Main Question:
If I put up a basic HTML site and then add Basic Auth, will there be rate-limiting and monitored by Fail2Ban? Are the passwords just saved in plain text?
Backstory:
I have a dashboard that has no login/authentication. It's for Shlink, a self-hosted URL shortener the back end is secure, but the front end is a PWA you can use anywhere but if you want it on a neat domain you need to host it somewhere.
I already have the backend up and running, used WordOps to make a MySQL site with PHP8.2. Minor adjustments to the nginx conf for the site. Installed and working. I figured for ease of access I just wanted to put the optional front end on an admin.domain.tld type of thing, but it needs to be access-restricted.
