If you a looking for a reverse proxy solution integrated in docker, they are two important ones I would recommend.

My conclusions after using both

NGINX (SWAG) I find it might simpler to setup and maintain. It’s a simple solution that just works. It does however generate one SSL certificate for all your domains instead of one SSL certificate for each domain. This is not necessarily a problem, but just keep in mind that a user that visit one of sites will easily be able to see you host also all the other ones.

For most users, if you are familiar with nginx or Apache, don’t mind “linking” all your services in one SSL certificate and all services are stable enough, then I would go for SWAG.

If you need a more complex setup, with statistics, nice graphs or want independent certificates then I would go for Traefik instead. It will require a day or two to learn about it and getting used to it.

Another plus for Traefik is that it has become a bit of an industry standard, so you might find it useful to learn about it anyway.

Steps to configure new domains to NGINX (SWAG) as a reverse proxy

Once setup, if you want to add a new domain in SWAG you will need to edit 2 files:

1. Add the new domain and docker information in:


server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name img.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver valid=30s;
        set $upstream_app img-ws;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;


2. Your docker-compose.yml file

    image: linuxserver/swag
    container_name: swag
      - NET_ADMIN
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Madrid
      - URL=alejandro.criadoperez.com
      - SUBDOMAINS= #mail,tree,pixel
      - VALIDATION=http
      - DNSPLUGIN=cloudflare #optional
      - PROPAGATION= #optional
      - DUCKDNSTOKEN= #optional
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS=www.criadoperez.com,tree.criadoperez.com,blog.criadoperez.com,img.criadoperez.com,pixel.criadoperez.com,meet.criadoperez.com,nextcloud.criadoperez.com,www.ab81.es #optional
      - STAGING=false #optional
      - MAXMINDDB_LICENSE_KEY= #optional
      - ./swag/config:/config
      - "443:443"
      - "80:80" #optional
    restart: unless-stopped
      - net_rp