Question How to protect plesk Admin Panel with basic authorization?

[Michael M.]

Hello,

is there any way to do it in GUI, if not, please suggest me another way.
I'am on
OS: ‪Ubuntu 18.04.2 LTS‬
Product: Plesk Onyx 17.8.11 Update #43 ,

Thanks!

 

[learning_curve]

Having read and understood the Settings critera, within this section of the Plesk Panel GUI >> https://**Your_FQDN**:8443/admin/control-panel-access/list
You can add specific IPv4 and IPv6 addresses and thus limit admin logins to just those @Michael M.

 

[Michael M.]

Having read and understood the Settings critera, within this section of the Plesk Panel GUI >> https://**Your_FQDN**:8443/admin/control-panel-access/list
You can add specific IPv4 and IPv6 addresses and thus limit admin logins to just those @Michael M.

No, i do not want to lock me with IP restriction))) I have dynamic IP.
Please Look at it Basic access authentication - Wikipedia

 

[learning_curve]

Dynamic IP? Okay no problem @Michael M. that must suit your particular setup. We didn't go any further with BAA as it's http, so we didn't think you would want http access to your Plesk GUI anyway and looked for an alternative. Sorry. There must be a specific reason for not using https we guess? Even so, yes it's not GUI but wouldn't .htaccess / .htpasswd (with a password) be an easy way to achive the same user / password verification check? Example

 

[Michael M.]

Dynamic IP? Okay no problem @Michael M. that must suit your particular setup. We didn't go any further with BAA as it's http, so we didn't think you would want http access to your Plesk GUI anyway and looked for an alternative. Sorry. There must be a specific reason for not using https we guess? Even so, yes it's not GUI but wouldn't .htaccess / .htpasswd (with a password) be an easy way to achive the same user / password verification check? Example

Thanks!
I can do it. Can u please provide the folder where located Plesk?

 

[learning_curve]

Not really @Michael M. It will be somewhere in ~ /opt/psa ~ (we think) but that will depend on your own server & plesk setups / access arrangements with your hosting company etc so you'd need to source that yourself. No idea of your Nginx usage, as you haven't mentioned it so far, but assuming that it's only setup in proxy mode, your .htaccess limitations should still be valid.

Meantime, as a temporary workaround (whilst sourcing the correct folder in your setup etc) you could maybe try this:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -cm /etc/sw-cp-server/conf.d/passwd username

Check the permissions are correct:
/etc/sw-cp-server/conf.d/passwd should be 640

# Restart plesk panel
/etc/init.d/sw-cp-server stop
/etc/init.d/sw-cp-server start

We think that shoud work and it's close to what you are looking for.
Just delete /etc/sw-cp-server/conf.d/protect-plesk.inc and /etc/sw-cp-server/conf.d/passwd and the Restart plesk panel again if it doesn't

 

[Michael M.]

Not really @Michael M. It will be somewhere in ~ /opt/psa ~ (we think) but that will depend on your own server & plesk setups / access arrangements with your hosting company etc so you'd need to source that yourself. No idea of your Nginx usage, as you haven't mentioned it so far, but assuming that it's only setup in proxy mode, your .htaccess limitations should still be valid.

Meantime, as a temporary workaround (whilst sourcing the correct folder in your setup etc) you could maybe try this:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -cm /etc/sw-cp-server/conf.d/passwd username

Check the permissions are correct:
/etc/sw-cp-server/conf.d/passwd should be 640

# Restart plesk panel
/etc/init.d/sw-cp-server stop
/etc/init.d/sw-cp-server start

We think that shoud work and it's close to what you are looking for.
Just delete /etc/sw-cp-server/conf.d/protect-plesk.inc and /etc/sw-cp-server/conf.d/passwd and the Restart plesk panel again if it doesn't

I do not use ngnix, only apache, .htaccess will work!

 

[Brujo]

I suppose you also have seen this interesting blog entry Authentication Schemes In Plesk at least useful when you start looking for more then basic auth

 

[Michael M.]

Not really @Michael M. It will be somewhere in ~ /opt/psa ~ (we think) but that will depend on your own server & plesk setups / access arrangements with your hosting company etc so you'd need to source that yourself. No idea of your Nginx usage, as you haven't mentioned it so far, but assuming that it's only setup in proxy mode, your .htaccess limitations should still be valid.

Meantime, as a temporary workaround (whilst sourcing the correct folder in your setup etc) you could maybe try this:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -cm /etc/sw-cp-server/conf.d/passwd username

Check the permissions are correct:
/etc/sw-cp-server/conf.d/passwd should be 640

# Restart plesk panel
/etc/init.d/sw-cp-server stop
/etc/init.d/sw-cp-server start

We think that shoud work and it's close to what you are looking for.
Just delete /etc/sw-cp-server/conf.d/protect-plesk.inc and /etc/sw-cp-server/conf.d/passwd and the Restart plesk panel again if it doesn't

It works but nor correct.
Password will be asked. It it good.
But panel looks so Screenshot
All CSS files gives 500 Server Error

What can we make in this case?
Maybe password protect another directory?

 

[learning_curve]

The CSS / 500 error is most likely, just permissions v the requirements of that specific workaround, but it may take you a long time to trace. To be fair, it's from a much older Plesk release than the one we're both using now, hence we said just delete the two files and restart etc if it doesn't work for you.

Maybe forget that option now and use the .htaccess option? Or, pick one of the items on the page that @Brujo posted the link for above. Our personal choices from that page, (we're not, but if we, like you are, were using a dynamic IP address for access and were using http only...) would be either; the Plesk Utility - Login command, or the Googe Authenticator , assuming that you have a googe account. Our own cboice would be, not to use any of the others, but you may feel differently. It's still a mystery why you only want to use http, but no doubt you have your own specific setup requirements