I want to protect my newly deployed Rails 3 app with the basic http authentication. It's running on the latest Nginx/Passenger and I'm using the following Nginx directive to protect the web root directory:

location = / {
  auth_basic "Restricted";
  auth_basic_user_file htpasswd;
}  

htpasswd file was generated using Apache htpasswd utililty. However, after entering correct username and password I'm getting transferred to the 403 Forbidden error page. Analyzing Nginx error log revealed this:

directory index of "/var/www/mysite/public/" is forbidden, client: 108.14.212.10, server: mysite.com, request: "GET / HTTP/1.1", host: "mysite.com"

Obviously, I don't want to list the contents of the mysite/public directory. How can I configure this properly so the Rails app starts after I enter my login info?

You need to re-specify passenger_enabled in the location block.

You can let Rails handle the authentication

# application_controller.rb
before_filter :authenticate

protected

def authenticate
  authenticate_or_request_with_http_basic do |username, password|
    username == "foo" && password == "bar"
  end
end

also you should set config.serve_static_assets = true in your environment.rb (or applicaion.rb in Rails 3) so that the static assets in public go through the same filter.

Check your Nginx error log. 403 means that you got the path to your password file wrong.