During development you may wish to restrict who can access your Magento site. An easy way to do this is with http auth. (This is not recommended for production sites, there are many modules that do a better job and provide a better user experience.) This guide will show you how to password protect your Magento site with basic auth.
1. Create users and passwords
HTTP Auth works by looking up the allowed usernames and password in a htpasswd file. This file can be created using the `htpasswd` utility.
This utility isn't included by default in MDOQ as it's not needed on a day to day basis.
You can either install the utility on your own machine and copy the file to MDOQ or install the htpasswd utility on your instance.
Once you have the utility it's a simple matter of running:
htpasswd -c .htpasswd mdoq
This will create the file `.htpasswd` with the user `mdoq`. The command will prompt you to enter a password.
If you wish to add additional users you can run
htpasswd .htpasswd magento
(We can drop the -c as the file already exists) This will add the user `magento` to the file, after prompting you to enter a password.
If you'd like to try out HTTP Auth for your instance you can use the following as the content.
mdoq:$apr1$vh1JLweb$C5Rdrp6qSXSKfqduVqWKp/
magento:$apr1$PX/lpLju$6lfAANDLOOza4xMeE7EEO/
This file contains two users: `mdoq` and `magento` both with the password `password`.
Once you have a htpasswd file you need to put the file at: `mdoq/nginx/includes/.htpasswd`
You will then need to run
git add -f mdoq/nginx/includes/.htpasswd
(This is because MDOQ will remove anything not in source control from this directory when syncing nginx)
2. Configuring Auth
Depending on how you want to configure the auth, for all sites or for specific sites the file(s) you need to alter are different.
Enabling Auth For All Sites
1. If the file `mdoq/nginx/templates/default_https.conf` doesn't exist, create it.
2. Add to the top of the file
auth_basic "Staging Site";
auth_basic_user_file /etc/nginx/includes/.htpasswd;
(You can change "Staging Site" if you would prefer a different message when prompted for credentials)
Enabling Auth For Specific Sites
In this example we will assume there are 2 sites.
new.example.com
Please keep in mind:
- These sites must exist in production
- When specifying domains we always use the production urls, and not the MDOQ-ified urls. (MDOQ will auto detect and convert where necessary)
We want to password protect new.example.com.
1. If the file `mdoq/nginx/templates/new.example.com_https.conf` doesn't exist, create it.
2. Add to the top of the file
auth_basic "Staging Site";
auth_basic_user_file /etc/nginx/includes/.htpasswd;
(You can change "Staging Site" if you would prefer a different message when prompted for credentials)
3. Applying & Testing
Within the MDOQ UI
- Select your development instance
- Click Sync
- Click "Select components to synchronize"
- Click "Show more"
- Check Site Nginx
- Click "Enable advanced mode"
- Check Only synchronize selected components
- Click "Synchronize"
Once the process completes you can test that a username and password prompt is displayed.
4. Commiting Work
Once happy please ensure you commit your work to source control. This will include at least two files:
- The htpasswd file (Located at: mdoq/nginx/includes/.htpasswd)
- The *_https file you added/updated
You can then follow the normal "Im done" process
5. Deploying to production
If your deployment only includes these changes, you will be able to do a Zero Downtime deployment to get your files to production.
After deploying your files you can then sync Nginx for the production instance. (This will cause a small amount of downtime whilst the configuration is updated).
- Select your production instance
- Click Sync
- Click "Select components to synchronize"
- Click "Show more"
- Check Site Nginx
- Click "Enable advanced mode"
- Check Only synchronize selected components
- Click "Synchronize"
Done.
Adding htpasswd to instance
Within the PHP settings for your instance add:
apt update && apt install -y apache2-utils
Into the Post rollup commands
As well as ensuring Run command as is set to `root`