Jump to content
linuxserver.io

[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)

5062 posts in this topic Last Reply

Recommended Posts

Works OOB in my case, just changed the repo from /letsencrypt to /swag

Pardon my inexperience but how exactly does one just change repo? Download swag and point it at same app data as letsencrypt or?

Share this post


Link to post
30 minutes ago, blaine07 said:


Pardon my inexperience but how exactly does one just change repo? Download swag and point it at same app data as letsencrypt or?

Enable the advanced view on the existing letsencrypt template page and there you should see linuxserver/letsencrypt at Repository just change that to linuxserver/swag

 

That's how it looks now:

grafik.thumb.png.58865a02fab0177d6612449ae789d514.png

 

Also there will be a orphan image at the bottom on your docker page if you done this (just the old letsencrypt image), just click on it and you select remove.

grafik.png.3d0e9f4b31bb44635b1d6f3c878418fe.png

  • Like 1
  • Thanks 1

Share this post


Link to post
Enable the advanced view on the existing letsencrypt template page and there you should see linuxserver/letsencrypt at Repository just change that to linuxserver/swag
 
That's how it looks now:
grafik.thumb.png.58865a02fab0177d6612449ae789d514.png
 
Also there will be a orphan image at the bottom on your docker page if you done this (just the old letsencrypt image), just click on it and you select remove.
grafik.png.3d0e9f4b31bb44635b1d6f3c878418fe.png

One last question...

I use Cloudflare Proxy... when I change the repository is it going to try to renew certs or is that something that will be maintained; existing certs kept? (If it wants to rewrite certs I need to go through and turn Cloudflare proxy off etc etc and don’t want it to fail renewal is why I’m asking...).

Share this post


Link to post
Just now, blaine07 said:


One last question...

I use Cloudflare Proxy... when I change the repository is it going to try to renew certs or is that something that will be maintained; existing certs kept? (If it wants to rewrite certs I need to go through and turn Cloudflare proxy off etc etc and don’t want it to fail renewal is why I’m asking...).

In my case it kept the certificates.

Share this post


Link to post
In my case it kept the certificates.

What I would’ve expected but figured I’d ask; my certs aren’t up for renewal so should be same situation for me.

Share this post


Link to post

Two simple questions with the changes to SWAG.

 

#1 - Is there a new icon URL I can plug into the container so it doesn't show "LetsEncrypt" icon anymore? I'm weird about these things.

 

#2 - Is there going to be a new support thread that I should update it to link to, or is this still going to be the same thread?

Share this post


Link to post
4 hours ago, CorneliousJD said:

Two simple questions with the changes to SWAG.

 

#1 - Is there a new icon URL I can plug into the container so it doesn't show "LetsEncrypt" icon anymore? I'm weird about these things.

Looks like the swag image is in the same directory as the LE png file:

 

https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/swag.gif

Share this post


Link to post

So...Is it going to cause all kinds of issues changing containers name? Is the GIF above for SWAG legitimate lol? New support thread URL or re-title this one?

Share this post


Link to post

Hi guys

First of all thanks in advance for any advice, and sorry but english is not my native language

I hope that you could help me.

 

I watched Spaceinvader One guides on how reverse proxys

My goal was to reverse proxy: Jellyfin and Nextcloud.

Untill 2 days ago all my service worked just fine, now every time i try to connect to one of my private site i've got something like

"The 'Host' field contained in Http header is invalid"

 

I would like to understand if got something wrong and eventually exclude any problem with let's encrypt. So i can learn something

 

I've dynamic public ip address (right now i can't have a static one due to my provider)

I use Godaddy to provide domain and Cloudflare to manage DNS so (if i understanded correctly) i could use wildcard.

In Cloudflare i've set A keys ( to point my public ip), and i use cloudflare-ddns docker to update my current public ip and it woks just fine.

I changed my unraid access port so Let's Encrypt could use 443 an 80

I portfoward both 443 and 80 in my router setting. 

