Hello, sorry if this has already been asked. I searched and couldn’t find anything.
I have SWAG setup and everything is working fine. I would like to feed a service through the proxy and use the subdomain for access. But, I would like to restrict access to the service to my LAN only. This is how the SWAG dashboard is configured and I would like to duplicate that for other services.
For example, lets say I have Plex and Overseerr configured to plex. mydomain .com and overseerr .mydomain .com. I would like Plex publicly available for friends/family. But, I would like to restrict Overseerr to my LAN only so only people at my home will make requests while still using overseerr.mydomain.com.
How can I edit the Overseerr SWAG config to restrict access to 192.168.x.0/24?
I attempted to reverse engineer the Dashboard .conf file with no luck.
Thank you.
1 Like
Nginx allow/deny directives: Module ngx_http_access_module
If I understand correctly, you want to deny access outside of your LAN to some services. I implemented a solution for this. I’m not sure if it is the correct solution, but it works for me. I have created a file called “blockwan.conf” with the following lines:
location @blockwan {
return 444;
}
allow 192.168.1.0/24; #<---Enter your LAN subnet here
deny all;
error_page 403 @blockwan;
…And saved it in the nginx folder with the other include files
The “location @blockwan” block sets up a destination returning an error code of 444 (instructs nginx to close the connection without sending a response to the client).
The next block allows the local subnet access to the service, and denies anything else with a 403 error redirecting 444 to the requestor. You can place multiple LAN subnets on separate lines if you need more.
Once I had the file created, I place this as an include in the conf file of whichever service I want to block from the internet. I put this right after the server name in the server block. For example (bitwarden.subdomain.conf):
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bitwarden.*;
# enable blockwan for blocking WAN access
include /config/nginx/blockwan.conf;
include /config/nginx/ssl.conf;
1 Like
Thank you, both. I kept searching for solutions for SWAG and I don’t know why it never crossed my mind that it is still just nginx. I was able to solve my problem using these answers.
Thanks again!
2 Likes