While setting up a new website, I wanted to work on articles and tweaking things before actually launching to the public, so I needed a simple way to keep everybody else out until it was all ready to go. So I used the nginx access control feature to accomplish it.
It would have been more secure to setup nginx HTTP Auth instead and prompt for a username and password, and since it wouldn’t be tied to an IP address, it would have also allowed me to use my mobile devices to access the site even while out of the office. But if you’ve ever used HTTP auth you know that it’s extremely annoying, especially on mobile, to have to enter your credentials all the time.
So instead, I used a simple IP address allow rule for my office IP, and blocked everything else.
Open up your nginx.conf file (or whichever nginx…