tags:

views:

645

answers:

2
+2  Q: 

Rails 3, Authlogic, NGINX and HTTP basic authentication no working nicely together

I am in the early stages of building an app using Rails 3. User authentication is powered by Authlogic which I have setup pretty much as standard (as per the example docs) and everything is working as expected locally.

I have just deployed the app to a clean server install of Centos 5.4 / NginX / Passenger so staff can start to log in and enter content, etc. However, we're a long way from this being ready for public eyes so I have used NginX's basic auth module to keep the entire site behind another level of authentication.

Unfortunately Authlogic's authentication and NginX's basic authentication seem to be conflicting with one another. If basic auth is on then it is impossible to log in with Authlogic, yet if I disable basic auth then Authlogic works as expected.

I haven't posted any code as I'm really not sure what code would be relevant. I wonder whether this is a known issue and if there is any changes I can make to the configuration to get round the issue?

+1  A: 

I still didn't try Rails 3, so my answer will be more general. And I don't know basic auth module for NginX.

  1. If your team is connected localy, then you can create server accessible from local network only.
  2. If you need access via Internet, then you can hide it behind VPN.
  3. You can set access to site only through local ip and give ssh access to anybody who need it. It is easy to create socks proxy via ssh (in linux: ssh -D 8080 [email protected]; where 8080 is port number, then set socks proxy in browser and you can lunch yoursever.com:3000).
  4. I think that NginX allows you to set allowed IP's and deny other - so you can use it also for access restriction.
  5. And also you can temporarly add to ApplicationController before_filter :require_login :), so only login page will be availbe to the world.

Hope it helps!

klew  2010-05-17 18:05:34
Thanks for your suggestions. In the end I've answered my own question. The solution was in the docs, just needed to look hard enough.
aaronrussell  2010-05-17 20:53:54
+6  A: 

I can answer my own question (after several hours of looking in completely the wrong place). A good readup on Authlogic::Session::Config did the trick.

class UserSession < Authlogic::Session::Base
  allow_http_basic_auth false
end
aaronrussell  2010-05-17 20:52:07
Wow.. so happy I found this - I've been trying to solve this problem for about 3 days now. Thanks!
zaius  2010-08-09 07:49:09

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.