Skip to content

Setup SWAG

Overview

SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encryptâ„¢) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.

Important Docker Files

.env file

.env
NAME=swag
ID=1000
TZ=America/New_York
APPDATA=
DOMAIN=
EMAIL=

docker-compose.yml file

docker-compose.yml
services:
  swag:
    image: lscr.io/linuxserver/swag
    container_name: ${NAME}
    cap_add:
      - NET_ADMIN
    environment:
      PUID: ${ID}
      PGID: ${ID}
      TZ: ${TZ}
      URL: ${DOMAIN}
      VALIDATION: dns
      SUBDOMAINS: wildcard
      DNSPLUGIN: cloudflare
      EMAIL: ${EMAIL}
      SWAG_AUTORELOAD: true
      DOCKER_HOST: ${NAME}-docker-proxy
      DOCKER_MODS: lscr.io/linuxserver/mods:swag-dashboard|lscr.io/linuxserver/mods:universal-docker|lscr.io/linuxserver/mods:swag-auto-proxy
    volumes:
      - ${APPDATA}/${NAME}/config:/config
    ports:
      - 443:443
    restart: unless-stopped
    networks:
      - main
      - internal
    labels:
      com.centurylinklabs.watchtower.enable: true
  swag-docker-proxy:
    image: lscr.io/linuxserver/socket-proxy
    container_name: ${NAME}-docker-proxy
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - internal
    environment:
      CONTAINERS: 1
      POST: 0
    labels:
      com.centurylinklabs.watchtower.enable: true
networks:
  main:
    external: true
  internal:
    external: true

Start the Container

Start the Container
docker compose up -d