Phusion Passenger aka. “mod_rails” is great! It makes Rails deployment pretty easy and time-saving. Unfortunately it has a bug in it’s current 2.0.6 version which breaks Basic Authentication. Though this bug is fixed in the unreleased 2.1 version (see here) you need to care about the problem by yourself for now. The only working solution for me was to user Rails’ Basic Authentication functionality by hacking the following into my application controller:
authenticate_or_request_with_http_basic do |user_name, password|
user_name == "JohnDoe" && password == "secret123"
At this point you can be as creative as you want with reading the user name and password form a file or database and checking hashed passwords instead of plain text. For my purposes this was just enough, so I didn’t waste any more time on it. At the end of this post be warned: Basic Authentication through Rails does only protect your application, but it does not protect the static content in your public directory.