Djeex/docudjeex
1
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity
Files
acdebcb68251628737cce3ffbcc1c519cd5fe67c
docudjeex/content/3.serveex/2.core/3.swag.md
Djeex acdebcb682 Translation #2
2025-07-03 20:22:12 +00:00

223 lines
5.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
navigation: true
title: SWAG
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# SWAG
::alert{type="info"}
🎯 __Goals:__
- Install Swag
- Enable SSL
- Access the dashboard
- Configure regional blocking
- Expose Dockge
::
[Swag](https://docs.linuxserver.io/general/swag/) is the core of this homelab. It is a powerful reverse proxy that allows you to expose services on the internet via domain names, handling SSL certificates, request routing, and access security. Full documentation is [available here](https://docs.linuxserver.io/general/swag).
::alert{type="warning"}
:::list{type="warning"}
- SWAG is only useful if you plan to expose your services on the internet (e.g., `https://service.mydomain.com`). If you prefer to use a VPN instead, skip to [this section](/serveex/securite/wireguard).
:::
::
Below is an example for exposing Dockge. We'll install SWAG, the dbip mod for geo-blocking, and the dashboard mod for managing SWAG, fail2ban, and geolocation.
**What is a reverse proxy and how it works for us:**
![Picture](/img/serveex/reverse-proxy.svg)
## Installation
---
::alert{type="info" icon="exclamation-circle"}
:::list{type="info"}
- This tutorial assumes you have a domain name pointing to your server, and a NAT rule forwarding port `443` to your server. Example domain: `mydomain.com`.
:::
::
File structure we'll edit:
```console
root
└── docker
└── swag
├── config
│ ├── dns-conf
│ │ └── ovh.ini
│ └── nginx
│ ├── dbip.conf
│ ├── nginx.conf
│ └── proxy-confs
│ └── dockge.subdomain.conf
├── compose.yml
└── .env
```
Open Dockge, click `compose`, name the stack `swag`, and paste this config:
```yaml
services:
swag:
image: lscr.io/linuxserver/swag:latest
container_name: swag
cap_add:
- NET_ADMIN
env_file:
- .env
environment:
- TZ=Europe/Paris
- URL=${DOMAIN}
- EXTRA_DOMAINS=${DOMAINS}
- SUBDOMAINS=wildcard # couvre les sous-domaines
- VALIDATION=dns
- DNSPLUGIN=${PLUGIN}
- EMAIL=${EMAIL}
- DOCKER_MODS=linuxserver/mods:swag-dbip|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-reload
volumes:
- /docker/swag/config:/config
ports:
- 80:80
- 443:443
- 81:81 # Nécessaire pour le dashboard
restart: unless-stopped
networks:
- swag
networks:
swag:
name: swag_default
```
::alert{type="success"}
__Tip:__
Add a watchtower label to auto-update containers:
```yaml
services:
swag:
#...
labels:
- com.centurylinklabs.watchtower.enable=true
```
::
In your `.env`:
```properties
DOMAIN=
DOMAINS=
EMAIL=
PLUGIN=
```
Fill in the values:
| Property | Value | Examples |
|-----------|-------|----------|
| DOMAIN | Your main domain | mydomain.com |
| DOMAINS | Other domains (if any) | seconddomain.com |
| EMAIL | Your email for SSL | you@email.com |
| PLUGIN | Your DNS provider's plugin | ovh, cloudflare |
Edit `ovh.ini`:
```shell
sudo vi /docker/swag/config/dns-conf/ovh.ini
```
```properties
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key =
dns_ovh_application_secret =
dns_ovh_consumer_key =
```
Generate your token [here](https://www.ovh.com/auth/?onsuccess=https%3A%2F%2Fwww.ovh.com%2Fauth%2Fapi%2FcreateToken). Required permissions:
* GET /domain/zone/*
* PUT /domain/zone/*
* POST /domain/zone/*
* DELETE /domain/zone/*
Now configure dbip:
```shell
sudo vi /docker/swag/config/nginx/nginx.conf
```
Add this under `http`:
```nginx
include /config/nginx/dbip.conf
```
Restart the stack.
## Dashboard
---
Access the dashboard at `http://yourserverip:81`. Details [here](https://www.linuxserver.io/blog/introducing-swag-dashboard).
## DBIP
---
Geo-block config example:
```nginx
# ... (Same geo-block nginx example as before)
```
## Exposing Dockge
---
::alert{type="info"}
📋 __Prerequisites:__ A subdomain `dockge.mydomain.com` with CNAME pointing to `mydomain.com`, and NAT port 443 properly configured.
::
::alert{type="warning"}
:::list{type="warning"}
- Dockge lacks MFA. Only expose it with MFA (e.g., Authentik). Otherwise, use VPN.
:::
::
Configure `dockge.subdomain.conf` as:
```nginx
# ... (Same nginx reverse proxy config)
```
Edit SWAGs `compose.yml` to add Dockge's network:
```yaml
services:
swag:
# ...
networks:
- dockge
networks:
dockge:
name: dockge_default
external: true
```
Redeploy SWAG. Access Dockge via `https://dockge.mydomain.com`.
## Exposing Other Services
---
SWAG includes many sample confs: `service.subdomain.conf.sample`. Duplicate and configure them:
```shell
cd /docker/swag/config/proxy-confs
sudo cp service.subdomain.conf.sample service.subdomain.conf
```
::alert{type="danger"}
:::list{type="danger"}
- __If subdomain isnt routing correctly:__
:::
- Check container name in `set $upstream_app ...;`
- Ensure the services network is added to SWAGs `compose.yml`
::
Reference in New Issue View Git Blame Copy Permalink