[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

linuxserver.io

By linuxserver.io
in Docker Containers

Recommended Posts

  • Replies 6.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nraygun
nraygun

Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running. For noobs like me, here's what I did: 1. Stop

aptalca
aptalca

I will only post this once. Feel free to refer folks to this post.   A few points of clarification:   The last update of this image didn't break things. Letsencrypt abruptly disabl

BigBoyMarky
BigBoyMarky

I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Posted Images

bjaurelio Noob

bjaurelio

Posted
Posted

Is your docker container titled qbittorent and on the same custom bridge network? Is your domain service setup with cname for your subdomain?

 

3 hours ago, Forty Two said:

Could somebody help me out?

I've been trying to get binhex-qbittorrent to run with swag. 

I used the regular qbittorent subdomain conf file, and swapped the container name and port. 

The Subdomain(s): variable field for the container contains "qbittorrent"

File attached. 

binhex-qbittorrent.subdomain.conf 4.45 kB · 2 downloads

 

Link to comment
Forty Two Noob

Forty Two

Posted
Posted (edited)
1 hour ago, bjaurelio said:

Is your docker container titled qbittorent and on the same custom bridge network? Is your domain service setup with cname for your subdomain?

 

 

The name of the container is: binhex-qbittorrentvpn.

I've edited that in the file, same as it is for other containers that are on Swag and are working. 

It is on the same network created specially for Swag.

I use Cloudflare for DNS. There is no special setting for each container. 

There is a wildcard setting.

The error I get is: 502 Bad Gateway, with a "Not secure" note. 

 

Edited by Forty Two
Link to comment
king79 Noob

king79

Posted
Posted (edited)

Hello Community,
i installed Swag on my Unraid following Spaceinvader's instructions. Through the proxy the Nextcloud, Vaultwarden and Guacamole services are deployed on my own domain.
The containers are all in the custom network proxynet.
I would still like to add the mod for the maxmind database to block some countries with it.

After activating it I am not able to reach my services.

In the log files of Swag is also only the gateway address of proxynet logged.

Is there a way to capture the correct IP in the log files?

 

/mnt/user/appdata/swag/log/nginx/access.log 

172.18.0.1 - - [11/Jan/2023:09:08:45 +0100] "GET /api/session/data/mysql/users/test HTTP/2.0" 200 182 "https://guac.meinedomain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"

172.18.0.1 - - [11/Jan/2023:09:11:09 +0100] "GET /api/devices/knowndevice/[email protected]/03033767-47e8-4c2f-9847-70619bbcdb2e HTTP/2.0" 200 4 "https://bw.meinedomain.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"

 

Edited by king79
Link to comment
dajo77 Noob

dajo77

Posted
Posted

Any alternatives to SWAG that some recommend? I'm looking in to Traefik, but curious of some others to research. Mine broke again this morning and I'm just done troubleshooting to the point where I remove it and reconfigure after it breaking 6 or so months down the road after updates.

Link to comment
ps2sunvalley Noob

ps2sunvalley

Posted
Posted
On 12/31/2020 at 3:41 AM, Spoonsy1480 said:

nginx: [emerg] cannot load certificate "/config/keys/letsencrypt/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/keys/letsencrypt/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

I got this error yesterday and I can not find out how to fix everything was working fine I kept getting emails saying my certificate was about to expire

 

Ok fixed it wiped old config and reinstalled now everything is good

Sent from my iPhone using Tapatalk

I'm having same issue here.  Exactly what did you wipe?

Link to comment
Viper-694 Noob

Viper-694

Posted
Posted (edited)

Hello everyone. I'm trying to get crowdsec running with swag. I installed crowdsec and the bouncer for swag per the instructions here https://www.linuxserver.io/blog/blocking-malicious-connections-with-crowdsec-and-swag 

Crowdsec is parsing the nginx logs and shows the swag bouncer a valid. Swag's logs say the v1.0.4 bouncer was successfully configured but when I manually add my phone's ip address to the ban list i'm still able to get access to my services that are behind swag. Is there any other way to test the connection between the bouncer and the crowdsec api? I'm confused why everything is telling me it's installed correctly but isn't blocking any traffic. Thanks

 

Edit: I updated the .conf files as described in the posts below and it's working now.

