Protecting review apps with basic auth

I’ve built my CI so on every pull request a review app is created.

I don’t want anyone to be accessing these review apps but only me and whoever I want to give access to.

I thought that a very simple solution could be to put basic auth at a proxy level, but I don’t know if there is a way to configure the Fly proxy for that and only for review apps.

Could someone point me in the right direction?

For context, I’m building a Phoenix app, but before writing any code for this in my app I wanted to explore the idea of doing it at a proxy level so requests don’t even reach the server if not authorized

there isn’t a built-in way to do this, but what I would probably do is remove IP assignments from your review apps and then use fly-replay from a router app that checks basic auth.

I’ve never heart about fly-replay, I will give it a look and write back if I have any questions! And obviously try to summarize the solution if I get to implement it for future developers with the same use case as me:)

Thank you!

Unless you’re expecting high levels of traffic, I’d just use a plugin: