Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tiago Franco

Min Read

February 25, 2024

Ruby on Rails protected with Nginx

In this article you'll get a direct explanation on how to get your Ruby on Rails applications password protected with Nginx. Beforehand, I'll assume that your web application is already running, but it is not yet password protected.

When we start working on a new project, it first gets deployed to what we call a staging environment, following a test driven development methodology. The main goal is to allow the customer to evaluate the progress of the project without it being deployed.

In order to keep things private and prevent Google and other search engines from indexing the site too soon, we need to password protect it. There's already some information out there on how to achieve this with Nginx, but in order to figure it out clearly, we have to dig into several other websites.

That is why I've decided to put together this small guide on how to password protect a Ruby on Rails web application with Nginx and Passenger.

blue arrow to the left
Imaginary Cloud logo

The Framework Stack

To clarify, and kick it off, the framework stack consists of:

  • Ruby on Rails
  • Passenger
  • Nginx

Since the server is already running, there should be a server section on your nginx.conf file similar to this:


In order to password protect an existing site, you need to first generate a password file. The easiest way is to achieve it is to use a web application such as the Htpasswd Generator. Then, store the generated text in a file in the server.

Next, edit the nginx.conf file again and change the server section to:


Finally, paste the location of your .htpasswd file at:

Notice the passenger_enabled entry inside the password protect section? This entry is needed to trigger Passenger after completing the password authentication process. Otherwise the server will try to list the web root directory, and probably show an unauthorized error.

And we're done. It often seems way harder than it actually is, but this is really all it takes to password protect your Rails app with Passenger and Nginx.

Ready for a UX Audit? Book a free call

Found this article useful? You might like these ones too!

blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
blue arrow to the left
Imaginary Cloud logo
Tiago Franco
Tiago Franco

CEO @ Imaginary Cloud and co-author of the Product Design Process book. I enjoy food, wine, and Krav Maga (not necessarily in this order).

Read more posts by this author

People who read this post, also found these interesting:

arrow left
arrow to the right
Dropdown caret icon