Hi everyone. I want to give friends and family access to my Jellyfin server without making them install and set up Wireguard on all of their devices (not to mention devices like Smart TVs which can't connect to VPNs), so I'm doing it via an nginx reverse proxy.

I'm trying to figure out a good way to introduce a sort of whitelist/authentication system so that my services aren't just exposed to the whole internet. An idea I've had is to use HTTP basic authentication with a good password, and then automatically whitelist IPs that supply valid credentials for a certain amount of time, say, 30 days.

Is this even possible? I've read through a good chunk of the nginx documentation and can't find a way to set up a hook that triggers when someone submits a username and password. Would really appreciate it if someone could help me out here, thanks.