Nginx: Allow $IP(s), HTTP authentication for others

Lets say you wanted to auth any HTTP connections outside your local lan. You can totally do that with nginx. Here's the configuration bit that does it:

satisfy any;

allow 192.168.1.0/24;
deny all;

auth_basic "Restricted";
auth_basic_user_file htpasswd;

I just saved that as "httprotect.inc" in my /etc/nginx/ directory, then do 'include httprotect.inc;' in the site-specific block(s) I want HTTP authentication. Simple and effective.

Please don't forget to redirect to SSL before you ask for HTTP authentication. That's as simple as doing the redirection higher up than the 'include httprotect.inc;' line.