Basic authentication on Hypernode development plans

Development Hypernodes are by default configured to offer a Basic Authentication challenge to all visitors. These plans are meant to develop a webshop, to run all the tests you can think of, and to give your customer (the shop-owner) access during development. Keep in mind though, these development plans cannot be used to go live with a shop.

Managing Basic authentication

Default username and password

The default credentials for development nodes are:

  • Username: dev
  • Password: dev

We advise you to change the default username and password as soon as possible.

Adding or removing users

Users are stored in a ‘htpasswd’ file, located at /data/web/nginx/htpasswd-development. This file must exist and a valid username and password must be defined within this file in order to be able to login.

To add users, or change an existing users’ password, use the command: htpasswd /data/web/nginx/htpasswd-development username.
To remove a users, you can use the following command: htpasswd -D /data/web/nginx/htpasswd-development username, or edit the file manually.

Whitelisting

If you need to connect your development node to external services, API’s, and tooling that does not support basic authentication, it’s possible to whitelist specific user agents and IP addresses for this.

Whitelist an IP or range

To whitelist an IP, or IP range, from basic authentication, you can simply add it in the file /data/web/nginx/whitelist-development-exception.conf.
This way you can easily test API connectivity, run load tests or access the site from trusted/office IP.s

Whitelist a user agent

Alternatively, you can whitelist user agents as well by using the following snippet in /data/web/nginx/whitelist-development-exception.conf:

As a precaution all Google and Bing crawlers are blocked to avoid production usage of the node. This cannot be overriden

Troubleshooting

  • Google Pagespeed analysis uses the Google bot user agent and can therefor not be used on development nodes.

Ordering Let’s Encrypt certificates

In some cases, particularly if you have not yet enabled Hypernode Managed Vhosts, it’s possible the Basic Authentication blocks the Let’s Encrypt validation server. If you wish to make use of Let’s Encrypt on your development Hypernode, you can whitelist Let’s Encrypt by adding the ‘letsencrypt’ user agent to the file /data/web/nginx/whitelist-development-exception.conf

30