In this article you'll get a direct explanation on how to get your Ruby on Rails applications password protected with Nginx. Beforehand, I'll assume that your web application is already running, but it is not yet password protected.
When we start working on a new project, it first gets deployed to what we call a staging environment, following a test driven development methodology. The main goal is to allow the customer to evaluate the progress of the project without it being deployed.
In order to keep things private and prevent Google and other search engines from indexing the site too soon, we need to password protect it. There's already some information out there on how to achieve this with Nginx, but in order to figure it out clearly, we have to dig into several other websites.
That is why I've decided to put together this small guide on how to password protect a Ruby on Rails web application with Nginx and Passenger.
The Framework Stack
To clarify, and kick it off, the framework stack consists of:
- Ruby on Rails
- Passenger
- Nginx
Since the server is already running, there should be a server section on your nginx.conf file similar to this:
server {
listen 80;
server_name staging.example.com;
rails_env staging;
root /home/foo/example.com/current/public;
passenger_enabled on;
}
In order to password protect an existing site, you need to first generate a password file. The easiest way is to achieve it is to use a web application such as the Htpasswd Generator. Then, store the generated text in a file in the server.
Next, edit the nginx.conf file again and change the server section to:
server {
listen 80;
server_name staging.example.com;
rails_env staging;
root /home/foo/example.com/current/public;
passenger_enabled on;
#password protect
location ~ / {
auth_basic "Restricted";
root /home/foo/example.com/shared/.htpasswd;
passenger_enabled on;
}
}
Finally, paste the location of your .htpasswd file at:
/home/foo/example.com/shared/.htpasswd;
Notice the passenger_enabled entry inside the password protect section? This entry is needed to trigger Passenger after completing the password authentication process. Otherwise the server will try to list the web root directory, and probably show an unauthorized error.
And we're done. It often seems way harder than it actually is, but this is really all it takes to password protect your Rails app with Passenger and Nginx.
Found this article useful? You might like these ones too!