Cleanest way to disable (preempt) Let's Encrypt from SWAG container

Thanks for the wonderful SWAG container. I wish to deploy it in my home lab. I have no need to open it up to the internet, it will be LAN only and my DNS provider is NOT on the supported list.

I have a reliable way of producing LE certs independently of the container, so what is the cleanest way of pre-empting the LE part of the container ?

  • I could just mess up the config so it errors out. Seems a lot less than elegant
  • I could clone the git repo and mess with the Dockerfiles, but then I’m responsible for keeping it up to date

Why not use our nginx image? It’s almost the same except it’s without certs and fail2ban

Thanks for the quick response.

I will give that a try, I did not consider that they overlapped. I will use your excellent blog posts as a guide and I can certainly copy/paste any missing reverse proxy config template info into the configs.

Will also play with the fail2ban part, but only as a curiosity, not much need on a sever that is LAN only with trusted users.

For lan only, you don’t need fail2ban

But in all honesty, why not just run SWAG with dns validation? You can easily use Cloudflare as the dns provider, which is what we recommend anyway. It’s much better than your random domain name registrar’s dns service.
You can set the A records to point to a local IP if you like, like

Just don’t forward ports 80 and 443 on your router and access on lan only. You can use your domain with 3rd party trusted certs and it’s all automated.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.