Enabling password only on admin panel

bevilacqc · September 19, 2025, 9:36am

Hello,
I want to enable the admin panel on an app that doesn’t require authentication. What is the easiest way to protect only the admin panel with a password?

Olivier1 · September 22, 2025, 4:09am

Hello,
Did you check Allowing Guest Users — Panel v1.8.1 ?

bevilacqc · September 22, 2025, 9:08am

Hi @Olivier1,
thanks for the suggestion!
I added the --basic-auth and --oauth-guest-endpoints /index options to panel serve and I can now navigate to /index without a password while when going to /admin a login is requested.
One issue I have with that though is that I want the main page to be shown when going to localhost and I set up --index=index to that aim. Instead, with authentication on the login form is shown when navigating to localhost.
I tried to add “/” as an oauth-guest-endpoints but then the page is not loading at all with the error:

2025-09-22 09:04:43,839 Uncaught exception GET /ws (172.17.0.1)
HTTPServerRequest(protocol='http', host='localhost:5006', method='GET', uri='/ws', version='HTTP/1.1', remote_ip='172.17.0.1')
Traceback (most recent call last):
  File "/usr/local/lib/python3.13/site-packages/tornado/websocket.py", line 965, in _accept_connection
    open_result = handler.open(*handler.open_args, **handler.open_kwargs)
  File "/usr/local/lib/python3.13/site-packages/tornado/web.py", line 3372, in wrapper
    self.redirect(url)
    ~~~~~~~~~~~~~^^^^^
  File "/usr/local/lib/python3.13/site-packages/tornado/websocket.py", line 638, in _raise_not_supported_for_websockets
    raise RuntimeError("Method not supported for Web Sockets")
RuntimeError: Method not supported for Web Sockets

Is this an expected behavior and, if so, is there any workaround?

Olivier1 · September 23, 2025, 4:28am

By using the following command line

panel serve index.py --admin --basic-auth my_password --cookie-secret my_super_safe_cookie_secret --show --oauth-guest-endpoints /index /

When I navigate to http://localhost:5006/, the page is automatically redirected to http://localhost:5006/index

bevilacqc · September 24, 2025, 1:14pm

Thanks @Olivier1, that works for me as well!
Out of curiosity, do you know why the --index=index option doesn’t work? It is more of an esthetic thing but with it the page is directly served at the root, while without it the browser is redirected to /index.

Marc · September 27, 2025, 4:53am

If it does not work @bevilacqc please report it as an issue on Github with a reproducible example. Thanks.

bevilacqc · September 29, 2025, 10:56am

I just opened the issue --oauth-guest-endpoints not working with --index in panel serve · Issue #8224 · holoviz/panel · GitHub