You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
3.4 KiB
YAML
51 lines
3.4 KiB
YAML
# SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no
|
|
# relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with
|
|
# php support and a built-in certbot client that automates free SSL server
|
|
# certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It
|
|
# also contains fail2ban for intrusion prevention.
|
|
|
|
---
|
|
version: "2.1"
|
|
services:
|
|
swag:
|
|
image: ghcr.io/linuxserver/swag
|
|
container_name: swag
|
|
cap_add:
|
|
- NET_ADMIN
|
|
environment:
|
|
# for UserID
|
|
- PUID=${PUID:-1024}
|
|
# for GroupID
|
|
- PGID=${PGID:-100}
|
|
# specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).
|
|
- TZ=${TZ:-Europe/Amsterdam}
|
|
# Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns).
|
|
- URL=yourdomain.url
|
|
# Certbot validation method to use, options are `http` or `dns` (`dns` method also requires `DNSPLUGIN` variable set).
|
|
- VALIDATION=http
|
|
# Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this *exactly* to `wildcard` (wildcard cert is available via `dns` validation only)
|
|
- SUBDOMAINS=www, # optional
|
|
# Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt.
|
|
- CERTPROVIDER= # optional
|
|
# Required if `VALIDATION` is set to `dns`. Options are `acmedns`, `aliyun`, `azure`, `bunny`, `cloudflare`, `cpanel`, `desec`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `dnspod`, `do`, `domeneshop`, `dreamhost`, `duckdns`, `freedns`, `gandi`, `gehirn`, `godaddy`, `google`, `google-domains`, `he`, `hetzner`, `infomaniak`, `inwx`, `ionos`, `linode`, `loopia`, `luadns`, `namecheap`, `netcup`, `njalla`, `nsone`, `ovh`, `porkbun`, `rfc2136`, `route53`, `sakuracloud`, `standalone`, `transip`, and `vultr`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`.
|
|
- DNSPLUGIN=cloudflare # optional
|
|
# Optionally override (in seconds) the default propagation time for the dns plugins.
|
|
- PROPAGATION= # optional
|
|
# Optional e-mail address used for cert expiration notifications (Required for ZeroSSL).
|
|
- EMAIL= # optional
|
|
# If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`
|
|
- ONLY_SUBDOMAINS=false # optional
|
|
# Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`
|
|
- EXTRA_DOMAINS= # optional
|
|
# Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes.
|
|
- STAGING=false # optional
|
|
volumes:
|
|
# All the config files including the webroot reside here.
|
|
- ${BASEDIR:-/volume1/docker}/swag/config:/config
|
|
ports:
|
|
# Https port
|
|
- 443:443
|
|
# Http port (required for http validation and http -> https redirect)
|
|
- 80:80 # optional
|
|
restart: unless-stopped
|