Swag certificates for Heimdall

I have successfully set up swag and heimdall. I have no external access to my network, thus everything is related to the local network only. But I want to use letsencrypt certificates.

  • all docker containers are on my Synology NAS. They all have the same ip
  • ports 443 and 80 are used by webstation on the NAS. I cannot disable that package as other packages are using it.
  • the swag server is responding on a subdomain using HTTPS on port 4433. The certificate works as expected
  • Heimdall is also working on HTTPS on port 8081
  • The Heimdall docker container has the path of swag/config mapped as a volume

How can I tell Heimdall to use the swag certificates?
I can see the nginx folder has an ssl.conf file. Also there is a php/php-local.ini file.
I note that I have zero knowledge about webservers.

You would put heimdall behind SWAG rather than telling it to use the certs directly.

1 Like

Are you talking about this?

In that case, can you please help me with the ports. The defaults of the two files are listed below.
Based on my current port setup (see first post), what do I need to specify in these two files?


set $upstream_port 443;


listen 443 ssl;
listen [::]:443 ssl;

You don’t change either file at all. Depending on how you want Heimdall to be reached either rename heimdall.subdomain.conf.sample or heimdall.subdirectory.conf.sample to remove the .sample then restart the swag container.

Does it hurt that I am using a public DNS (Cloudflare)?
I understand that I need a CNAME record for each subdomain and it should point to my domain. See screenshot

As I mentioned in my initial post, port 443 is used by my Synology NAS and not by Swag. I now switched to using the reverse proxy of Synology which is working just fine.

I use a mixture of Cloudflare for DNS for subdomains I want to be available outside my network, and Pi-hole local DNS CNAME entries for subdomains I only want to have access to from inside my network.

Thanks. I now have identical records in pihole and cloudflare. Things are working just fine (I am simply using an acme.sc script and don’t use swag :slight_smile: )

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.