Include a GPG or SHA256 signature with every v723install package. The client must verify the signature before executing.
location /v723install auth_basic "Restricted Installation"; auth_basic_user_file /etc/nginx/.htpasswd; http v723install
# On client side: wget http://example.com/v723install.sh wget http://example.com/v723install.sh.sig gpg --verify v723install.sh.sig v723install.sh Protect the /v723install endpoint with HTTP Basic Auth or an API key. Include a GPG or SHA256 signature with every