[brainfire]

There's a configuration option in the omnibus CE config file to add additional lines to the built-in nginx configuration, it seems pretty straightforward to me - although we use a different web server so that we can integrate with our SSO, so I haven't tried it.

[zschuessler]

You are correct! The implementation is strange, however. I'm not able to directly override any of the nginx settings already set. As there is no route overriding in nginx, this makes things real tough in trying to allow/deny access by route.

The hacky workaround is to create a more specific regex to override any existing routes. So "Location /" becomes "Location /(.*)"

Other alternatives like running your own nginx configuration or apache2 is possible, but no current documentation exists (some is available, but it is outdated and following steps results in a landslide of errors). Plus I don't like the idea of using a different configuration as far as new updates breaking my instance goes.

This is just one example as well - and one I chose because simple IP allow/deny IMO is not an enterprise feature, but a very common use case for anyone running CE.