30 open-source projects similar to linuxserver/docker-swag, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Docker Swag alternative.
This project is a Docker-based Nginx reverse proxy manager designed to automate the deployment of HTTPS for web applications. It functions as a gateway that acquires and renews security certificates via Let's Encrypt and proxies incoming traffic to backend services. The system distinguishes itself by automatically discovering web services running in Docker containers to eliminate manual domain configuration. It manages security certificates through an automated process and can expose these certificates to other applications via shared volumes. The tool covers traffic management through load
Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted cre
Lucky is a connectivity and routing utility suite focused on SSL automation, dynamic DNS client services, NAT traversal, and port forwarding. It provides a network gateway management interface to coordinate public network access for internal services. The project distinguishes itself through a centralized web-based administration panel used to configure reverse proxy servers, manage ACME-based SSL certificate renewals via DNS provider APIs, and synchronize public IP addresses across multiple dynamic DNS providers. It also includes a NAT traversal tool using STUN to establish external connecti
Nginx Proxy Manager is a web-based administrative interface for configuring and managing Nginx reverse proxy hosts and server rules within Docker containers. It functions as a containerized network gateway that routes external web traffic to internal services and backend applications. The system automates the acquisition and renewal of Let's Encrypt SSL certificates to encrypt network traffic without manual command line intervention. It provides a graphical dashboard for defining proxy hosts, access lists, and custom server configurations, removing the need for manual configuration file editi
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme
BaoTa is a web-based Linux server control panel and system administration dashboard designed for managing hosting environments and system resources. It provides a graphical interface to translate administrative actions into system-level configurations, allowing users to manage Linux servers and web hosting stacks without relying solely on the command line. The platform distinguishes itself through AI-driven server operations, utilizing artificial intelligence for performance analysis and the execution of maintenance tasks via natural language commands. It supports multi-node orchestration, en
Runtipi is a home server dashboard and orchestration tool designed for deploying and managing containerized applications. It provides a web-based interface for discovering and installing software from a curated app store, utilizing a Docker Compose orchestrator to handle the deployment of self-hosted services. The system integrates a reverse proxy and SSL manager to route external traffic to internal containers, automating HTTPS certificate renewal and domain assignment. It also features a built-in backup and update manager that uses cron-based scheduling to perform automatic security patchin
Uncloud is a decentralized container orchestrator designed to deploy and manage applications across multiple servers without a central control plane. It functions as a peer-to-peer system and a Docker Compose cluster deployer, using SSH-based infrastructure management to coordinate operations across remote nodes. The project distinguishes itself by using a secure mesh network overlay to enable direct inter-container communication across different physical machines. It facilitates container image distribution by transferring missing layers directly from local environments to target nodes, bypa
This project is an automated reverse proxy and load balancer designed for containerized environments. It functions by monitoring container lifecycle events through the container runtime API, allowing it to dynamically generate and update web server configurations in real time as services start, stop, or change their network status. The system distinguishes itself through its ability to orchestrate proxy processes without dropping active connections, ensuring continuous availability during configuration updates. It utilizes a template-based engine to map container metadata to routing logic, en
acme.sh is a shell-based certificate manager and ACME SSL certificate client. It automates the issuance, renewal, and installation of digital security certificates using a portable Unix shell script to remove dependencies on heavy runtime environments. The project specializes in automated domain ownership verification through a DNS challenge automator that integrates with provider APIs. It supports the generation of diverse certificate types, including wildcard certificates and issuance based on pre-existing certificate signing requests. The tool covers the full certificate lifecycle, includ
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
CapRover is a self-hosted platform-as-a-service that provides a centralized dashboard for managing containerized applications and databases. It functions as a container orchestration platform, simplifying the deployment, scaling, and networking of services across server environments. By leveraging a reverse-proxy-based architecture, the platform handles domain mapping, traffic routing, and automated SSL certificate lifecycle management to ensure secure, encrypted access for hosted web services. The platform distinguishes itself through its integrated automation capabilities, which include aut
Automate SSL/TLS certificates on Windows with ease
This project is an automated SSL certificate manager and orchestrator for Nginx proxy configurations. It functions as an ACME protocol client that handles the request, issuance, and renewal of security certificates for web services running in containers. The system monitors Docker container lifecycle events to automatically provision certificates based on assigned hostnames. It automates the full certificate lifecycle, including domain ownership validation and the issuance of specialized wildcard or multi-domain certificates. The tool manages security through both HTTP and DNS challenge reso
YunoHost is a self-hosted server management platform designed for deploying, configuring, and maintaining a suite of open source applications on a private server. It functions as a package-based application orchestrator that installs and updates software from a curated catalog using standardized deployment scripts. The platform features a centralized identity management system using a directory service to synchronize user accounts and credentials across hosted applications for single sign-on access. It includes an integrated reverse proxy to route network traffic to backend services based on
