Hi all,
I just finished my first Rails deployment with passenger and nginx
0.6.37 and everything is running. But, I need to protect the whole site
since it is just in staging.
After messing with authenticate_or_request_with_http_digest I found out
this isn’t supported in nginx. I thought no big deal, basic
authentication if fine. So I used the apache htpasswd command to create
the password file under the public folder.
But it doesn’t seem to work for me and I can’t see why. I guess I am
just missing something dumb since I am a rookie Linux user, new to Rails
and I just discovered nginx that seems perfect for my needs.
Here is my minimal nginx server conf:
server {
listen 80;
server_name mywebsite.com;
root /var/www/mywebsite/public;
passenger_enabled on;
location / {
auth_basic "Restricted Access";
auth_basic_user_file /var/www/mywebsite/public/htpasswd;
}
}
It seems to be validating the good password because I am prompted again
with a bad password. But when I enter a valid password I keep getting
403 Forbidden. If I remove the location block I get access to everything
so I don’t think it is a Linux permission issue. I also tried adding a
regex (location ^~ /) to match everything under the root without any
success.
Any clue on what’s missing? Any other simple suggestion to protect a
site access without any highly sensitive data?
Thanks a lot