admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

added more api urls to immich

Browse Source
This commit is contained in:
authentik Default Admin
2026-01-20 18:19:23 +01:00
parent 3cdcf44641
commit 07a11f37a8
1 changed files with 21 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
immich-system/immich.yaml
+16 -30
View File
@@ -481,41 +481,27 @@ metadata:
set $geo_allowed 0;
# Allow private/local networks
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
# Allow all Hungarian traffic
if ($geoip2_country_code = "HU") {
set $geo_allowed 1;
}
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
# Allow public share paths from anywhere
if ($request_uri ~* "^/share/") {
set $geo_allowed 1;
}
# Public share paths
if ($request_uri ~* "^/share") { set $geo_allowed 1; }
# API endpoints needed for shared content
if ($request_uri ~* "^/api/shared-links") {
set $geo_allowed 1;
}
# API endpoints needed for shares
if ($request_uri ~* "^/api/shared-links") { set $geo_allowed 1; }
if ($request_uri ~* "^/api/assets") { set $geo_allowed 1; }
if ($request_uri ~* "^/api/albums") { set $geo_allowed 1; }
if ($request_uri ~* "^/api/server") { set $geo_allowed 1; }
if ($request_uri ~* "^/api/users/me") { set $geo_allowed 1; }
# Assets for shared albums (thumbnails and originals)
if ($request_uri ~* "^/api/assets/.*/thumbnail") {
set $geo_allowed 1;
}
if ($request_uri ~* "^/api/assets/.*/original") {
set $geo_allowed 1;
}
# Static assets
if ($request_uri ~* "^/_app/") { set $geo_allowed 1; }
if ($request_uri ~* "\.(js|css|woff2?|ttf|svg|png|ico|jpg|jpeg|webp)$") { set $geo_allowed 1; }
# Static assets needed for share page rendering
if ($request_uri ~* "^/_app/") {
set $geo_allowed 1;
}
if ($request_uri ~* "^/favicon") {
set $geo_allowed 1;
}
if ($request_uri ~* "\.(js|css|woff2?|ttf|svg|png|ico)$") {
set $geo_allowed 1;
}
# Block non-allowed requests
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}