Accessing the classic ui on a deployed CookiePlone instance

Plone Support
1

Hey future self... just a quick note, in case you need to access the classic UI on your CookiePlone-built site.

As you know, cookieplone is optimised for volto. Typically you might go to port 8080 to get to the classic UI. This isn't possible to do with a cookieplone-based deployment, even if you use an SSH tunnel.

Don't worry though. They have a solution for this use case.
It is possible to access the classic UI when using Cookieplone
by visiting /ClassicUI

https://yoursite.example.com/ClassicUI

This means it is possible to do things that are trickier in Volto at the moment.

  1. For example exporting the schema for a backend content type.
  2. Rebuilding the catalog - /ClassicUI/portal_catalog/manage_catalogAdvanced
  3. Managing workflows - /ClassicUI/portal_workflow/manage_selectWorkflows
2

Hi David,
Using my cookieplone created project, I cannot use the ClassicUI url.
Could you elaborate a little bit more on how you've got this working?

I have created a project using:

pipx run cookieplone project

Did a make build on the frontend and ran it with:

pnpm start:prod

Configured NGINX to run as a ssl terminator and reverse proxy. https://yoursite.example.com is working fine

Currently, I am struggling to test the saml2 pas plugin created by @maethu and would like to use the ClassicUI in my IDP settings. Using https and port 8080 does not fly and since azure wants https locations configured, I cannot use port 8080.

entityID would become https://yoursite.example.com/ClassicUI/acl_users/saml/metadata for instance

So, I would really appreciate your insights in how to enable the ClassicUI 'feature'.

Thank,
Nils

3

There was no nginx involved in my setup. I used the "out of the box" Traefik configurations and deployed using the default ansible setup found under the "devops" folder.

4

Thank you for taking the time to clarify this.
Back to the rabbit hole called saml2-volto-plone

5

A good night sleep does wonders.
I can now access the backend through https by calling https://myhost.example.com/Plone
The Zope management interface is also available, but has no style markup.

I am running this setup as a test (in Ubuntu 24.04 LTS) and these are the steps to reproduce my setup:

  1. Install Nginx: sudo apt install nginx
  2. pipx run cookieplone project
  3. cd [newproject] and execute "make install"
  4. cd frontend and execute "make build"
  5. copy certificate to /etc/ssl/certs and key file to /etc/ssl/private
  6. create a site in Nginx: vi /etc/nginx/sites-available/[mysite]
  7. paste the configuration below into the Nginx [mysite] file
  8. cd into /etc/nginx/sites-enabled
  9. create a symbolic link to /etc/nginx/sites-avilable/[mysite], "sudo ln -s /etc/nginx/sites-available/[mysite] [mysite]"
  10. sudo nginx
  11. cd [newproject]/frontend and execute "pnpm start:prod"
  12. in a new terminal window cd into [newproject]/backend and execute "make start"
  13. test your setup and go to https://myhost.example.com/ for the frontend
  14. test backend and go to https://myhost.example.com/Plone for the backend

upstream backend {
server localhost:8080;
}
upstream frontend {
server localhost:3000;
}

server {
listen 80;
listen 443 ssl;
server_name myhost.example.com;

ssl_certificate /etc/ssl/certs/myhost.example.com.crt;
ssl_certificate_key /etc/ssl/private/myhost.example.com.key;
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 70;

client_max_body_size 1G;

access_log /dev/stdout;
error_log /dev/stdout;

#API traversal rule
location ~ /++api++($|/.) {
rewrite ^/++api++($|/.) /VirtualHostBase/https/myhost.example.com/Plone/++api++/VirtualHostRoot/$1 break;
proxy_pass http://backend;
}

#Backend access in browser
location ~ /Plone($|/.) {
rewrite ^/Plone($|/.) /VirtualHostBase/https/myhost.example.com/Plone/VirtualHostRoot/Plone/$1 break;
proxy_pass http://backend;
}

location ~ / {
location ~* .(js|jsx|css|less|swf|eot|ttf|otf|woff|woff2)$ {
add_header Cache-Control "public";
expires +1m;
proxy_pass http://frontend;
}
location ~* static.*.(ico|jpg|jpeg|png|gif|svg)$ {
add_header Cache-Control "public";
expires +1m;
proxy_pass http://frontend;
}

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;
  proxy_redirect http:// https://;
  proxy_pass http://frontend;

}
}

6

using "wcs.samlauth" on the backend, I am now able to logon to the backend using SAML by visiting: https://myhost.example.com/Plone/acl_users/saml/sls

In Azure I created an enterprise application with the following site settings:
Entity ID: https://myhost.example.com/Plone/acl_users/saml/metadata
Reply URL: https://myhost.example.com/Plone/acl_users/saml/acs
Logout URL: https://myhost.example.com/Plone/acl_users/saml/logout

Don't forget to add users/groups to your application.

I will continue my journey of Volto/Plone/Saml in another thread, because I kinda hijacked this one from @pigeonflight

7

No worries :)... glad you're making progress.