First, this would probably be more appropriate for Serverfault. With that in mind...
If I had to keep my dev environment in my home folder, I'd create a symlink in /var/www that ties to the dev folder.
As far as securing it, I don't know if this is still a recommended or viable way of handling secure access, but it seems like http://www.codinglogs.com/blog/server-management/vps-setup-guide/nginx-password-protect-web-directory might be the way to go as long as you feel secure using a username/password combination. Another valid answer (also on stackoverflow) would be password protect /backoffice folder in nginx.
If you want something more secure, the next step would probably firewall rules.