Edited by Viper-694
Link to comment
lbrwnie Noob

lbrwnie

Posted
Posted
1 hour ago, Beaker69 said:

Hi All. Just updated Swag  and now getting this.

 

nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3

 

Does anyone know how I can solve this, until then I cannot access anything from outside my network.

 

Thanks.
 

Having the exact same problem after updating now as well.

 

Anyone know what could be going on here?

Link to comment
Chunks Rookie

Chunks

Posted
Posted

Thanks @BigBoyMarky, I did the same. Just renamed ssl.conf --> ssl.cong.bak and nginx.conf --> nginx.conf.bak so that I could compare them after they were downloaded fresh. I had made some changes to make Nextcloud happy that I didn't want to lose.

 

Thankfully, all the changes were simple to un-comment out once the new configs downloaded. So I'm actually pretty glad the new, most updated config files are now in place.

  • Thanks 1
Link to comment
3dee Rookie

3dee

Posted
Posted

Thanks @BigBoyMarky, worked for me aswell!

 

Maybe kinda off topic, but how can I prevent Docker from pulling updates as soon as they are being released? Can I make docker wait x days after release until update? I have productive systems running I can't risk not to work after a fresh update with a potential bug :D

 

Update Check Frequency wouldn't really help since an update could be released just a moment before the Update check.

Link to comment
nraygun Contributor

nraygun

Posted
Posted (edited)
On 1/21/2023 at 7:37 PM, BigBoyMarky said:

I replaced both the ssl.conf and nginx.conf files with the sample ones to update them since I did not make any custom modifications to either one of those and this resolved my issue.

Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running.

For noobs like me, here's what I did:

1. Stop the Swag container

2. Go to the /mnt/user/appdata/swag/nginx folder

3. Rename your ssl.conf to ssl.conf.old and nginx.conf to nginx.conf.old (just in case we to restore them)

4. Copy ssl.conf.sample to ssl.conf and nginx.conf.sample to nginx.conf

5. Start the container and you should be good.

Edited by nraygun
  • Like 7
  • Thanks 4
  • Upvote 1
Link to comment
Taddeusz Collaborator

Taddeusz

Posted
Posted (edited)
16 hours ago, lbrwnie said:

Having the exact same problem after updating now as well.

 

Anyone know what could be going on here?

 

No idea. I was getting this error so I with into the container's console and renamed that file to stream.conf.old and the error went away. The file wasn't recreated and Swag is now running as it should.

Edited by Taddeusz
Link to comment
ZosoPage1963 Apprentice

ZosoPage1963

Posted
Posted (edited)
56 minutes ago, nraygun said:

Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running.

For noobs like me, here's what I did:

1. Stop the Swag container

2. Go to the /mnt/appdata/swag folder

3. Rename your ssl.conf to ssl.conf.old and nginx.conf to nginx.conf.old (just in case we to restore them)

4. Copy ssl.conf.sample to ssl.conf and nginx.conf.sample to nginx.conf

5. Start the container and you should be good.

Thanks for this, but us noobs that followed Spaceinvader's setup video back when this docker was called Letsencrypt, after doing the above steps, now get errors from the other config files that we modified for the likes of bitwarden, etc.
console into the swag container

cd into the directory listed in the error message.

mv stream.conf stream.conf.old

restart swag container.

 

Check logs and you should have the Server Ready line at the bottom

 

Edited by ZosoPage1963
editing commands
Link to comment
Toobie Apprentice

Toobie

Posted
Posted
1 hour ago, nraygun said:

Confirming this worked for me too. Not sure I needed to replace both, but I did anyway and Swag and Nextcloud are both back and up and running.

For noobs like me, here's what I did:

1. Stop the Swag container

2. Go to the /mnt/appdata/swag folder

3. Rename your ssl.conf to ssl.conf.old and nginx.conf to nginx.conf.old (just in case we to restore them)

4. Copy ssl.conf.sample to ssl.conf and nginx.conf.sample to nginx.conf

5. Start the container and you should be good.

 

Had the same struggle after the last update, worked fine with this instruction.

 

Thanks!

  • Like 1
Link to comment
3dee Rookie

3dee

Posted
Posted
13 minutes ago, Gingko_2001 said:

New updated docker, has this error log:

 

nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/conf.d/stream.conf:3

 

please help  how to fix this.

 

before has not issue with this.

 

read some of the posts above ↑

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing