问题
I want to protect my newly deployed Rails 3 app with the basic http authentication. It's running on the latest Nginx/Passenger and I'm using the following Nginx directive to protect the web root directory:
location = / {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
}
htpasswd file was generated using Apache htpasswd utililty. However, after entering correct username and password I'm getting transferred to the 403 Forbidden error page. Analyzing Nginx error log revealed this:
directory index of "/var/www/mysite/public/" is forbidden, client: 108.14.212.10, server: mysite.com, request: "GET / HTTP/1.1", host: "mysite.com"
Obviously, I don't want to list the contents of the mysite/public directory. How can I configure this properly so the Rails app starts after I enter my login info?
回答1:
You need to re-specify passenger_enabled in the location block.
回答2:
You can let Rails handle the authentication
# application_controller.rb
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "foo" && password == "bar"
end
end
also you should set config.serve_static_assets = true in your environment.rb (or applicaion.rb in Rails 3) so that the static assets in public go through the same filter.
回答3:
Check your Nginx error log. 403 means that you got the path to your password file wrong.
来源:https://stackoverflow.com/questions/4171454/password-protecting-rails-site-running-on-nginx-and-phusion-passenger