1

On Apache, we had a setup where we could have http auth for all of our dev branches unless the hostname matched our whitelist or if the visitor's IP matched our whitelist.

This is what we had:

SetEnvIf Host master.oursite.co GrantAccess
SetEnvIf Host 1429-new-checkout.oursite.co GrantAccess

allow from 213.141.134.200
allow from 46.159.236.22

How could I accomplish this on NginX in a way that requires minimal configuration each time I want to add/remove access.

Samuurai
  • 185
  • 1
  • 3
  • 8

1 Answers1

3

We have local and remote developers, and sort of public websites that we need to show to clients. This is what I use.

Include a file named something like auth.conf into your vhost configuration

#auth check - satisfy if ip or key match
satisfy any;
allow 95.139.104.184/29;
allow 95.55.120.28/32;
deny  all;
#auth file
auth_basic           "closed site";
auth_basic_user_file /etc/nginx/htpasswd;

Be sure to create the /etc/nginx/htpasswd file

sudo htpasswd -c /etc/nginx/htpasswd exampleuser

For the match based on hostname you could use a third party module like the one described here using this rDNS 

rdns_allow developers\.example\.com;
Federico Galli
  • 908
  • 6
  • 16
  • Hi, Thanks, it answers 66% of my questions :) Any idea how to allow based on the subdomain? Some dev instances, we open up completely because there might be a callback that we don't want blocked by HTTP auth. For instance: 1429-new-checkout.oursite.co – Samuurai Oct 11 '17 at 15:36
  • As for the "satisfy" module http://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy is does not look possible to allow based on domain names. I've found a "not tested by me" third party solution – Federico Galli Oct 12 '17 at 09:28