I am using devpi-lockdown and logging in with user and pass using nginx works successfully.
The problem i have is that when i login, the user can see all other users and package indexes.
Is this normal behaviour?
I want the user only to see their own account with all the package indexes below.
Maybe a quicker feature to implement is to say for what users the web-view can be loaded?
(for example only root can see this)

The users i have:

• root/pypi
• user-a/mono
• user-b/mono

For example when user-a logs in, they can see root/pypi and users-b while they only should be able to see user-a with the index mono.

versions:

devpi-lockdown-2.0.0
devpi-server-6.9.0
devpi-web-4.2.0

my nginx.conf:

# HTTP server redirects all traffic to HTTPS
server {
    listen 80;
    listen [::]:80;

    server_name _;

    # this redirects to the login view when not logged in
    recursive_error_pages on;
    error_page 401 = @error401;
    location @error401 {
        return 302 /+login?goto_url=$request_uri;
    }

    # lock down everything by default
    auth_request /+authcheck;

    # the location to check whether the provided infos authenticate the user
    location = /+authcheck {
        internal;

        proxy_pass_request_body off;

        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;
        proxy_set_header X-outside-url $scheme://$http_host;  # copy the value from your existing configuration
        proxy_set_header X-Real-IP $remote_addr;  # copy the value from your existing configuration

        proxy_pass http://devpi:3141;
    }

    location / {
        # workaround to pass all requests to / through to the named location below
        error_page 418 = @proxy_to_app;
        return 418;
    }

    location @proxy_to_app {
        proxy_pass http://devpi:3141;
        # the $x_scheme variable is only required if nginx is behind another
        # proxy (often the case in container environments),
        # if your nginx is the only proxy server, the $scheme variable can be
        # used and the map $http_x_forwarded_proto $x_scheme above be removed
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-outside-url $scheme://$http_host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

As per subject, is there a quick way to do this? Right now I need to manually type /+logout in the browser and not everybody knows that.

While enabling devpi-lockdown, and trying to search, initially search box returns:

After clicking search tho, everything is working perfectly fine.

During typing inside the search box, web console returns:

Looking at the server while typing, it always shows:

I wonder if it is a known issue or a configuration problem.

I get import error as below

from pyramid.authentication import _SimpleSerializer
ImportError: cannot import name '_SimpleSerializer'

However I notice that the authentication.py itself imports from pyramid.util import SimpleSerializer
Where am I going wrong?

This is more of a question than an issue.

I have Devpi running with Devpi-lockdown on a remote server, I'm trying to install a package that I've uploaded to Devpi, but when I do this devpi install or pip install is redirected to the login form. What am I missing? I don't think my nginx configuration is incorrect but it is a possibility.

Would you be able to provide an example command or set of commands to do this?

Thanks