Password protect UAT and DEV environment

[martinheppner]

The idea is to password protect the UAT (www2.zuugle.at) and DEV (dev.zuugle.at) environments, so the seach engines are not indexing them anymore.

Nginx is used, so I created a /etc/nginx/.htpassword file with bzb/bzb.
Furthermore I added these two lines to the "server" section in the nginx configuration file of each host and restarted the service.

auth_basic "Geschützter Bereich";
auth_basic_user_file /etc/nginx/.htpasswd;

The website is asking for username and password now, but is not proceeding to the next page afterwards or not recognizing the password.

[martinheppner]

nginx logfile after one authentication test:
2025/07/08 07:26:18 [error] 211157#211157: *11 user "bzb": password mismatch, client: xxx.xxx.xxx.xxx, server: www2.zuugle.at, request: "GET / HTTP/2.0", host: "www2.zuugle.at"

[martinheppner]

I believe it is working now, as there are no more errors in the logfile. The website is non functional at the moment and is reloading empty. Therefore the password dialog is reappearing after putting in the credentials. But this issue should be settled now, so I am closing this ticket.

[kohloderso]

Current state:

• API is running on server again
• auth_basic is deactivated on www2.zuugle.at and www2.zuugle.at indeed works
• auth_basic is active on all other www2 domains. There the password dialog always reappears after entering credentials. What does work as expected however is e.g. calling https://www2.zuugle.de/api/tours/total?domain=www2.zuugle.de by itself.
  There seem to be some strange network operations when navigating to the Zuugle home page that trigger the repeated login prompts. E.g. this: https://www2.zuugle.de/api/cities/?params[domain]=www2.zuugle.de&signal=[object+AbortSignal]&domain=www2.zuugle.de&currLanguage=de
  It will take some time to get to the bottom of this ...

➡️ Problem probably lies with axios requests coming from Zuugle and not with the nginx settings