Jo's Wiki

A Random Collection of Information

User Tools

Site Tools


webdev:nginx

nginx

Linuxserver.io SWAG

Runs SWAG on a new custom network and with userid/groupid 1001/1001 (adduser gopher)

version: "3"
networks:
  custom:
    ipam:
      config:
        - subnet: 172.32.0.0/24
services:
  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Etc/UTC
      - URL=INSERT_MAIN_DOMAIN_HERE
      - VALIDATION=http
      - SUBDOMAINS=, #optional
      - CERTPROVIDER= #optional
      - DNSPLUGIN=cloudflare #optional
      - PROPAGATION= #optional
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS=INSERT_SUBDOMAIN_1_HERE,INSERT_SUBDOMAIN_2_HERE #optional
      - STAGING=false #optional
    networks:
      custom:
        ipv4_address: 172.32.0.2
    volumes:
      - /home/gopher/swag/config:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped

No SWAG: nginx with certbot

https://github.com/JonasAlfredsson/docker-nginx-certbot/

Prepare the Installation
mkdir -p /etc/nginx/user_conf.d/
mkdir -p /etc/nginx/nginx_secrets/
ufw allow 80
ufw allow 443

:!: Change email in the following command!

Run the Container
docker run -it -p 80:80 -p 443:443 \
           --env CERTBOT_EMAIL=<INSERT@E.MAIL> \
           -v /etc/nginx/nginx_secrets:/etc/letsencrypt \
           -v /etc/nginx/user_conf.d:/etc/nginx/user_conf.d:ro \
           --name nginx-certbot jonasal/nginx-certbot:latest

:!: Replace all CAPITALIZED items in the following example!

EXAMPLE: /etc/nginx/user_conf.d/NAME_OF_CONF.conf
server {
    listen 443 ssl;
 
    # Domain names this server should respond to.
    server_name SUBDOMAIN;
 
    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/uptime/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/uptime/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/uptime/chain.pem;
 
    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
 
    # Configure the proxy specifics.
    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_http_version 1.1;
        proxy_pass http://FULLY_QUALIFIED_DOMAIN_NAME_OF_HOST:PORT_OF_CONTAINER_BEHIND_PROXY;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}
Force Certificate Check
docker kill --signal=HUP nginx-certbot
webdev/nginx.txt · Last modified: 14 January 2024 by 127.0.0.1