Accessing the classic ui on a deployed CookiePlone instance

Hey future self... just a quick note, in case you need to access the classic UI on your CookiePlone-built site.

As you know, cookieplone is optimised for volto. Typically you might go to port 8080 to get to the classic UI. This isn't possible to do with a cookieplone-based deployment, even if you use an SSH tunnel.

Don't worry though. They have a solution for this use case.
It is possible to access the classic UI when using Cookieplone
by visiting /ClassicUI

https://yoursite.example.com/ClassicUI

This means it is possible to do things that are trickier in Volto at the moment.

1. For example exporting the schema for a backend content type.
2. Rebuilding the catalog - /ClassicUI/portal_catalog/manage_catalogAdvanced
3. Managing workflows - /ClassicUI/portal_workflow/manage_selectWorkflows

Hi David,
Using my cookieplone created project, I cannot use the ClassicUI url.
Could you elaborate a little bit more on how you've got this working?

I have created a project using:

pipx run cookieplone project

Did a make build on the frontend and ran it with:

pnpm start:prod

Configured NGINX to run as a ssl terminator and reverse proxy. https://yoursite.example.com is working fine

Currently, I am struggling to test the saml2 pas plugin created by @maethu and would like to use the ClassicUI in my IDP settings. Using https and port 8080 does not fly and since azure wants https locations configured, I cannot use port 8080.

entityID would become https://yoursite.example.com/ClassicUI/acl_users/saml/metadata for instance

So, I would really appreciate your insights in how to enable the ClassicUI 'feature'.

Thank,
Nils

There was no nginx involved in my setup. I used the "out of the box" Traefik configurations and deployed using the default ansible setup found under the "devops" folder.

Thank you for taking the time to clarify this.
Back to the rabbit hole called saml2-volto-plone

A good night sleep does wonders.
I can now access the backend through https by calling https://myhost.example.com/Plone
The Zope management interface is also available, but has no style markup.

I am running this setup as a test (in Ubuntu 24.04 LTS) and these are the steps to reproduce my setup:

1. Install Nginx: sudo apt install nginx
2. pipx run cookieplone project
3. cd [newproject] and execute "make install"
4. cd frontend and execute "make build"
5. copy certificate to /etc/ssl/certs and key file to /etc/ssl/private
6. create a site in Nginx: vi /etc/nginx/sites-available/[mysite]
7. paste the configuration below into the Nginx [mysite] file
8. cd into /etc/nginx/sites-enabled
9. create a symbolic link to /etc/nginx/sites-avilable/[mysite], "sudo ln -s /etc/nginx/sites-available/[mysite] [mysite]"
10. sudo nginx
11. cd [newproject]/frontend and execute "pnpm start:prod"
12. in a new terminal window cd into [newproject]/backend and execute "make start"
13. test your setup and go to https://myhost.example.com/ for the frontend
14. test backend and go to https://myhost.example.com/Plone for the backend

upstream backend {
server localhost:8080;
}
upstream frontend {
server localhost:3000;
}

server {
listen 80;
listen 443 ssl;
server_name myhost.example.com;

ssl_certificate /etc/ssl/certs/myhost.example.com.crt;
ssl_certificate_key /etc/ssl/private/myhost.example.com.key;
ssl_protocols TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 70;

client_max_body_size 1G;

access_log /dev/stdout;
error_log /dev/stdout;

#API traversal rule
location ~ /++api++($|/.) {
rewrite ^/++api++($|/.) /VirtualHostBase/https/myhost.example.com/Plone/++api++/VirtualHostRoot/$1 break;
proxy_pass http://backend;
}

#Backend access in browser
location ~ /Plone($|/.) {
rewrite ^/Plone($|/.) /VirtualHostBase/https/myhost.example.com/Plone/VirtualHostRoot/Plone/$1 break;
proxy_pass http://backend;
}

location ~ / {
location ~* .(js|jsx|css|less|swf|eot|ttf|otf|woff|woff2)$ {
add_header Cache-Control "public";
expires +1m;
proxy_pass http://frontend;
}
location ~* static.*.(ico|jpg|jpeg|png|gif|svg)$ {
add_header Cache-Control "public";
expires +1m;
proxy_pass http://frontend;
}

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;
  proxy_redirect http:// https://;
  proxy_pass http://frontend;

}
}

using "wcs.samlauth" on the backend, I am now able to logon to the backend using SAML by visiting: https://myhost.example.com/Plone/acl_users/saml/sls

In Azure I created an enterprise application with the following site settings:
Entity ID: https://myhost.example.com/Plone/acl_users/saml/metadata
Reply URL: https://myhost.example.com/Plone/acl_users/saml/acs
Logout URL: https://myhost.example.com/Plone/acl_users/saml/logout

Don't forget to add users/groups to your application.

I will continue my journey of Volto/Plone/Saml in another thread, because I kinda hijacked this one from @pigeonflight

No worries :)... glad you're making progress.

Spoiler:

When it comes to access the ZMI at the root it becomes trickier when you have the full Traefic setup from the devops templates in cookieplone.

While it is enough to enter the ZMI at the Plone level using ./ClassicUI/manage you need to use ./ClassicUI/aq_parent/manage_main to get to the ZMI root. (e.g. to change the admin credentials or remove a temporary emergency user).

While it is enough to get to the ZMI at the Plone level to use the admin login credentials you use for Plone/Volto you may be challenged with a http basic auth challenge at the traefik level (not distinguishable from the classic ZMI login, you may know).

If you struggle at the ZMI root, check this:

Here comes the trick: Depending on the version of your cookieplone template, you are challenged with a http basic auth login at the treafik level, that was defined in the docker-compose.yml in the project root and then propagated during the devops/Makefile commands to the devops folder.

I guess this was changed, but I need to lookup this again. Check the cookieplone-templates changelog.