Basic auth

.htaccess, or hypertext access, is a default directory level configuration file that allows you to create some basic security for directories in a web server.

Enable basic auth via htaccess

To enable htaccess:

  1. Use your local shell to create the auth file that holds the username and password.

    htpasswd -c auth <username>

  2. Create a secret out of the auth file. For example, below, the secret basic-auth is created.

    kubectl -n <namespace> create secret generic basic-auth --from-file=auth --dry-run=client -o yaml | kubectl apply -f -

  3. Set the following ingress annotations in your Magnolia PaaS values.yml file.

    values.yaml
    ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: 512m
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/auth-type: basic (1)
    nginx.ingress.kubernetes.io/auth-secret: basic-auth (2)
    nginx.ingress.kubernetes.io/auth-realm: "Please login" (3)
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "X-Robots-Tag: noindex, nofollow";
    nginx.ingress.kubernetes.io/default-backend: {{ .Env.DEPLOYMENT }}-magnolia-error-page-svc
    nginx.ingress.kubernetes.io/custom-http-errors: "503"
  hosts:
    - host: {{ .Env.DEPLOYMENT }}.eu-playground.magnolia-platform.com
      paths:
          - path: /
            instance: public
          - path: /author
            instance: author
.....
    1 This sets the basic auth-type. Nothing to do here. Leave it as is.
    2 This is the name of the secret that you created Step 2 above.
    3 This is the message that will be displayed to those users authenticating in the auth dialog.
Feedback