I have an insecure Meteor running on AWS. For those not familiar with Meteor, that means I am using the "insecure" package, which trades security for rapid prototyping.
I only need our development team and stakeholders to access the server. In the past, I solved the problem by just white-listing everybody's IP addresses in the firewall. Now the team is kind of big, and collecting everybody's IP addresses might be difficult to do.
So I want to password-protect Meteor using Nginx.
I know how to password-protect the html; but Meteor uses Websockets, something I am completely unfamiliar with. How do I password-protect the websockets?