Security - exodus4d/pathfinder GitHub Wiki
When you are done with the setup process, you probably want to protect the /setup path from being accessible by other users.
Directory protection for Nginx servers
1. Add a new location block to your server block that should be protected
location /setup {
auth_basic "Setup Login";
auth_basic_user_file /etc/nginx/.setup_pass;
try_files $uri $uri/ /index.php?$query_string;
}
2. Create the .setup_pass file
$ htpasswd -c /etc/nginx/.setup_pass username
When you run the above command, it will prompt you for a password for the provided username, and then create the file .htpasswd in the folder you specified. If you already have a pre-existing password file, you can omit the -c flag. You can use the -D flag to remove the specified user from a password file.