Lockdown a website, password protect

Before I launch my website, I want to be able to test it live in
production
but don’t want anyone else to view it.

Would it be possible to lock down the website except for the main page,
all
other pages require me to enter a password to view it?

I can do this many ways (by limited ip address etc), but I was wondering
if
there was a simple way to do it via nginx somehow which would save me
the
work.

I’ve seen some very crude types of authentication where you get this
ugly
popup and you enter the password and you can view the site.

I believe it was using the web server to do this.

Possible?

On Sat, Dec 08, 2012 at 09:48:54PM -0500, S Ahmed wrote:

Hi there,

Before I launch my website, I want to be able to test it live in production
but don’t want anyone else to view it.

The most straightforward way is probably to use a separate server{}
block
for “now” and “next”, and protect all of “next” and none of “now”. Then,
when you’re happy with it, remove the protection and swap names.

If you don’t want to do that…

Would it be possible to lock down the website except for the main page, all
other pages require me to enter a password to view it?

Yes.

Provided that you can specify which locations correspond to “the main
page” and which do not.

Put access control – for example “auth_basic”
(Module ngx_http_auth_basic_module) and associated directives – at server{}
level, then in “the main page” locations, remove it – for example, by
“auth_basic off”.

“the main page” is probably some combination of things like

location = / {}
location = /index.html {}
location = /images/banner.png {}

and maybe more.

f

Francis D. [email protected]