Skip to content

Instantly share code, notes, and snippets.

@RickCogley

RickCogley/1. Readme.md

Last active March 19, 2025 11:20
Show Gist options
  • Save RickCogley/8dfb8a0d921116b8894ebf146c8772a8 to your computer and use it in GitHub Desktop.
Save RickCogley/8dfb8a0d921116b8894ebf146c8772a8 to your computer and use it in GitHub Desktop.
Download ZIP
Lume build with basic auth on Netlify
Raw
1. Readme.md

It's by no means strong security, but if you are on a paid plan, you can set basic auth for Lume sites being hosted on Netlify, by copying a template headers file into _headers when you build. Normally I do this for non-production branches, to give better security than nothing. Advanced treatments cost a lot more in subscription fees from Netlify, so this is just a "poor man's" security, really.

Log into your netlify UI, and set environment variables for your project BASIC_AUTH_USER and BASIC_AUTH_PASSWORD, setting their values how you like.

Create a headers-temp file in your site root:

/*
  Basic-Auth: ${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD}

Then in your netlify.toml config file, alter your build steps to use envsubst to copy that template headers-temp to the production _headers substituting in the credentials where the env var placeholders are:

[build]
  publish = "_site"
  [context.production]
    command = """
      curl -fsSL https://deno.land/x/install/install.sh | sh && \
      /opt/buildhome/.deno/bin/deno task build && \
      tree . > _site/esolia_blog_tree.txt
    """
  [context.deploy-preview]
    command = """
      curl -fsSL https://deno.land/x/install/install.sh | sh && \
      /opt/buildhome/.deno/bin/deno task build && \
      tree . > _site/esolia_blog_tree.txt && \
      envsubst < headers-dev > _site/_headers
    """
  [context.branch-deploy]
    command = """
      curl -fsSL https://deno.land/x/install/install.sh | sh && \
      /opt/buildhome/.deno/bin/deno task build && \
      tree . > _site/esolia_blog_tree.txt && \
      envsubst < headers-dev > _site/_headers
    """
...

This assumes your site is being built into _site, so if you've changed that in your Lume config, update it here. You'll notice context "production" is left open, while the other contexts are protected by the set credential. Finally, notice the tree command: that's optional of course, and it's just creating a file from the output of tree.

Tip

Did you know that if you're using a company system that is being managed by Intune, it's possible there's a policy that blocks basic auth usage. If that's the case, either use a different browser or get with your M365 manager to loosen up the policy to allow basic auth to be used. We got bitten by this and it took a while to figure it out!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment