From 5637d9ffb1b87c20636b36a44f3cb8ae9d77fd3c Mon Sep 17 00:00:00 2001
From: hellblazer315 <78935529+hellblazer315@users.noreply.github.com>
Date: Mon, 11 Nov 2024 09:06:31 -0500
Subject: [PATCH] Update dashboard.subdomain.conf.sample

Changed from explicit IP ranges to using an included config file. Recommend this shouldn't be merged upstream unless https://github.com/linuxserver/docker-swag/pull/520 is as well.

Signed-off-by: hellblazer315 <78935529+hellblazer315@users.noreply.github.com>
---
 .../dashboard/dashboard.subdomain.conf.sample | 24 +++++++------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/root/dashboard/dashboard.subdomain.conf.sample b/root/dashboard/dashboard.subdomain.conf.sample
index 45e4ce07..b5238d29 100644
--- a/root/dashboard/dashboard.subdomain.conf.sample
+++ b/root/dashboard/dashboard.subdomain.conf.sample
@@ -34,10 +34,8 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
-        allow 10.0.0.0/8;
-        allow 172.16.0.0/12;
-        allow 192.168.0.0/16;
-        deny all;
+        # Only permit access from internal IP Addresses
+        include /config/nginx/internal.conf
 
         try_files $uri $uri/ /index.php$is_args$args =404;
     }
@@ -56,10 +54,8 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
-        allow 10.0.0.0/8;
-        allow 172.16.0.0/12;
-        allow 192.168.0.0/16;
-        deny all;
+        # Only permit access from internal IP Addresses
+        include /config/nginx/internal.conf
 
         fastcgi_split_path_info ^(.+\.php)(.*)$;
         fastcgi_pass 127.0.0.1:9000;
@@ -104,10 +100,8 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
-        allow 10.0.0.0/8;
-        allow 172.16.0.0/12;
-        allow 192.168.0.0/16;
-        deny all;
+        # Only permit access from internal IP Addresses
+        include /config/nginx/internal.conf
 
         try_files $uri $uri/ /index.php$is_args$args =404;
     }
@@ -126,10 +120,8 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
-        allow 10.0.0.0/8;
-        allow 172.16.0.0/12;
-        allow 192.168.0.0/16;
-        deny all;
+        # Only permit access from internal IP Addresses
+        include /config/nginx/internal.conf
 
         fastcgi_split_path_info ^(.+\.php)(.*)$;
         fastcgi_pass 127.0.0.1:9000;