Swag (Portainer/Docker stack) web UI unreachable

I am trying to setup swag with a docker stack in Portainer but I am unable to reach the web UI. I tried disabling the firewall and setup dns forwarding and am out of ideas what else to try.

I am not sure why I am getting the last error in the log seeing as the cert seems to generate successfully.
Also do I need to set the domain to access the web UI? I initially tried without setting the domain and accessing via IP but it was unreachable same as now.

Stack:

version: '1'

volumes:
  swag-data:
  swag-ssl:
  swag-db:

services:
  swag-app:
    image: linuxserver/swag:latest
    container_name: Swag_app
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Dublin
      - URL=*********.com
      - SUBDOMAINS=swag,
      - ONLY_SUBDOMAINS=true
      - VALIDATION=http
      - EMAIL=**********@gmail.com
      - DB_MYSQL_HOST=swag-db
      - DB_MYSQL_PORT=3306
      - DB_MYSQL_USER=swag
      - DB_MYSQL_PASSWORD=************
      - DB_MYSQL_NAME=swag
    volumes:
      - swag-data:/data
      - swag-ssl:/etc/letsencrypt

  swag-db:
    image: jc21/mariadb-aria:latest
    container_name: Swag_db
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=************
      - MYSQL_DATABASE=swag
      - MYSQL_USER=swag
      - MYSQL_PASSWORD=************
    volumes:
      - swag-db:/var/lib/mysql

Log:

         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

cont-init: info: /etc/cont-init.d/10-adduser exited 0
cont-init: info: running /etc/cont-init.d/11-folders
cont-init: info: /etc/cont-init.d/11-folders exited 0
cont-init: info: running /etc/cont-init.d/12-samples
cont-init: info: /etc/cont-init.d/12-samples exited 0
cont-init: info: running /etc/cont-init.d/13-nginx
Setting resolver to  127.0.0.11
Setting worker_processes to 1
cont-init: info: /etc/cont-init.d/13-nginx exited 0
cont-init: info: running /etc/cont-init.d/14-php
cont-init: info: /etc/cont-init.d/14-php exited 0
cont-init: info: running /etc/cont-init.d/15-keygen
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a RSA private key
.................................................................................................................+++++
......................+++++
writing new private key to '/config/keys/cert.key'
-----
cont-init: info: /etc/cont-init.d/15-keygen exited 0
cont-init: info: running /etc/cont-init.d/20-permissions
cont-init: info: /etc/cont-init.d/20-permissions exited 0
cont-init: info: running /etc/cont-init.d/30-test-run
cont-init: info: /etc/cont-init.d/30-test-run exited 0
cont-init: info: running /etc/cont-init.d/31-require-url
cont-init: info: /etc/cont-init.d/31-require-url exited 0
cont-init: info: running /etc/cont-init.d/40-folders
rm: cannot remove '/etc/letsencrypt': Resource busy
cont-init: info: /etc/cont-init.d/40-folders exited 0
cont-init: info: running /etc/cont-init.d/41-samples
cont-init: info: /etc/cont-init.d/41-samples exited 0
cont-init: info: running /etc/cont-init.d/42-fail2ban
cont-init: info: /etc/cont-init.d/42-fail2ban exited 0
cont-init: info: running /etc/cont-init.d/43-crontabs
cont-init: info: /etc/cont-init.d/43-crontabs exited 0
cont-init: info: running /etc/cont-init.d/45-nginx
cont-init: info: /etc/cont-init.d/45-nginx exited 0
cont-init: info: running /etc/cont-init.d/50-certbot
Variables set:

TZ=Europe/Dublin
URL=********.com
SUBDOMAINS=swag,
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=http
CERTPROVIDER=
DNSPLUGIN=
EMAIL=
STAGING=

Created .donoteditthisfile.conf
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are:  -d swag.**********.com
No e-mail address entered or address invalid
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for swag.*******.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/swag.********.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/swag.********.com/privkey.pem
This certificate expires on 2023-01-02.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

A couple things

1. We do not support or recommend portainer
2. there is no web ui in SWAG
3. you have a bunch of environment variables that do not exist

I would encourage you to read the swag guide:

That the guide I used and all non-optional variables are present.

I also already use swag on unraid so yes it does have a web ui I use it often. Maybe technically you can say it is npm web UI but nevertheless there is a web UI in this package that should be rechargeable.

npm is not swag I am one of the LSIO devs, I’m not sure why you would argue with me about our own product.

SWAG has no web ui and you are using environment variables that do not exist. Again, I would encourage you to read the SWAG guide. If what you actually intended to use is NPM, this is not the appropriate place to seek help with it. We do not support, recommend, or use NPM here.

I am getting below page in my unraid installation of swag.

Call it what you want it should still come up. I am not getting anything in my current installation. Clearly there is an issue if this page is not reachable.

Its same with docker-compose so it not portainer that’s at issue. I also tried without the non-applicable variables as per the guide with no change. There are still no errors that would give a clue.

What should “still come up?” You say you are not getting anything in your current installation, do you mean that you are not seeing the webpage that says welcome to swag or whatever web ui you have been talking about?

You need to remove the trailing comma from your subdomains line in compose and then remove everything with DB_MYSQL since they are invalid, then recreate the container.

Once you do that, you need to set the DNS entries up (you cant reach swag without browsing to swag.yourdomain.com , based on your config. This implies that you have a DNS record (A or CNAME) which point swag.yourdomain.com to your swag instance running on this new setup. You can verify the dns by using nslookup. If you get your public ip back from the nslookup, then you’re using hairpin NAT, you will need to ensure port 443 is forwarded from your internet router to your new swag instance.

if this fails, you will need to provide us with an updated compose showing the corrections, updated logs after the corrections were made and image recreated, perhaps the results of the nslookup and NAT rules if applicable. If all else fails, you would need to try deploying this using docker compose or docker cli (NOT portainer).