[OctoPrint v1.4.2, OctoPi v0.17.0]
I have enabled HTTP authentication on haproxy and installed fail2ban for protection against brute force attacks. Accessing the web-interface works perfectly.
However - uploading gcode using the API from PrusaSlicer is not possible anymore as a valid username and password is neccessary. IMHO this is absolutely logical.
Maybe this is a stupid question:
Is it still possible accessing OctoPrint from PrusaSlicer with HTTP authentication enabled? I have absolutely no idea where I should specify username and password.
I have not found a topic on the forum - if did overlook it - my apologies.
Any help is appreciated!
Thanks
Markus
It's what i do, too.
When using the API-key you dont need to to supply user/password.
Just make sure you use the created the API-key from the corect user...
Just to be on the same page: You have activated authentication both on application level (OctoPrint) and you also have additionaly set up haproxy with authentication so you get an additional HTTP-log in window created by the browser?
I have tried different API-Keys (the admin one and als created an additional user with a separate key), none of this works.
PrusaSlicer always displays the following errormessage:
"Could not connect to OctoPrint: HTTP 401:
401 Unauthorized
You need a valid user and password to access this content.
Note: OctoPrint version at least 1.1.0 is required."
Everything was working flawlessly before I enabled HTTP-authentication...
Doing it without the haproxy-auth...
So, sorry i have no solution...
Can you modify the URL like this? http://username:password@example.com/
Thanks for the tip! This basically works, downside: The username and password are visible in plaintext within PrusaSlicer and the transmission of the credentials to OctoPrint is nearly transparent (Base64). At the moment I am trying to implement HTTPS access from within PrusaSlicer. It's not that satisfactory using self-signed certificates
I'll also try ngrok on another Pi and see if it's easier to setup and maintain.
There is one more tip I can offer (without the exact solution). In @foosel's latest OctoPrint on Air she informs us that access control will be mandatory in 1.5.0+ but there is a way for the local subnet (only) to bypass it.
Since I don't have access control enabled (yet) myself, I don't know how to accomplish this but I'll let you know when I figure it out.
The API key is a form of access control, I think the OP is using http basic auth (or similar) so that shouldn't affect them.