Putting Ardour behind SWAG

Hey,

I’ll preface this by confirming I’m a total noob when it comes to configuring proxies and stuff.

I’m trying to put the Ardour docker provided by linuxserver.io behind SWAG using a subfolder, but I get a 500 internal server error (I don’t have this issue with the other dockers).

Could someone please help?

I did put /ardour/ in the subfolder variable in the docker setup, and here is what I put on the ardour.subfolder.conf (no sample was available)

location /ardour {
    # Enable HTTP Basic Authentication
    auth_basic "Restricted Area";
    auth_basic_user_file /config/nginx/.htpasswd;
    
    # GEOBLOCK
    if ($lan-ip = yes) { set $geo-whitelist yes; }
    if ($geo-whitelist = no) { return 404; }
    
    # Add security headers to enforce HTTPS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Enable proxy_cache_bypass for better user experience with dynamic content
    proxy_cache_bypass $cookie_session;
    
    # Remove /ardour prefix when forwarding to backend
    rewrite /ardour(.*) $1 break;
    
    # Forward to backend server (adjust to your actual internal service URL)
    proxy_pass http://<ip address>:3000;
    
    # HTTP headers for proxying
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;  # Explicitly set protocol to HTTPS
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port 443;     # Explicitly set port to 443 (HTTPS)
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    
    # Adjust timeout settings
    proxy_connect_timeout 60s;
    proxy_send_timeout 60s;
    proxy_read_timeout 60s;
    
    # Additional security headers
    proxy_hide_header X-Powered-By;
    proxy_hide_header Server;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";
    add_header Content-Security-Policy "upgrade-insecure-requests;";
    
    # Fix potential redirects - ensures redirects maintain the /ardour path
    proxy_redirect off;
}

# Deny direct access to sensitive files
location /ardour/config {
    deny all;
    return 403;
}