Jump to content

How to allow Marketplace behind .htaccess (Plesk)

Sonya*
 Share

Recommended Posts

Sonya* Grand Master

Sonya*

Posted
Posted (edited)

I need to login in Marketplace on my test installation, that is protected by .htaccess. It's a Plesk managed server, I am server admin dummie, I can only Plesk 😁

How can I allow Marketplace login without opening test installation for the public? Btw opening test installation for the public is not allowed by IPS rules. Yes, I know that I can open it, login und then protect again. But if login is lost, I have to make it again and again and on every test installation I have. It is tedious.

Is there a simple way to allow Marketplace login without removing .htaccess protection for the whole installation?

Edited by Sonya*
Link to comment
Share on other sites
bosss Rising Star

bosss

Posted
Posted
1 hour ago, Sonya* said:

I need to login in Marketplace on my test installation, that is protected by .htaccess. It's a Plesk managed server, I am server admin dummie, I can only Plesk 😁

How can I allow Marketplace login without opening test installation for the public? Btw opening test installation for the public is not allowed by IPS rules. Yes, I know that I can open it, login und then protect again. But if login is lost, I have to make it again and again and on every test installation I have. It is tedious.

Is there a simple way to allow Marketplace login without removing .htaccess protection for the whole installation?

 

Asked same question support and got this answer - maybe will help you!

 

Quote
Rhett
  • 1 day ago
Hello, the marketplace requires the site be open to the public, which a test site cannot be, so if you need to use the marketplace on a test site, you would need to enable public access, then once you are done processing this, lock it back down with htaccess.  

Thank you.

Rhett 
Support and Cloud Manager
Invision Power Services, Inc.

 

Link to comment
Share on other sites
Sonya* Grand Master

Sonya*

Posted
  • Author
Posted

@bosss thanks. This is what I mean as tedious with many test installations. E. g. I was logged in and now I am suddenly logged out. I have to run through all this (delete .htaccess, login into marketplace, re-setup .htacess). I hope that someone does know a way of how to solve it on the server.

Link to comment
Share on other sites
Stuart Silvester Grand Master

Stuart Silvester

Posted
Posted

I'm not familiar with Plesk so I'm unsure if you can edit the .htaccess file (although, I don't see why you wouldn't be able to). You can use something like this to exclude a path from the password requirement - https://stackoverflow.com/a/41289289

You would need to exclude 

/index.php?app=core&module=system&controller=marketplace

Alternatively, you could set the test community offline instead of using a password prompt, it pretty much does the same thing.

 

Don't forget though, our license terms do provide allowance for one test installation 😉

Quote

You may install and test one additional instance of the Software for the purpose of development and testing. This installation must be and remain isolated and inaccessible to the general public at all times.

 

Link to comment
Share on other sites
Sonya* Grand Master

Sonya*

Posted
  • Author
Posted

I have figured out that I do not have .htaccess and the server uses nginx.

I have tried additional directive for nginx in Plesk: 

location = /index.php?app=core&module=system&controller=marketplace {
	auth_basic off;
	allow all; # Allow all to see content
}

But this is ignored. The URL still requires authentication. Any idea of what can be false in the nginx directive above?

Link to comment
Share on other sites
CoffeeCake Veteran

CoffeeCake

Posted
Posted
41 minutes ago, Sonya* said:

I have figured out that I do not have .htaccess and the server uses nginx.

I have tried additional directive for nginx in Plesk: 


location = /index.php?app=core&module=system&controller=marketplace {
	auth_basic off;
	allow all; # Allow all to see content
}

But this is ignored. The URL still requires authentication. Any idea of what can be false in the nginx directive above?

You can't match by querystring like that (the things after the ? in the URL) for a location block in nginx. In our testing, we left basic authentication on and did not have issues with Marketplace. Not sure if something has changed with 4.5.3 making that a prerequisite.

I was told the same thing by support at one point, yet there appeared to be no actual requirement for removing basic auth.

We did have the /api url open though....

 

Link to comment
Share on other sites
Stuart Silvester Grand Master

Stuart Silvester

Posted
Posted
3 hours ago, Paul E. said:

You can't match by querystring like that (the things after the ? in the URL) for a location block in nginx. In our testing, we left basic authentication on and did not have issues with Marketplace. Not sure if something has changed with 4.5.3 making that a prerequisite.

I was told the same thing by support at one point, yet there appeared to be no actual requirement for removing basic auth.

We did have the /api url open though....

 

Good to know, I don't use Nginx personally.

This is only for the initial login process, other Marketplace actions will work fine before a password prompt.

Link to comment
Share on other sites
Sonya* Grand Master

Sonya*

Posted
  • Author
Posted
13 hours ago, Paul E. said:

In our testing, we left basic authentication on and did not have issues with Marketplace.

This is not a case for me on the latest version. I still cannot sign in without wiping out .htaccess protection for the whole project.

19 hours ago, Stuart Silvester said:

Alternatively, you could set the test community offline instead of using a password prompt, it pretty much does the same thing.

This does not allow me to test guest features 🤔

13 hours ago, Paul E. said:

You can't match by querystring like that (the things after the ? in the URL) for a location block in nginx.

Oh.. That's a pity. We need a friendly URL to use it, right?

Link to comment
Share on other sites
Sonya* Grand Master

Sonya*

Posted
  • Author
Posted

I have now try this nginx directive: 

location = /index.php {
	error_page 418 = @queryone;
	if ( $args ~ "app=core&module=system&controller=marketplace" ) {
		return 418;
	}
}
location @queryone {
	auth_basic "off";
}

It matches index.php and does not require authentication. But it now offers index.php as download and does not execute the php script. The "download" behavior is there for any URL parameters. It does not matter what I use: index.php oder index.php?bla oder index.php?app=core&module=system&controller=marketplace 

I am lost here. Can somebody give me a tip of how to execute the script instead of download it?

Link to comment
Share on other sites
CoffeeCake Veteran

CoffeeCake

Posted
Posted (edited)
17 hours ago, Stuart Silvester said:

Good to know, I don't use Nginx personally.

This is only for the initial login process, other Marketplace actions will work fine before a password prompt.

I don't think we ever removed the password prompt for the onboarding process--does part of the onboarding process attempt to access the ACP or is it a call back to /api?

You can achieve this in nginx with something like map. Here's a good example (and those look like Xenforo URLs):

https://serverfault.com/questions/930145/nginx-redirect-based-on-query-string-parameters

4 hours ago, Sonya* said:

I have now try this nginx directive:

I think the issue in your configuration is that you are returning an error (418) for matches instead of passing it to IPS. Someone here had a good guide to Nginx + php-fpm + IPS. I think it was @Makoto.

Edit: Here it is!

 

 

Edited by Paul E.
Link to comment
Share on other sites
  • 10 months later...
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...