Skip to main content

Protected Pages

Some docs may need permissions, such as staff rules or PD pages.

For Discord role-based permissions, use the Discord RBAC Gateway.

Important Static Site Warning

Docusaurus is a static site generator. That means the built site is HTML, CSS, and JavaScript files.

Do not rely on hidden sidebar links or client-side checks for security. If something is truly private, protect it at the server level or put it in a separate private docs site.

The safest options are:

  1. Keep public docs on docs.nextgendevstudios.dev.
  2. Put highly restricted docs on a separate protected subdomain, such as staffdocs.nextgendevstudios.dev.
  3. Protect the private site with Discord RBAC, Nginx basic auth, Cloudflare Access, Tailscale, VPN, or another real access-control layer.

Current Restricted Page URLs

These pages are intended to be protected:

https://docs.nextgendevstudios.dev/docs/staff-rules
https://docs.nextgendevstudios.dev/docs/pd
https://docs.nextgendevstudios.dev/docs/lspd
https://docs.nextgendevstudios.dev/docs/ems
https://docs.nextgendevstudios.dev/docs/staff

The public rules page is:

https://docs.nextgendevstudios.dev/docs/rules

Basic Auth Setup

Basic auth is the fastest option, but it does not check Discord roles.

Install the password utility:

apt install -y apache2-utils

Create a password file:

htpasswd -c /etc/nginx/.streetsdocs-private staffadmin

Add another user later:

htpasswd /etc/nginx/.streetsdocs-private username

Nginx Example

This protects the visible page routes:

location = /docs/staff-rules {
    auth_basic "Restricted Docs";
    auth_basic_user_file /etc/nginx/.streetsdocs-private;
    try_files $uri $uri/ /index.html;
}

location ^~ /docs/staff-rules/ {
    auth_basic "Restricted Docs";
    auth_basic_user_file /etc/nginx/.streetsdocs-private;
    try_files $uri $uri/ /index.html;
}

location = /docs/pd {
    auth_basic "Restricted Docs";
    auth_basic_user_file /etc/nginx/.streetsdocs-private;
    try_files $uri $uri/ /index.html;
}

location ^~ /docs/pd/ {
    auth_basic "Restricted Docs";
    auth_basic_user_file /etc/nginx/.streetsdocs-private;
    try_files $uri $uri/ /index.html;
}

After editing Nginx:

nginx -t
systemctl reload nginx

Safer Private Subdomain Pattern

For truly private content, create a separate private docs deployment:

Public: https://docs.nextgendevstudios.dev
Private: https://staffdocs.nextgendevstudios.dev

Then put all private pages and assets behind auth together.

This avoids accidentally exposing private text through static JavaScript bundles.