I set ngnx conf files correctly (i presume cause they worked perfectly untill 2 days ago)

 

So I check my cert

Quote

 

 

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: XXXXXX.it
    Serial Number: XXXXXXXXXXXXXXXXXXXXXXXXXXc177b4a7e5
    Domains: *.XXXXXX.it
    Expiry Date: 2020-11-08 16:25:11+00:00 (VALID: 67 days)
    Certificate Path: /etc/letsencrypt/live/XXXXX.it/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/XXXXXX.it/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@822616ce902d:/# 
root@822616ce902d:/# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/XXXXXX.it.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/XXXXXXX.it/fullchain.pem expires on 2020-11-08 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@822616ce902d:/# 

 


 

And i check my docker Let's encrypt log

Quote

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=XXXX.it
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=XXXX.XXXXX@gmail.com
STAGING=

SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of XXXXXXX.it will be requested
E-mail address entered:XXXX.XXXX@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,
and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key.
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing...
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
Server ready

so i try to ping my site inside the docker and from my pc and it works

Quote

ING jellyfin.XXXXXXXXX.it (XXXXX) 56(84) bytes of data.
64 bytes from host-XXXXXXXXXXXXXXXX.it (XXXXXXXXXXX): icmp_seq=1 ttl=63 time=1.99 ms

 

I tryed all i can do, but i've really no idea on how to deal with this thing. All i can do is to offer you a good italian wine as soon as this pandemic gonna end and you pass to Northern Italy and all i can do for you :) 

Edited by daniele.fenaroli

Share this post


Link to post

After changing to  /swag  and delete the orphan image i reboot my server and all my dockers are gone F......ck .

Please help what to do now.I have no any dockers installed now please help.

My cache drive corrupt and i have to format it to use it .

everything broke because of this container.

Edited by Vesko

Share this post


Link to post
1 hour ago, Vesko said:

After changing to  /swag  and delete the orphan image i reboot my server and all my dockers are gone F......ck .

Please help what to do now.I have no any dockers installed now please help.

My cache drive corrupt and i have to format it to use it .

everything broke because of this container.

This is not related to this container, so I suggest you create your own thread about corrupt cache drive. This is most likely a hardware issue and this container did not break anything.

Share this post


Link to post
8 hours ago, saarg said:

This is not related to this container, so I suggest you create your own thread about corrupt cache drive. This is most likely a hardware issue and this container did not break anything.

I am sorry maybe was bad luck that's happened exactly when i did this update and reboot.

Thank you for your hard work .

Share this post


Link to post

hi, 

 

Is there going to be a new application pull in the community applications appstore? 

 

Just curious to what is going to look like the new app

Share this post


Link to post
3 hours ago, gacpac said:

hi, 

 

Is there going to be a new application pull in the community applications appstore? 

 

Just curious to what is going to look like the new app

There is nothing different except the name.

Share this post


Link to post
16 minutes ago, saarg said:

There is nothing different except the name.

Along with the repository that it's pulling from.  Not to mention that the original displays

  

On 8/29/2020 at 7:34 AM, ich777 said:

* This image has been deprecated * * * * Use the new image at * * * * linuxserver/swag *

 

Seems to me that the template should be updated

Share this post


Link to post
2 hours ago, dockerPolice said:

Along with the repository that it's pulling from.  Not to mention that the original displays

  

 

Seems to me that the template should be updated

I was answering the last line. There will be a new template when we get around to it.

The container still works, so no need to panic.

  • Like 1
  • Thanks 1

Share this post


Link to post

IMPORTANT ANNOUNCEMENT

 

As some of you already noticed by now, the letsencrypt image has been rebranded SWAG - Secure Web Application Gateway as a result of a trademark related request. The new image is published in a new repo and the old image is deprecated. Currently, the old and the new images are near identical and one can switch simply by changing the image repository.

 

In order to migrate to the new image, all you need to do (at a minimum) is to open the container settings and change the "Repository" field from "linuxserver/letsencrypt" to "linuxserver/swag". If you prefer, you can change the container name to "swag" as well, although it is not required. As long as you keep the environment vars the same and the "/config" folder mount the same, all the settings will be picked up by the new container. Please see here for more detailed instructions: https://github.com/linuxserver/docker-swag/blob/master/README.md#migrating-from-the-old-linuxserverletsencrypt-image

 

Thread title and the first post are updated with this info. There will be new template for SWAG published shortly.

Share this post


Link to post
5 minutes ago, hernandito said:

image.png.07147b5b04fdc6051457565b4a77f5cd.png

 

1249289659_lsioswag3.png.a499fb3ff68943de1bfcb50457842413.png

Watching the thread via email updates and had to chime in. I like this one, good job!!

Share this post


Link to post

Like the first one, but i'd reduce the size of the text just a bit so there are some space all around like on #3. Also prefer the font of #1.

Share this post


Link to post
3 hours ago, danioj said:

Watching the thread via email updates and had to chime in. I like this one, good job!!

I am liking that one too as well.... I am not sure if the LSIO team would approve of their logo being cropped like this though.

 

I think the icon is only seen at small size in the GUIs...

 

last one.... image.png.e018667d3b8805575e92e4b03866d2de.png

1871674142_lsioswag4.png.69c8ab1cfcd41d8feb03acff54878a65.png

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.