Basic auth
.htaccess, or hypertext access, is a default directory level configuration file that allows you to create some basic security for directories in a web server.
Enable basic auth via htaccess
To enable htaccess:
-
Use your local shell to create the
authfile that holds the username and password.htpasswd -c auth <username> -
Create a secret out of the
authfile. For example, below, the secretbasic-authis created.kubectl -n <namespace> create secret generic basic-auth --from-file=auth --dry-run=client -o yaml | kubectl apply -f - -
Set the following ingress annotations in your Magnolia PaaS
values.ymlfile.values.yamlingress: enabled: true annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-body-size: 512m cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/auth-type: basic (1) nginx.ingress.kubernetes.io/auth-secret: basic-auth (2) nginx.ingress.kubernetes.io/auth-realm: "Please login" (3) nginx.ingress.kubernetes.io/configuration-snippet: | (4) proxy_set_header Authorization $http_authorization; more_set_headers "X-Robots-Tag: noindex, nofollow"; nginx.ingress.kubernetes.io/default-backend: {{ .Env.DEPLOYMENT }}-magnolia-error-page-svc nginx.ingress.kubernetes.io/custom-http-errors: "503" hosts: - host: {{ .Env.DEPLOYMENT }}.eu-playground.magnolia-platform.com paths: - path: / instance: public - path: /author instance: author .....1 This sets the basicauth-type. Nothing to do here. Leave it as is.2 This is the name of the secret that you created Step 2 above. 3 This is the message that will be displayed to those users authenticating in the auth dialog. 4 Only use the `configuration-snippet` exactly as instructed. Otherwise, you may cause issues with your PaaS deployment.