Reverse proxy solutions using docker
If you a looking for a reverse proxy solution integrated in docker, they are two important ones I would recommend.
My conclusions after using both
NGINX (SWAG) I find it might simpler to setup and maintain. It’s a simple solution that just works. It does however generate one SSL certificate for all your domains instead of one SSL certificate for each domain. This is not necessarily a problem, but just keep in mind that a user that visit one of sites will easily be able to see you host also all the other ones.
For most users, if you are familiar with nginx or Apache, don’t mind “linking” all your services in one SSL certificate and all services are stable enough, then I would go for SWAG.
If you need a more complex setup, with statistics, nice graphs or want independent certificates then I would go for Traefik instead. It will require a day or two to learn about it and getting used to it.
Another plus for Traefik is that it has become a bit of an industry standard, so you might find it useful to learn about it anyway.
Steps to configure new domains to NGINX (SWAG) as a reverse proxy
Once setup, if you want to add a new domain in SWAG you will need to edit 2 files:
1. Add the new domain and docker information in:
/swag/config/nginx/proxy-confs/example.subdomain.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name img.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
#include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
#include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app img-ws;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
2. Your docker-compose.yml file
swag:
image: linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Madrid
- URL=alejandro.criadoperez.com
- SUBDOMAINS= #mail,tree,pixel
- VALIDATION=http
- DNSPLUGIN=cloudflare #optional
- PROPAGATION= #optional
- DUCKDNSTOKEN= #optional
- EMAIL= #optional
- ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS=www.criadoperez.com,tree.criadoperez.com,blog.criadoperez.com,img.criadoperez.com,pixel.criadoperez.com,meet.criadoperez.com,nextcloud.criadoperez.com,www.ab81.es #optional
- STAGING=false #optional
- MAXMINDDB_LICENSE_KEY= #optional
volumes:
- ./swag/config:/config
ports:
- "443:443"
- "80:80" #optional
restart: unless-stopped
networks:
- net_rp