HowTo - Configure basic htaccess authentication

Edit on GitHub

This document describes how to configure basic htaccess authentication for the Storefront and the Back Office.

To set up htaccess authentication, follow the instructions below.

Important

It is not possible to protect Glue endpoints with basic auth and we do not recommend to use the basic auth for production environments. Instead of the basic oath, consider other options, like IP whitelisting.

1. Defining login details and endpoints

To define login details and endpoints:

  1. Add login details to deploy.*.yml of the desired environment as follows:
version: "0.1"

x-frontend-auth: &frontend-auth
    auth:
        engine: basic
        users:
            - username: {secure_username} # Replace the placeholder and the brackets with the actual username
              password: {secure_password} # Replace the placeholder and the brackets with the actual password
  1. In the same deploy.*.yml, define the endpoints that should be protected by adding <<: *frontend-auth to each desired endpoint as follows:
...
groups:
    EU:
        region: EU
        applications:
            yves_eu:
                application: yves
                endpoints:
                    date-time-configurator-example.spryker.local:
                        entry-point: Configurator
                    yves.de.spryker.local:
                        store: DE
                        <<: *frontend-auth
                        services:
...
  1. Bootstrap the docker setup with the adjusted deploy file:
docker/sdk boot deploy.*.yml
  1. Once the job finishes, build and start the instance:
docker/sdk up
Verification

Open a protected endpoint and make sure that you are prompted to enter the defined username and password.

You’ve configured basic authentication.

2. Excluding IP addresses from htaccess authentication

To allow clients with desired IP addresses to bypass htaccess authentication, adjust the deploy.*.yml of the desired environment as follows:

version: "0.1"

x-frontend-auth: &frontend-auth
    auth:
        engine: basic
        users:
            - username: {secure_username} # Replace the placeholder and the brackets with the actual username.
              password: {secure_password} # Replace the placeholder and the brackets with the actual password.
        exclude:
              {ip_address} # Replace the placeholder and the brackets with the actual ip address.
Verification

Open a protected endpoint from the excluded IP address and make sure that you are not prompted to enter the login details.

You’ve excluded IP addresses from authentication.