Protecting virtual hosts and directories

You can block access to your any virtual host using the normal Nginx syntax, in your ___general/example.com.conf file

satisfy any;

allow x.x.x.x;

auth_basic "Login";
auth_basic_user_file /microcloud/data/domains/x/domains/x/___general/.htpasswd;

deny all;

You should put the .htpasswd in the ___general directory.

Directive Purpose
satisfy any This means that the authentication will be performed either by username/password, or by IP address. It can be changed to satisfy both to authenticate by both IP and username/password
allow x.x.x.x; Where x.x.x.x is an IP address/subnet, you can repeat this line as many times as desired to permit access by IP

Adding users

As we use Nginx on MageStack, the Apache htpasswd utility is not installed, however, as it uses a standard crypt format, you can generate the format via command line.

The following command will add a user user and a password password to the .htpasswd file (assuming your current working directory is ___general).

printf "user:$(openssl passwd -1 password)\n" >> .htpasswd

Subdomains

If you want to protect a subdomain, then the best solution is to add the subdomain as a new virtualhost (rather than using dynamic a subdomain). Then you can configure the ___general/example.com.conf file to suit.

Subdirectories

To protect a sub-directory, a similar process to above is repeated, you merely need to define the appropriate location that it refers to.

Eg. To protect /secret

location ~* ^/(index.php/)?secret {
  satisfy any;

  allow x.x.x.x;

  auth_basic "Login";
  auth_basic_user_file /microcloud/data/domains/x/domains/x/___general/.htpasswd;

  deny all;

  location ~* \.(php) {
    include fastcgi_params;
  }
  try_files $uri $uri/ /secret/index.php @bootstrap;
}
Directive Purpose
fastcgi_params This ensures that PHP files are processed and not downloaded by the browser
try_files This is required to process any static files or to re-direct to a specific file if the URL doesn't exist
@bootstrap This is a last-resort for requests and redirects all requests to the Magento bootstrap Ie. /index.php