SWAG and Tiki

Friday 21 of May, 2021

Next in my docker journey was to bring up SWAG - Secure Web App Gateway.  It's a container from Linuxserver.io that combines nginz reverse proxy setup with LetsEncrypt acme client to provide a secure front-end to self-hosted web apps.  When SWAG is built in a docker-compose with web apps, it provides a secure (contained within a docker network) backend as well as HTTPS to all client connections.

SWAG  provides a bunch of predefined app-specific proxy config files.  Of course, there isn't one for tiki so I made one by modifying an existing sample for a subdomain.confg.  Code for that is below.

When I first fired it up, I was directed to the default SWAG landing page.  Some research reminded me that SWAG talks to the app via the internal network/port, not the external host & ports.  I had mistakenly set the upstream port to the external port I had defined for the tiki container.  Changing this to use port 80 against the container name fixed this.

I was also concerned that I needed to configure tiki with a cert in ordr to get a clean SSL experince for the client.  But nginx handles this nicely as the proxy server.  Very nice.

tiki.subdomain.conf:

 

## Version 2020/12/09

 

# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.

 

# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.

 

# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.

 

# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url

 

server {

 

    listen 443 ssl;

 

    listen " rel="">:443 ssl;

 

    server_name tiki tiki.gmartin.org; # blog blog.gmartin.org;

 

    include /config/nginx/ssl.conf;

 

    client_max_body_size 0;

 

    location / {

 

        include /config/nginx/proxy.conf;

 

        resolver 127.0.0.11 valid=30s;

 

        set $upstream_app tiki;

 

        set $upstream_port 80;

 

        set $upstream_proto http;

 

        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

 

    }

 

}

 

 

 


Permalink: https://tiki.gmartin.org/tiki-view_blog_post.php?postId=201