I'd like to run an app in a restricted private beta on heroku.
We're changing the app regularly and haven't done a security audit.
To stop anyone exploiting stuff, we'd like to lock down the whole site, so you need a password to access anything.
Ideally similar to using .htaccess and .htpasswd files to lock an entire site on an Apache server.
Is there a simple one shot way to do this for a heroku hosted app?
free, hobby and standard-1x have 512 MB. standard-2x has 1024 MB. performance-m has 2.5 GB.
Private Spaces are currently available only in Heroku Enterprise. Private Spaces are dedicated environments for running dynos and certain types of add-ons within an isolated network. Access to apps in a Private Space can be controlled at the network level.
When Do Apps Sleep? When an app on Heroku has only one web dyno and that dyno doesn't receive any traffic in 1 hour, the dyno goes to sleep. When someone accesses the app, the dyno manager will automatically wake up the web dyno to run the web process type.
It's Expensive A single minimum-power dyno runs you $36 per month (note: pricing is out of date), assuming you need barely any space in Postgres. Heroku is basically going to cost you at least twice what a VPS would cost (e.g. Linode or Digital Ocean) and give you much less power.
Just use authenticate_or_request_with_http_basic
in a before_filter in your ApplicationController.
See this Railscasts episode for instructions: http://railscasts.com/episodes/82-http-basic-authentication
.htaccess
and .htpasswd
basically tells Apache to authenticate the user using a Basic Auth system. You can do the same with a pure-Rack layer.
See http://rack.rubyforge.org/doc/Rack/Auth/Basic.html
Because you are using Heroku, I assume you are deploying a Rack-compatible application (either a Rack, Rails or Sinatra app).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With