Here is the video I followed for SWAG. Note that this (and most of IBRACORP’s guides, which are all fantastic) uses Unraid as the OS, which automates a lot of the processes.
And here is a written guide by the same group to go with or replace the video if this is more your speed: https://docs.ibracorp.io/swag-2/
I’ll be honest, even for “beginners” (which I was when I started this) this is still a lot to take in. Let me know if you run into any specific questions and I can try to help you.
Yeah that’s a good point. The joke is mostly for my own enjoyment or any random user who happens to forget the jellyfin. subdomain.
I have had a few hits to /wp-admin, but cloudflare actually blocks those for me (I don’t use a tunnel but I do use them for the domain name which helps a bit). I might just shut down the main page then.
While technically not strictly necessary, it adds more robust authentication methods, and makes it easier to build out other apps if you want to in the future without having to re-do the sign-in process for all of your users. You can have things like 2fa and other things that make it harder for bots to get in and easier for users to stay in. It also makes it easier to keep track of login attempts and notice compromised accounts.
Edit: There are also alternatives like authelia that may be easier to implement. I don’t really trust most web apps to be ultra secure with internet-facing sign-in pages so it just feels like “good practice” to hide behind an auth service whose sole purpose is to be written and built securely. Plus once you learn how to set up fail2ban with an auth service, there will be no need to re-learn or re-implement it if you add a 2nd app/service. Very modular and makes testing and adding new things much easier.
Another benefit is that it has a nice GUI. I can look at logins, add services, stuff like that without touching config files which will be nice for those who don’t like wading through text files to change config.
I used several separate guides plus help from a friend. Check out space invader one’s YouTube channel. I’m not at my pc right now but I can gather some of the tutorials I used when I get back.
I kept the main domain open, but redirected it to a rickroll
SWAG reverse proxy with a custom domain+subdomain, protected by authentik and fail2ban. Easy access from anywhere once it’s set up. No vpn required, just type in the short subdomain.domain.com and sign in (or the app keeps me signed in)
It can pass through. There is even an official Authentik guide on the various methods specifically for Jellyfin: https://integrations.goauthentik.io/integrations/services/jellyfin/
Same with Authelia, though I don’t have a link for that on hand.