Fully translated (but some work to do about urls)

2025-07-04 12:54:44 +00:00
parent acdebcb682
commit e9ccda2e14
26 changed files with 1002 additions and 846 deletions
--- a/content/3.serveex/2.core/3.swag.md
+++ b/content/3.serveex/2.core/3.swag.md
@@ -1,223 +0,0 @@
---
-navigation: true
-title: SWAG
-main:
-  fluid: false
---
-:ellipsis{left=0px width=40rem top=10rem blur=140px}
-# SWAG
-
-::alert{type="info"}
-🎯  __Goals:__
- Install Swag
- Enable SSL
- Access the dashboard
- Configure regional blocking
- Expose Dockge
-::
-
-[Swag](https://docs.linuxserver.io/general/swag/) is the core of this homelab. It is a powerful reverse proxy that allows you to expose services on the internet via domain names, handling SSL certificates, request routing, and access security. Full documentation is [available here](https://docs.linuxserver.io/general/swag).
-
-::alert{type="warning"}
-:::list{type="warning"}
- SWAG is only useful if you plan to expose your services on the internet (e.g., `https://service.mydomain.com`). If you prefer to use a VPN instead, skip to [this section](/serveex/securite/wireguard).
-:::
-::
-
-Below is an example for exposing Dockge. We'll install SWAG, the dbip mod for geo-blocking, and the dashboard mod for managing SWAG, fail2ban, and geolocation.
-
-**What is a reverse proxy and how it works for us:**
-
-![Picture](/img/serveex/reverse-proxy.svg)
-
-## Installation
---
-
-::alert{type="info" icon="exclamation-circle"}
-:::list{type="info"}
- This tutorial assumes you have a domain name pointing to your server, and a NAT rule forwarding port `443` to your server. Example domain: `mydomain.com`.
-:::
-::
-
-File structure we'll edit:
-
-```console
-root
-└── docker
-    └── swag
-        ├── config
-        │   ├── dns-conf
-        │   │   └── ovh.ini
-        │   └── nginx
-        │       ├── dbip.conf
-        │       ├── nginx.conf
-        │       └── proxy-confs
-        │           └── dockge.subdomain.conf      
-        ├── compose.yml
-        └── .env
-```
-
-Open Dockge, click `compose`, name the stack `swag`, and paste this config:
-
-```yaml
-services:
-  swag:
-    image: lscr.io/linuxserver/swag:latest
-    container_name: swag
-    cap_add:
-      - NET_ADMIN
-    env_file:
-      - .env
-    environment:
-      - TZ=Europe/Paris
-      - URL=${DOMAIN}
-      - EXTRA_DOMAINS=${DOMAINS}
-      - SUBDOMAINS=wildcard # couvre les sous-domaines
-      - VALIDATION=dns
-      - DNSPLUGIN=${PLUGIN}
-      - EMAIL=${EMAIL}
-      - DOCKER_MODS=linuxserver/mods:swag-dbip|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-reload
-    volumes:
-      - /docker/swag/config:/config
-    ports:
-      - 80:80
-      - 443:443
-      - 81:81 # Nécessaire pour le dashboard
-    restart: unless-stopped
-    networks:
-      - swag
-
-networks:
-  swag:
-    name: swag_default
-
-```
-
-::alert{type="success"}
-✨ __Tip:__
-Add a watchtower label to auto-update containers:
-
-```yaml
-services:
-  swag:
-    #...
-    labels:
-      - com.centurylinklabs.watchtower.enable=true
-```
-::
-
-In your `.env`:
-
-```properties
-DOMAIN=
-DOMAINS=
-EMAIL=
-PLUGIN=
-```
-
-Fill in the values:
-
-| Property  | Value | Examples |
-|-----------|-------|----------|
-| DOMAIN | Your main domain | mydomain.com |
-| DOMAINS | Other domains (if any) | seconddomain.com |
-| EMAIL | Your email for SSL | you@email.com |
-| PLUGIN | Your DNS provider's plugin | ovh, cloudflare |
-
-Edit `ovh.ini`:
-
-```shell
-sudo vi /docker/swag/config/dns-conf/ovh.ini
-```
-
-```properties
-dns_ovh_endpoint = ovh-eu
-dns_ovh_application_key = 
-dns_ovh_application_secret = 
-dns_ovh_consumer_key = 
-```
-
-Generate your token [here](https://www.ovh.com/auth/?onsuccess=https%3A%2F%2Fwww.ovh.com%2Fauth%2Fapi%2FcreateToken). Required permissions:
-
-* GET /domain/zone/*
-* PUT /domain/zone/*
-* POST /domain/zone/*
-* DELETE /domain/zone/*
-
-Now configure dbip:
-
-```shell
-sudo vi /docker/swag/config/nginx/nginx.conf
-```
-
-Add this under `http`:
-
-```nginx
-include /config/nginx/dbip.conf
-```
-
-Restart the stack.
-
-## Dashboard
---
-Access the dashboard at `http://yourserverip:81`. Details [here](https://www.linuxserver.io/blog/introducing-swag-dashboard).
-
-## DBIP
---
-Geo-block config example:
-
-```nginx
-# ... (Same geo-block nginx example as before)
-```
-
-## Exposing Dockge
---
-::alert{type="info"}
-📋 __Prerequisites:__ A subdomain `dockge.mydomain.com` with CNAME pointing to `mydomain.com`, and NAT port 443 properly configured.
-::
-
-::alert{type="warning"}
-:::list{type="warning"}
- Dockge lacks MFA. Only expose it with MFA (e.g., Authentik). Otherwise, use VPN.
-:::
-::
-
-Configure `dockge.subdomain.conf` as:
-
-```nginx
-# ... (Same nginx reverse proxy config)
-```
-
-Edit SWAG’s `compose.yml` to add Dockge's network:
-
-```yaml
-services:
-  swag:
-    # ...
-    networks:
-      - dockge
-
-networks:
-  dockge:
-    name: dockge_default
-    external: true
-```
-
-Redeploy SWAG. Access Dockge via `https://dockge.mydomain.com`.
-
-## Exposing Other Services
---
-SWAG includes many sample confs: `service.subdomain.conf.sample`. Duplicate and configure them:
-
-```shell
-cd /docker/swag/config/proxy-confs
-sudo cp service.subdomain.conf.sample service.subdomain.conf
-```
-
-::alert{type="danger"}
-:::list{type="danger"}
- __If subdomain isn’t routing correctly:__
-:::
- Check container name in `set $upstream_app ...;`
- Ensure the service’s network is added to SWAG’s `compose.yml`
-::