Hello,
I’ve been using SWAG for a while now and have it configured to route a number of sub-domains that I operate to the appropriate back-end systems.
However, right now if you specify a non-configured sub-domain (for example fake.mydomain.duckdns.org) then it still routes to the default SWAG website without prompting for any sort of auth (all other sub-domains are configured to use Authelia).
I don’t actually want the NGINX instance contained in SWAG to serve the default site because I don’t have a need for it. So, can anyone please tell me how to:
- Disable the site entirely so you can only route to configured sub-domains.
or 2. At least force it so that Authelia auth is used when routing to the default site.
Grateful for any help that can be offered.
Thanks
Pete
You can edit the default server block in the site conf to serve a 404 or deny access
That’s great. Can you give me a bit more of an idea as to how to do that please?
Below is what I have in my default config. Then all the other services are defined in additional files which sit in the same folder.
## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/default
error_page 502 /502.html;
# redirect all traffic to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# main server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /config/www;
index index.html index.htm index.php;
#set_real_ip_from 172.0.0.0/8;
#real_ip_header X-Forwarded-For;
server_name _;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
# enable for ldap auth
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
# enable for geo blocking
# See /config/nginx/geoip2.conf for more information.
#if ($allowed_country = no) {
#return 444;
#}
client_max_body_size 0;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;
Hi @wiredworm @aptalca
Can you tell me how you got this?
Thanks!!
I think that by commenting out the index line and removing “/index.html /index.php?$args” from try_files should do the trick