Letsencrypt | prevent access to subfolder if not authenticated at main page

Hello everyone. I’ve deployed the letsencrypt container and have set heimdall as my first application sitting behind the reverse proxy and it’s working great so far. Now, what I would like to configure is some form of authentication prior to accessing heimdall that is good for any backend service (i.e., jellyfin, nextcloud, etc) so some form of SSO. At the same time, if I go to https://domain.com/jellyfin, for example, and I’m not authenticated, I’m either redirected back to an initial login page or just flat out present me with an error. Not sure if authelia can do this or if I can do this with cookies or some other app. Sorry for my ignorance if this is something simple. Thanks in advance.

Authelia can do this and we’re currently working within the team to square this away and do some blog posts. In the meantime if you want to get familiar with OpenLDAP that would be very handy for using single creds across JF/Authelia/Nextcloud.

As for your JF problem, you need to post some config files and our LetsEncrypt container does come with preconfigured reverse proxy configs. IIRC Jellyfin has to be (or at least used to be in the past) hosted on a subdomain due to an inability to set a base URL. This may have changed, but would need to be an upstream setting.

This is great news! Can’t wait for this. For now I’ll just use basic auth and I’ll start playing around with OpenLDAP.

Regarding your comment on Jellyfin, I was taking a look at my deployment of it and it does appear to support a base URL:

But looking through their documentation, it does appear to break things like DLNA, Sonarr, Radarr, etc so that might not be a good thing. I’m using FreeDNS so I will probably have to move to DuckDNS then. Thanks for the guidance. I’ll start looking into setting up OpenLDAP and at least get all of these backend services configured with that while I wait for the blog post.

Regarding subfolders, being honest I used to cram everything onto one domain as far as possible and did so for a number of years, it became a nightmare to maintain and I switched everything to subdomain and wouldn’t hesitate to recommend it for ease of use of deployment and maintenance.