Basic http authentication

Hi all,

I just finished my first Rails deployment with passenger and nginx
0.6.37 and everything is running. But, I need to protect the whole site
since it is just in staging.

After messing with authenticate_or_request_with_http_digest I found out
this isn’t supported in nginx. I thought no big deal, basic
authentication if fine. So I used the apache htpasswd command to create
the password file under the public folder.

But it doesn’t seem to work for me and I can’t see why. I guess I am
just missing something dumb since I am a rookie Linux user, new to Rails
and I just discovered nginx that seems perfect for my needs.

Here is my minimal nginx server conf:

server {
listen 80;
server_name mywebsite.com;
root /var/www/mywebsite/public;
passenger_enabled on;

location / {
  auth_basic "Restricted Access";
  auth_basic_user_file /var/www/mywebsite/public/htpasswd;
}
}

It seems to be validating the good password because I am prompted again
with a bad password. But when I enter a valid password I keep getting
403 Forbidden. If I remove the location block I get access to everything
so I don’t think it is a Linux permission issue. I also tried adding a
regex (location ^~ /) to match everything under the root without any
success.

Any clue on what’s missing? Any other simple suggestion to protect a
site access without any highly sensitive data?

Thanks a lot

Hi again, it would be very nice if I could get any suggestion. Does my
server block example seems to be correct to you or I am far in the
trees?

I looked over every example I could find on the Web and I still can’t
figure out what is wrong this configuration.

Thanks

Never mind I solved it. You should have told me to go RTFM over there:
http://wiki.nginx.org/NginxHttpAuthBasicModule :wink:

I just had to move the 2 lines below under the server context:

auth_basic “Restricted Access”;
auth_basic_user_file /var/www/mywebsite/public/.htpasswd;

I didn’t understand the location context is meant for virtual host.

Thanks for you work Igor, you really are an open source hero!