0 votes
154 views
by Rookie
edited by

I have disabled HTTP Authentication: (pic 1) http://prntscr.com/p1t36a

But when I want to sign in my WORDPRESS site, the HTTP Authentication is still not disabled: (pic 2) http://prntscr.com/p1t41l

As you can see in pic 1, I also write a command httpauth myWPsite.com -wp-admin=off, but a weird thing is it says [ERROR] Site myWPsite.tk is not a WP site!

I'm sure that my site is a WORDPRESS site (you can see in the pic 2)

I have create a user with limited permissions to access only one myWPsite.tk domain and Whitelist my IP but it is still not working!

Thanks in advance!

by Expert

Please, copy and paste this file /etc/nginx/sites-available/domain.com here.

by Rookie

Here is it:

server {
listen 80;
listen [::]:80;

 server_name giaodienbds.tk www.giaodienbds.tk;

 access_log /var/log/nginx/giaodienbds.tk.access.log we_log;
error_log /var/log/nginx/giaodienbds.tk.error.log;

 root /var/www/giaodienbds.tk/htdocs;

 index  index.php index.html index.htm;

 include common/php.conf;
include common/wpcommon.conf;
include common/locations.conf;
include common/headers-http.conf;
include common/headers-html.conf;
include /var/www/giaodienbds.tk/*-nginx.conf;
}

by Expert
Seems like you are running an old version of Webinoly.

Please, update Webinoly to the latest release.
by Rookie

I have updated to the latest version of Webinoly (You currently have the latest version!), however the problem has not been solved!

Is there another solution?

Thank you very much!

by Expert
This is not an issue, I'm pretty sure about it.

Everything is working just fine, and the only solution is that you just need to find out what you are doing wrong.

1 Answer

0 votes
by Rookie
I am having the exact same issue as this. It actually started after I updated Webinoly to 1.9.1. Now I can't disable http auth on the Wordpress backend and it is telling me that my sites are not Wordpress sites even though they clearly are. Working fine before the update and not working after. About to dig into config files to see if I can figure it out.
by Rookie
This is exactly my issue after updating ... also I did not do anything 'wrong' ... as there is nothing to do wrong tbh.

Did you find out what the issue is ?
by Expert

Please, guys, just a couple of users are having this issue and none of you want to debug it.

This is the functions we use to determine if a site is WP or not:

is_wp() {
 # $1 = domain, $2 = WP subfolder
 if [[ -z $2 && -a /etc/nginx/sites-available/$1 && -n $(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$1 | grep -F "wpcommon") ]]; then
  echo "true"
 elif [[ -n $2 && -a /etc/nginx/sites-available/$1 && -a /etc/nginx/apps.d/$1$subname-wpcommon.conf && -a /var/www/$1/htdocs$2/wp-config.php ]]; then
  echo "true"
 else
  echo "false"
 fi
}

You tell me, what's wrong?

by Rookie
I don't know what fixed it aside from rebooting the server a couple of times. It magically cleared up - both the http auth issue as well as Webinoly not being able to see the sites on the server.
by Rookie
That's strange ... but I tried it ... didn't work for me ...

I still cannot switch off httpauth ... and when I log in with httpsauth... I am given a server 500 internal error..

Also still webinoly thinks my site is not a WP site ...
by Rookie

I'm afraid I'm having issues with httpauth as well after solving most of my previous error code 500 problems (handled in another thread). It seems httpauth cant be fully turned off no matter how hard I try. And I did read all the Webinoly docs on this matter.

In my my case it all boils down to this;
no matter how much I try to turn httpauth off I still have to manually whitelist any IP that needs to login to WP. Otherwise the user just get an error 500. Not even the the httpauth check but a pure http error 500. With roaming editors out there this just won't cut it I'm afraid.

What seems to be the common denominator here is that we all (3 of us I've gathered so far) have upgraded older Webinoly stacks on existing installations to the latest version. In my case from ca 1.3 to 1.9 something.

All I want is to fully turn off all Webinoly induced security. Can I somehow hard code or brute force this?

by Expert

Sorry for the inconvenience!

It seems like for some "unknown" reasons your NGINX configuration become corrupted after the update process, even though I personally test this updates in the development process, seems like we can not always cover all the possible cases.

If you want to "hardcode" this feature, just look into each NGINX configuration file /etc/nginx/sites-available/domain.com and look for the include directives. We use wpcommon.conf when authentication is enabled and wpcommon-noauth.conf when is disabled.

Remember you need to reload Nginx to changes take effect.

Regards.

by Rookie
Thank you for a straight answer!

Yes, it seems that wpcommon.conf is still included in all my WP domains under this stack.

Now manually changing this to wpcommon-noauth.conf .. and reloading.

And YES, it works. Thank you.
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

If you have a question about Webinoly, please ask in English or Spanish.

To report a bug, please ask a question here with the bug tag.

Donations

Webinoly Support Paypal Donations Webinoly Support Bitcoin Donations

Your regular donations is what keep this project moving forward. If you like Webinoly, buy me a coffee or a beer to show support.

Affiliate Links

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...