I posted this on the Unraid forums, but apparently that’s not looked at very much - https://forums.unraid.net/topic/51808-support-linuxserverio-swag-secure-web-application-gateway-nginxphpcertbotfail2ban/?do=findComment&comment=1009444
So as not to reinvent the wheel, I’m just copy/pasting.
Initial query
Hi,
I’ve been tinkering around with SWAG today to set up a couple of Docker instances and a VM.
After watching SpaceInvader One’s YouTube video I’ve changed my router to now point to the Unraid server instead of the VM and both the Docker instances work, but I’m really struggling with the VM.
I have, for a number of years, been using Mail-in-a-Box (https://mailinabox.email) as my personal mail server on a Ubuntu VM. It works really well and also has inbuilt letsencrypt to automate certificate renewal.
Obviously SWAG does this too, but I don’t want to mess around with the VM config and break things. I’ve been reading through this thread and trying to get it working, but I’m just stumped as nothing I do seems to work (which means I’m obviously not doing something right)!
For info, MiaB uses box DOT domain DOT com as its default and also manages the webserver at www DOT domain DOT com. It also has an inbuilt DNS server which you point to from your registrar.
The comments I keep seeing from everyone is to change the app to an IP instead of a server name, so this is what my current config file looks like that I’ve copied from the _template.subdomain.conf and named mail.subdomain.conf.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mail.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.1.210;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
I haven’t added anything to the SWAG Docker settings other than the initial settings to add the subdomains for the Docker instances, and I’m not sure what or where I should change there (if anything) if I don’t want SWAG to manage the letsencrypt certificates for the mail server.
Help, please
Follow-up
OK, so I’ve managed to get slightly further with this, but it still doesn’t work properly. My VM has a capital M for Mail, so I’ve changed the server_name and .conf file name to Mail.* and can now get to domain DOT com or even box DOT domain DOT com, but if I try to visit any of the other pages on the website (domain DOT com/games.html for instance) I get the security error. The same goes for the webmail at box DOT domain DOT com/mail.
Additionally, Thunderbird keeps popping up with certificate errors asking me to add an exception.
I’m not sure what I’m doing wrong. Every place where I see people talk about this, they say all you have to change is the upstream_app to the IP address, and this clearly doesn’t seem to be the case.