Grimoire Linuxserver SWAG Subdomain Configuration

[Icexist]

I couldn't find any information about this, but I figured it out and now thought I'd share.

I use Linuxserver SWAG as my reverse proxy and wanted to spin up Grimoire.

Setup steps:

Clone the repository as described in the normal documentation

Update the .env file

# Set it if you're using external PocketBase installation (default: http://pocketbase)
# Example: PUBLIC_POCKETBASE_URL=https://grimoire.mydomain.com:8090
PUBLIC_POCKETBASE_URL=https://grimoire.domain.com/pb
# RECOMMENDED: Change this to your email
ROOT_ADMIN_EMAIL=email # If it has a . before @, put it in double quotes
# RECOMMENDED: Use a secure password. Can be later changed in PocketBase's admin panel
ROOT_ADMIN_PASSWORD=hunter2
# Set this to your domain name (default: http://localhost:5173)
# Example: PUBLIC_ORIGIN=grimoire.mydomain.com
PUBLIC_ORIGIN=https://grimoire.domain.com
# Set this to true if you're using HTTPS (default: false)
# Example: PUBLIC_HTTPS_ONLY=true
PUBLIC_HTTPS_ONLY=true
# Change to the port you want the app to listen on (default: 5173)
# Example: PORT=80
PORT=5173
# Set this to true if you want to disable public signups (default: false)
PUBLIC_SIGNUP_DISABLED=true

Update the docker-compose.yml file

In my case, I have my SWAG docker network named lsio so, to each service add:

networks:
  - lsio

Then, add the network definition:

networks:
  lsio:
    driver: bridge
    name: lsio
    external: true

Run docker compose up -d

Set the SWAG Nginx Reverse Proxy subdomain definition

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name grimoire.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 10M; # i guessed here. probably could remain 0

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app grimoire;
        set $upstream_port 5173;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    # The location regex here must select internal as there are calls to 
    # both PUBLIC_ORIGIN/internal/pb AND to PUBLIC_POCKETBASE_URL
    location ~ (/internal)?/pb {
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app grimoire-pocketbase;
         set $upstream_port 80;
         set $upstream_proto http;
     
         # Rewrite to remove the /internal/pb or /pb from the request
         rewrite ^(/internal)?/pb/(.*) /$2 break;

         # Pass rest of proxy
         proxy_pass $upstream_proto://$upstream_app:$upstream_port$uri$is_args$args;
     }
}

Restart SWAG