Basic http authentication

Jerome St-pierre lists at
Tue Aug 25 18:50:00 MSD 2009

Hi all,

I just finished my first Rails deployment with passenger and nginx
0.6.37 and everything is running. But, I need to protect the whole site
since it is just in staging.

After messing with authenticate_or_request_with_http_digest I found out
this isn't supported in nginx. I thought no big deal, basic
authentication if fine. So I used the apache htpasswd command to create
the password file under the public folder.

But it doesn't seem to work for me and I can't see why. I guess I am
just missing something dumb since I am a rookie Linux user, new to Rails
and I just discovered nginx that seems perfect for my needs.

Here is my minimal nginx server conf:

server {
        listen       80;
    root /var/www/mywebsite/public;
    passenger_enabled on;

    location / {
      auth_basic "Restricted Access";
      auth_basic_user_file /var/www/mywebsite/public/htpasswd;

It seems to be validating the good password because I am prompted again
with a bad password. But when I enter a valid password I keep getting
403 Forbidden. If I remove the location block I get access to everything
so I don't think it is a Linux permission issue. I also tried adding a
regex (location ^~ /) to match everything under the root without any

Any clue on what's missing? Any other simple suggestion to protect a
site access without any highly sensitive data?

Thanks a lot
Posted via

More information about the nginx mailing list