SWAG

SWAG (Secure Web Application Gateway) is a LinuxServer.io Docker image that bundles Nginx with automated TLS certificates via Let’s Encrypt. It is commonly used as a front door for multiple web apps, providing HTTPS, reverse proxying, and security-oriented defaults.

Key Features

• Automated certificate issuance/renewal for domains and subdomains using Let’s Encrypt (Certbot)
• Nginx reverse proxy with a large library of sample proxy configurations for common apps
• Security-focused defaults and optional hardening snippets (headers, TLS settings, etc.)
• Supports multiple validation methods (e.g., HTTP-01; DNS-based workflows via plugins depending on setup)
• Optional fail2ban integration for banning abusive clients based on log patterns
• Designed for container deployments; configuration via mounted volumes and environment variables

Use Cases

• Put multiple self-hosted web services behind a single HTTPS endpoint with clean host-based routing
• Quickly enable HTTPS for a homelab by reusing provided proxy templates for popular apps
• Add a security layer (TLS, headers, basic request filtering, optional banning) in front of internal services

Limitations and Considerations

• Nginx configuration is template/snippet-based and still requires some familiarity for custom or unusual apps
• ACME challenges and DNS/port requirements can complicate setups behind CGNAT or restrictive networks

SWAG is a practical choice when you want an Nginx-based reverse proxy that also manages certificates automatically. Its curated proxy templates and security snippets reduce the time needed to publish and protect multiple services.