Yes, It would work Adriano Faria 1
Recommended Posts