Protecting staging/testing site area

It seems, that the easiest way to protect staging/testing version of the (rails) application from search engines and undesired users is using HTTP Basic Authentication. Configuring it for nginx is very easy and well documented.

First, enable HTTP Basic Authentication and specify passwords file location. To do this, add these lines to the site’s server config:

auth_basic "Testing Zone";
auth_basic_user_file /var/www/my_app/current/shared/config/.htpasswd;

Passwords file, specified in auth_basic_user_file directive, should store users and encrypted passwords in the following format:

user:pass
user2:pass2:comment
user3:pass3

To encrypt passwords using MD5, htpasswd (goes with apache) or openssl tools can be used:

openssl passwd -1 user_name

Then create /var/www/my_app/current/shared/config/.htpasswd file with the user name and encrypted password:

user_name:$1$YSZFGvi9$BjAEmoG/a//a0UkNyzjMC/

Then restart nginx, open your site and you’ll see login/password prompt.