密码保护在 Nginx 和 Phusion Passenger 上运行的 Rails 站点
我想使用基本的 http 身份验证来保护我新部署的 Rails 3 应用程序。它在最新的 Nginx/Passenger 上运行,我使用以下 Nginx 指令来保护 Web 根目录:
location = / {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
}
htpasswd 文件是使用 Apache htpasswd 实用程序生成的。但是,输入正确的用户名和密码后,我会转到 403 Forbidden 错误页面。分析 Nginx 错误日志揭示了这一点:
directory index of "/var/www/mysite/public/" is forbidden, client: 108.14.212.10, server: mysite.com, request: "GET / HTTP/1.1", host: "mysite.com"
显然,我不想列出 mysite/public 目录的内容。如何正确配置,以便 Rails 应用程序在我输入登录信息后启动?
I want to protect my newly deployed Rails 3 app with the basic http authentication. It's running on the latest Nginx/Passenger and I'm using the following Nginx directive to protect the web root directory:
location = / {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
}
htpasswd file was generated using Apache htpasswd utililty. However, after entering correct username and password I'm getting transferred to the 403 Forbidden error page. Analyzing Nginx error log revealed this:
directory index of "/var/www/mysite/public/" is forbidden, client: 108.14.212.10, server: mysite.com, request: "GET / HTTP/1.1", host: "mysite.com"
Obviously, I don't want to list the contents of the mysite/public directory. How can I configure this properly so the Rails app starts after I enter my login info?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您需要在位置块中重新指定passenger_enabled。
You need to re-specify passenger_enabled in the location block.
您可以让Rails处理身份验证,
您还应该设置
config.serve_static_assets = true在您的environment.rb(或 Rails 3 中的applicaion.rb)中,以便public中的静态资源通过相同的过滤器。You can let Rails handle the authentication
also you should set
config.serve_static_assets = truein yourenvironment.rb(orapplicaion.rbin Rails 3) so that the static assets inpublicgo through the same filter.检查您的 Nginx 错误日志。
403表示您的密码文件路径错误。Check your Nginx error log.
403means that you got the path to your password file wrong.