SWAG (Secure Web-server And Gateway) sets up an NGINX webserver and reverse proxy with PHP support and a built-in swag client that automates free SSL server certificate generation and renewal processes. It also contains fail2ban for intrusion prevention.
If this is your first time learning about NGINX, proxies, or and Let's Encrypt, we highly recommend you read over the official guide for the container.
To configure your reverse proxy, consider if you want to use subfolders (ie. domain.com/portainer) or subdomains (ie. portainer.domain.com). Subdomains will take more configuration, as DNS entries and certificate subject alternate names are required.
The first thing to setup is your domain and email settings in
SWAG. Set the
SWAG_URL. If using subdomains ensure to add each subdomain to
SWAG_SUBDOMAINS as each subdomain prefix (e.g.
There are a number of sample proxy configuration files found in
~/.config/appdata/swag/nginx/proxy-confs/ and in most cases will just need the .sample removed from the filename. Currently not every applicable app has an example configuration and are still being tested.
cp ~/.config/appdata/swag/nginx/proxy-confs/portainer.subfolder.conf.sample ~/.config/appdata/swag/nginx/proxy-confs/portainer.subfolder.conf
This will make Portainer available at
cp ~/.config/appdata/swag/nginx/proxy-confs/portainer.subdomain.conf.sample ~/.config/appdata/swag/nginx/proxy-confs/portainer.subdomain.conf
and will enable the service at
Each time you change a proxy conf file you will need to restart the Swag container:
docker restart swag