lockdown a website, password protect

Francis Daly francis at daoine.org
Sun Dec 9 11:04:35 UTC 2012

On Sat, Dec 08, 2012 at 09:48:54PM -0500, S Ahmed wrote:

Hi there,

> Before I launch my website, I want to be able to test it live in production
> but don't want anyone else to view it.

The most straightforward way is probably to use a separate server{} block
for "now" and "next", and protect all of "next" and none of "now". Then,
when you're happy with it, remove the protection and swap names.

If you don't want to do that...

> Would it be possible to lock down the website except for the main page, all
> other pages require me to enter a password to view it?


Provided that you can specify which locations correspond to "the main
page" and which do not.

Put access control -- for example "auth_basic"
(http://nginx.org/r/auth_basic) and associated directives -- at server{}
level, then in "the main page" locations, remove it -- for example, by
"auth_basic off".

"the main page" is probably some combination of things like

  location = / {}
  location = /index.html {}
  location = /images/banner.png {}

and maybe more.

Francis Daly        francis at daoine.org

More information about the nginx mailing list