HestiaCP is a Linux web hosting control panel designed for the centralized administration of web servers, databases, and DNS records. It serves as a management suite for hosting email services and managing multiple PHP language runtimes for various web applications and user accounts. The project distinguishes itself through integrated security orchestration, providing a Linux firewall orchestrator with automated brute-force detection and an SSL certificate automator for the issuance and renewal of security certificates. It includes a DNS zone manager with clustering support, as well as a mail
This project is a GitOps infrastructure framework designed for managing bare metal servers, container clusters, and networking. It serves as a declarative system for orchestrating the deployment and lifecycle of self-hosted services, using Git as the source of truth to synchronize the desired state of the environment. The framework differentiates itself through a comprehensive automation suite that covers the entire hardware-to-service pipeline. It includes a PXE-based bare metal provisioner for network booting and operating system installation, alongside a lightweight container orchestration
acme-tiny is a minimal ACME client implemented as a single-file Python script that automates obtaining and renewing SSL/TLS certificates from a Certificate Authority using the Automated Certificate Management Environment (ACME) protocol. It relies on OpenSSL command-line tools for key generation and certificate signing request creation, and uses file-based HTTP validation to verify domain ownership by placing a token file on the web server. Designed for fully automated certificate lifecycle management, acme-tiny is intended to be executed periodically by a system scheduler like cron, checking
This project is a web-based management interface designed for the administration, monitoring, and configuration of Nginx server instances. It functions as a centralized platform for managing reverse proxy settings, traffic routing, and server lifecycles, providing a visual dashboard to replace manual configuration file editing. The platform distinguishes itself through integrated infrastructure automation and observability tools. It supports distributed environments by synchronizing configuration states across multiple nodes and containerized services, while offering artificial intelligence a
Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources. The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures,
This project is a collection of configuration files and scripts serving as a bot blocker and security middleware for Nginx. It functions as an automated blocklist manager that filters malicious user-agents and IP addresses to mitigate vulnerability scanning, login brute-forcing, and DDoS attacks. The system distinguishes itself by automating the maintenance of security rules, downloading updated bot definitions and reloading the server on a schedule. It also includes a search engine spam filter capable of generating robots.txt files and link disavow lists to prevent malicious domains from imp
Trojan is a proxy management system designed for administering multi-user deployments through a web-based interface. It provides tools for managing proxy server configurations, monitoring network traffic, and automating the issuance and renewal of SSL certificates via ACME. The system functions as a subscription server, converting user configurations into standardized links, QR codes, and configuration files for import into third-party proxy clients. It includes a dedicated management UI to handle user accounts, set account expiration dates, and control the proxy server backend lifecycle. Op
Zoraxy is a network administration tool centered on HTTP reverse proxy management. It provides a centralized graphical interface for routing web traffic from public domains to internal backend services, utilizing a Go-based proxy to intercept and forward requests. The project extends beyond standard web routing by offering a browser-based SSH interface for remote server administration and command execution. It also supports transport-layer TCP and WebSocket forwarding to manage non-HTTP traffic between external clients and internal ports. Broad capabilities include automated TLS certificate
caddy-docker-proxy is a dynamic HTTP reverse proxy and Docker network ingress controller that automatically generates routing configurations by reading labels from Docker containers. It serves as a service discovery tool that detects container IP addresses in real time to route incoming web traffic to the correct backend targets. The project functions as a distributed proxy orchestrator, capable of pushing generated configurations from a central controller to multiple remote server instances to scale request handling. It automates the issuance and renewal of TLS security certificates for prox
Devilbox is a containerized development environment that provides a reproducible suite of web servers, databases, and language runtimes managed through a unified configuration. It functions as a Docker-based local development stack for LAMP and MEAN software stacks and as a manager for switching between different versions of these services to match specific project requirements. The system distinguishes itself by automating local network orchestration. It includes a Docker-based virtual host manager that automatically maps local directories to custom domains and a local DNS and SSL orchestrat
Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru
ShadowsocksR is a Python-based implementation of a SOCKS5 proxy server designed to tunnel network traffic through encrypted connections. It functions as an encrypted network tunnel that obfuscates internet traffic to circumvent network restrictions and firewalls. The project includes security hardening features to protect the proxy server from unauthorized access, specifically by blocking IP addresses that attempt brute force credential attacks. The server manages bidirectional TCP and UDP traffic and can be executed as a background system daemon to maintain persistent connectivity. It suppo
Lets-chat is a self-hosted team communication platform and XMPP chat server designed for private messaging. It provides a containerized communication environment for small teams to exchange messages and files, featuring a programmable REST API for automating conversations and managing messages from external tools. The platform functions as an XMPP gateway and server, ensuring interoperability with other compliant messaging clients. It distinguishes itself by supporting enterprise identity management, allowing administrators to verify user identities through local accounts or external director
Miniserve is an HTTP static file server that hosts local directories over the network with an integrated web-based file browser. It functions as a single-binary tool capable of serving as a markdown rendering server, a TLS-enabled web server for encrypted traffic, and a WebDAV file manager for remote file operations. The project distinguishes itself through specialized hosting modes, including a single page application mode that routes requests to a single index file and the ability to generate random hexadecimal access URLs to obscure served directories. It also provides the ability to conve