# linuxserver/docker-swag **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/linuxserver-docker-swag).** 3,608 stars · 278 forks · Dockerfile · gpl-3.0 ## Links - GitHub: https://github.com/linuxserver/docker-swag - Homepage: https://docs.linuxserver.io/general/swag - awesome-repositories: https://awesome-repositories.com/repository/linuxserver-docker-swag.md ## Topics `hacktoberfest` ## Description This project is a Docker-based web gateway and Nginx reverse proxy manager. It functions as a containerized network edge designed to route incoming HTTP and HTTPS traffic to backend services using subdomains and subfolders. The system automates the procurement and renewal of Let's Encrypt SSL certificates via the ACME protocol and various DNS plugins. It includes a mechanism to export and share these certificates through persistent volumes so other containers can utilize the same encryption keys. Security is handled through a combination of server intrusion prevention, using Fail2Ban to monitor logs and ban malicious IP addresses, and layered authentication middleware. Access to resources can be restricted using local password files, LDAP, or external identity providers, while HTTP traffic is automatically redirected to HTTPS. The deployment is managed via container orchestration, supporting read-only filesystem modes and template-based proxy routing for internal network addresses. ## Tags ### Networking & Communication - [Reverse Proxy Orchestrators](https://awesome-repositories.com/f/networking-communication/networking/reverse-proxies/reverse-proxy-orchestrators.md) — Functions as a managed reverse proxy orchestrator directing traffic to backend services via Nginx. - [Reverse Proxies](https://awesome-repositories.com/f/networking-communication/reverse-proxies.md) — Acts as a containerized network edge that routes incoming traffic to backend services using subdomains and subfolders. ([source](https://docs.linuxserver.io/general/swag/)) - [Template-Based Routing](https://awesome-repositories.com/f/networking-communication/request-proxies/proxy-routing/template-based-routing.md) — Uses pre-defined templates to map subdomains and subfolders to internal container addresses. - [Automated TLS Reverse Proxies](https://awesome-repositories.com/f/networking-communication/traffic-proxying/proxy-traffic-management/automated-tls-reverse-proxies.md) — Provides a containerized Nginx reverse proxy with automated TLS certificate management. ### Security & Cryptography - [ACME Clients](https://awesome-repositories.com/f/security-cryptography/acme-clients.md) — Implements an ACME client to automate the procurement and renewal of SSL certificates. - [Automated Certificate Issuance](https://awesome-repositories.com/f/security-cryptography/certificate-automation-protocols/automated-certificate-issuance.md) — Automates the issuance and renewal of certificates through integrated DNS provider plugins. ([source](https://github.com/linuxserver/docker-swag/blob/master/README.md)) - [SSL Certificate Automation](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-automation.md) — Automates the process of obtaining and renewing Let's Encrypt SSL certificates. - [Secure Web Gateways](https://awesome-repositories.com/f/security-cryptography/web-application-security/secure-web-gateways.md) — Acts as a secure web gateway protecting internal services with authentication and HTTPS redirection. - [Authentication Middleware](https://awesome-repositories.com/f/security-cryptography/authentication-middleware.md) — Provides middleware that intercepts proxy requests to verify identities via local passwords or LDAP. - [Automated IP Banning](https://awesome-repositories.com/f/security-cryptography/automated-ip-banning.md) — Includes an automated system to ban IP addresses based on malicious patterns detected in server logs. - [Brute Force Protections](https://awesome-repositories.com/f/security-cryptography/brute-force-protections.md) — Uses Fail2Ban to monitor logs and automatically ban malicious IP addresses to prevent brute force attacks. ([source](https://cdn.jsdelivr.net/gh/linuxserver/docker-swag@master/README.md)) - [Password Access Restrictions](https://awesome-repositories.com/f/security-cryptography/domain-access-restrictions/request-access-restrictions/password-access-restrictions.md) — Restricts access to proxied sites using local password files or external directory authentication. ([source](https://cdn.jsdelivr.net/gh/linuxserver/docker-swag@master/README.md)) - [Intrusion Prevention Systems](https://awesome-repositories.com/f/security-cryptography/intrusion-prevention-systems.md) — Monitors server logs to detect and automatically block malicious IP addresses. - [HTTPS Enforcements](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/security-https/https-enforcements.md) — Automatically redirects incoming HTTP traffic from port 80 to secure HTTPS on port 443. ([source](https://docs.linuxserver.io/general/swag/)) - [Resource Access Control](https://awesome-repositories.com/f/security-cryptography/resource-access-control.md) — Implements access restriction to web services and pages using basic authentication, LDAP, and external identity providers. ([source](https://docs.linuxserver.io/general/swag)) - [Certificate Sharing](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-managers/certificate-sharing.md) — Provides a mechanism to export and share certificates through persistent volumes so other containers can utilize the same keys. ([source](https://cdn.jsdelivr.net/gh/linuxserver/docker-swag@master/README.md)) ### DevOps & Infrastructure - [Container Network Gateways](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments/docker-based-deployment-tools/container-network-gateways.md) — Provides a containerized network gateway for routing external traffic into a Docker network. - [Containerized Network Edges](https://awesome-repositories.com/f/devops-infrastructure/containerized-network-edges.md) — Deploys a centralized containerized entry point for routing traffic to home or business servers.