diff --git a/src/main/java/com/honey/honey/config/AdminSecurityConfig.java b/src/main/java/com/honey/honey/config/AdminSecurityConfig.java
index c84fe8d..c9b9c54 100644
--- a/src/main/java/com/honey/honey/config/AdminSecurityConfig.java
+++ b/src/main/java/com/honey/honey/config/AdminSecurityConfig.java
@@ -64,7 +64,8 @@ public class AdminSecurityConfig {
     /**
      * Swagger/OpenAPI docs: permitAll with highest precedence so the default Spring Boot chain
      * (which requires auth for /**) never handles these paths. Includes webjars and resources
-     * so the UI can load CSS/JS.
+     * so the UI can load CSS/JS. Also matches /api/swagger-ui/** and /api/v3/api-docs/** so
+     * Swagger behind nginx at a secret path (e.g. /secret/swagger-ui/ -> /api/swagger-ui/) is public.
      */
     @Bean
     @Order(Ordered.HIGHEST_PRECEDENCE)
@@ -76,7 +77,14 @@ public class AdminSecurityConfig {
                 new AntPathRequestMatcher("/v3/api-docs/**"),
                 new AntPathRequestMatcher("/webjars/**"),
                 new AntPathRequestMatcher("/swagger-resources/**"),
-                new AntPathRequestMatcher("/configuration/**")
+                new AntPathRequestMatcher("/configuration/**"),
+                new AntPathRequestMatcher("/api/swagger-ui/**"),
+                new AntPathRequestMatcher("/api/swagger-ui.html"),
+                new AntPathRequestMatcher("/api/v3/api-docs"),
+                new AntPathRequestMatcher("/api/v3/api-docs/**"),
+                new AntPathRequestMatcher("/api/webjars/**"),
+                new AntPathRequestMatcher("/api/swagger-resources/**"),
+                new AntPathRequestMatcher("/api/configuration/**")
         );
         http
                 .securityMatcher(swaggerMatcher)