I installed Plone 6 on a new server using Docker. Everything works great, but when I go to the site, it seems like it automatically created an admin user with the password admin. That seems really unsafe, so I tried to change it, but when I go to the user preferences, change password is not one of the options. And when I go to zope… in acl_users, I’m also not able to find the admin user. Is this some kind of special admin user that can’t be found in Plone’s normal user management?
I suspect you're at the root of the plone site. You must change the admin user’s password at the root of zope: http://localhost:8080/acl_users/users/manage_users.
i’m not able to access that… i go to my site https://mysite.com/ and it’s the plone site… if i go to http://mysite.com:8080 then it doesn’t load. Here’s what my nginx.conf file looks like, which might explain why… it redirects http to https…
# HTTP: redirect to HTTPS, but serve Let's Encrypt challenge files
server {
listen 80;
server_name mysite.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS: reverse proxy to Plone backend
server {
listen 443 ssl;
server_name mysite.com;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
client_max_body_size 64m;
location / {
proxy_pass http://backend:8080/VirtualHostBase/https/mysite.com:443/Plone/VirtualHostRoot/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
go to your site IP:8080, it will work. You can also try to use this url:
https://mysite.com/../acl_users/users/manage_users
You could also change the password command line but plone distribution seems to miss the zope.password package, can someone correct me if not?
Anyway, I think an entry point in the dockerfile should be added to change zope user passwords, like there's one to create the user:
Hi,
To avoid this kind of security issue, we use collective.big.bang. It creates the Plone site on Zope startup and lets you set the Zope admin password via the ADMIN_PASSWORD environment variable (you also need ACTIVE_BIGBANG=True).
And in your case, your proxy “override” access to zope admin, so you can use “aq_parent” trick to access to zope admin like: https://mysite.com/aq_parent/acl_users/users/manage_users