I use my personal website when testing web applications before they are mature enough to go in production on a dedicated server/website (distinct from my own). I am not a professional though, these are just side projects so there is no clear routine there and I don't have easy access to multiple machines or domains to clearly split things during the testing phase.
Therefore, when I need to share a test applicaton with collaborators, I set up restricted access with credentials, and users end up on domain.tld/subfolder. domain.tld is public and there is nothing to hide, but I don't want collaborators invited to check out /subfolder/
to be tempted to browse the full website or even know what the domain name is, it simply is not what I want them to preview.
Can I avoid that, and maybe prevent their browser from showing the domain name if they reach the test application using https://IP:PORT? The test application doesn't need to be indexed by search engines, it is not publicly available anyway.
I use Caddy as webserver but I do not know if this would be achieved with the webserver or some other way. This is what the relevant part of my caddyfile looks like:
domain.tld, www.domain.tld {
tls [email protected]
# Main website
root * /var/www/domain.tld/website
# Serve subfolder for testapplication and restrict access
rewrite /subfolder /work/testapplication.html
route /subfolder* {
basicauth {
username1 hashpasswordLKAJAJDLKALDJALDJLAJD
}
reverse_proxy localhost:8002
}
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
For convenience, I would like to keep serving to domain.tld/subfolder just in case (and for my own use), but would only share https://IP:PORT to those who don't need to know about domain.tld.