SWAG. SWAG. SWAG.
Apparently it is just a customized nginx set up.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.
AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
SWAG. SWAG. SWAG.
Apparently it is just a customized nginx set up.
If you knew what was under the hood you would not say it's "just" customized nginx... It's more like customised, optimized and simplified.
It has many enhancements builtin like automatic certificate generation and renewal, fail2ban, prebuilt optimized configs, and easily enhanced security with crowdsec and even geofencing.
But made way easier than doing that separately with raw NGINX.
It's much more friendly to pickup and run with then raw NGINX.
Oh, you're actually that corelab. I use your Vaulwarden guide as reference when I rebuild a while ago. Thanks for the write up !
Though, I wish you have something for Traefik and I know you wrote about why you chose SWAG but mine's all docker anyway that's why I go with Traefik.
There's not many articles talking about TF with multiple host without going full Kubernetes. Looking up forward auth (for something without native OIDC) is confusing af.
Well hello there!
Yes, the one and only Core Lab Joe, in the digital flesh (packets, tcp-stream!). Thanks for reading and I'm glad it helped you!
I'm picky when writing tech guides and generally will only write (and recommend!) what I run, and what I have experience with, so that would not be traefik.
My entire system/setup is all dockerized as well. I run 50+ dockers, and anything publicly exposed goes through my SWAG instance. It doesn't matter what reverse proxy you use, or even if the apps are containers or not really, it's all networking.
That said I've got a good Traefik resource for you, FoxxMD Blog and his migrating from SWAG to Traefik post!
One of the things I need to tackle fully myself, understand, break, troubleshoot and then fix is OIDC for myself, so I can write a good guide on it. A lot of apps do natively do it now, but from what I understand for those that do not, you can use Authelia and the like to slap that authentication into (over top) of it.
Honestly, the one major thing I want from Authelia is the ability to add to it without deauthenticating the entire userbase.
Well, that and an easier way to organize than everything in one single file…
Very nice site set up man. Looks like a lot of good info and a lot of work involved. I too use Authelia as an added security step. I have your site bookmarked and will peruse it's contents in a bit. Thanks for sharing.
Thank you for taking a peek!
Let me know if there's something you're looking for. The search function isn't to bad but sometimes the posts can get buried a bit ;)
You bet. So far, it's an enjoyable read.
Is rayfish compatible with Authelia or Yggdrasil?
Never heard of Rayfish but just googled, it's a mesh VPN so probably wouldn't want to push that through a reverse proxy to authelia, it would just slow it down....
I personally use wireguard as my VPN, not tailscale or headscale or any of that but I do understand some people need something that can get around CGNAT or other issues.