Greg's Tech blog

SWAG and Tiki

Friday 21 of May, 2021

Next in my docker journey was to bring up SWAG - Secure Web App Gateway.  It's a container from Linuxserver.io that combines nginz reverse proxy setup with LetsEncrypt acme client to provide a secure front-end to self-hosted web apps.  When SWAG is built in a docker-compose with web apps, it provides a secure (contained within a docker network) backend as well as HTTPS to all client connections.

SWAG  provides a bunch of predefined app-specific proxy config files.  Of course, there isn't one for tiki so I made one by modifying an existing sample for a subdomain.confg.  Code for that is below.

When I first fired it up, I was directed to the default SWAG landing page.  Some research reminded me that SWAG talks to the app via the internal network/port, not the external host & ports.  I had mistakenly set the upstream port to the external port I had defined for the tiki container.  Changing this to use port 80 against the container name fixed this.

I was also concerned that I needed to configure tiki with a cert in ordr to get a clean SSL experince for the client.  But nginx handles this nicely as the proxy server.  Very nice.



## Version 2020/12/09


# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.


# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.


# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.


# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url


server {


    listen 443 ssl;


    listen " rel="">:443 ssl;


    server_name tiki tiki.gmartin.org; # blog blog.gmartin.org;


    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {


        include /config/nginx/proxy.conf;


        resolver valid=30s;


        set $upstream_app tiki;


        set $upstream_port 80;


        set $upstream_proto http;


        proxy_pass $upstream_proto://$upstream_app:$upstream_port;