Protecting staging/testing site area
It seems, that the easiest way to protect staging/testing version of the (rails) application from search engines and undesired users is using HTTP Basic Authentication. Configuring it for nginx is very easy and well documented.
First, enable HTTP Basic Authentication and specify passwords file location. To do this, add these lines to the site’s server config:
auth_basic "Testing Zone"; auth_basic_user_file /var/www/my_app/current/shared/config/.htpasswd;
Passwords file, specified in
auth_basic_user_file directive, should store users and encrypted passwords in the following format:
user:pass user2:pass2:comment user3:pass3
To encrypt passwords using MD5,
htpasswd (goes with apache) or
openssl tools can be used:
openssl passwd -1 user_name
/var/www/my_app/current/shared/config/.htpasswd file with the user name and encrypted password:
Then restart nginx, open your site and you’ll see login/password prompt.