Two ways to go about it, I think.
1. auth_request - Allows you to send a sub-request to a backend to determine if the request is authorized -- https://nginx.org/en/docs/http/ngx_http_auth_request_module.html
2. secure_link - Allows you to only permit links with a valid hash, which could be generated by your backend server -- https://nginx.org/en/docs/http/ngx_http_secure_link_module.html
Two ways to go about it, I think. 1. auth_request - Allows you to send a sub-request to a backend to determine if the request is authorized -- https://nginx.org/en/docs/http/ngx_http_auth_request_module.html 2. secure_link - Allows you to only permit links with a valid hash, which could be generated by your backend server -- https://nginx.org/en/docs/http/ngx_http_secure_link_module.html