git404hub

what is docker-swag fr?

linuxserver/docker-swag — explained in plain English

Analysis updated 2026-07-03

3,661DockerfileAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

tl;dr

SWAG is a single Docker container that bundles Nginx, automatic free SSL certificates, and brute-force IP blocking so you can safely expose self-hosted services to the internet without separate setup for each app.

vibe map

mindmap
  root((docker-swag))
    Core Components
      Nginx reverse proxy
      Let's Encrypt SSL
      Fail2ban blocking
    Configuration
      Domain and email vars
      HTTP or DNS validation
      Certificate auto-renewal
    Use Cases
      Home server gateway
      Multi-service routing
      Intrusion blocking
    Tech Stack
      Docker
      Nginx
      Fail2ban

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Route all external traffic from one domain to a home media server, password manager, and home automation system without opening separate ports for each.

VIBE 2

Automatically obtain and renew a free Let's Encrypt SSL certificate for your self-hosted app so browsers show the padlock icon.

VIBE 3

Block IP addresses that repeatedly fail login attempts on your Nginx-proxied services using the bundled fail2ban configuration.

VIBE 4

Set up a single public HTTPS entry point for a Raspberry Pi home server running multiple Docker apps on the local network.

what's the stack?

DockerNginxFail2banShell

how it stacks up fr

linuxserver/docker-swagp3terx/aria2-pro-dockertheprimeagen/ansible
Stars3,6613,723273
LanguageDockerfileDockerfileDockerfile
Last pushed2023-07-14
MaintenanceDormant
Setup difficultymoderateeasymoderate
Complexity3/52/52/5
Audienceops devopsops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Requires a public domain name pointed at your server and either HTTP port 80 open or DNS provider API credentials for certificate validation.

GPL-2.0 license, you can use and modify it freely but must share the source code of any modified version you distribute.

in plain english

SWAG, which stands for Secure Web Application Gateway, is a Docker container image that packages several web server tools into one pre-configured unit. Its main components are Nginx (a web server and reverse proxy), automatic SSL certificate management using Let's Encrypt and ZeroSSL, and fail2ban, a tool that blocks IP addresses after repeated failed login attempts. Docker is a system for running applications in isolated containers. With SWAG, you pull a single image and configure it with environment variables: your domain name, your email address, and whether you want to verify your domain through HTTP or through your DNS provider. The container then requests a free SSL certificate, sets itself up as a web server or reverse proxy for your services, and renews the certificate automatically before it expires. The reverse proxy feature is what many users rely on most. Instead of exposing multiple services (a media server, a home automation system, a password manager) directly to the internet on separate ports, you point all external traffic to SWAG, which routes requests to the right internal service based on the domain name or URL path. This avoids the need for each application to manage its own certificates and public-facing port. Fail2ban runs alongside Nginx and watches for suspicious patterns in the access logs, such as repeated failed authentication attempts. When it detects an attack pattern, it adds the offending IP address to a block list. SWAG supports x86-64 and ARM64 architectures and is maintained by LinuxServer.io, a community that publishes regularly-updated Docker images for self-hosted software. The full README is longer than what was shown.

prompts (copy fr)

prompt 1
Write a docker-compose.yml that sets up linuxserver/swag to proxy two services, Nextcloud on subdomain cloud.example.com and Jellyfin on media.example.com, using Let's Encrypt HTTP validation.
prompt 2
How do I configure linuxserver/swag to use Cloudflare DNS validation for a wildcard SSL certificate? Show me the environment variables and the Cloudflare credentials file format.
prompt 3
How does fail2ban work inside the SWAG container? How do I check which IPs are currently banned and manually unban one?
prompt 4
I want to add a custom Nginx location block inside SWAG to proxy a new service at /app. Where do I put the config file so it survives container updates?

Frequently asked questions

what is docker-swag fr?

SWAG is a single Docker container that bundles Nginx, automatic free SSL certificates, and brute-force IP blocking so you can safely expose self-hosted services to the internet without separate setup for each app.

What language is docker-swag written in?

Mainly Dockerfile. The stack also includes Docker, Nginx, Fail2ban.

What license does docker-swag use?

GPL-2.0 license, you can use and modify it freely but must share the source code of any modified version you distribute.

How hard is docker-swag to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is docker-swag for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.