docker-bits/lsio/swag/docker-compose.yaml
2021-04-10 12:16:29 +02:00

55 lines
3.6 KiB
YAML

# SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no
# relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with
# php support and a built-in certbot client that automates free SSL server
# certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It
# also contains fail2ban for intrusion prevention.
---
version: "2.1"
services:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
# for GroupID
- PUID=${PUID:-1024}
# for UserID
- PGID=${PGID:-100}
# Specify a timezone to use for example Europe/Amsterdam
- TZ=Europe/Amsterdam
# Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns).
- URL=yourdomain.url
# Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only)
- SUBDOMAINS=www,
# Certbot validation method to use, options are `http`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`).
- VALIDATION=http
# Optionally define the cert provider. Set to `zerossl` for ZeroSSL certs (requires existing [ZeroSSL account](https://app.zerossl.com/signup) and the e-mail address entered in `EMAIL` env var). Otherwise defaults to Let's Encrypt.
- CERTPROVIDER= # optional
# Required if `VALIDATION` is set to `dns`. Options are `aliyun`, `cloudflare`, `cloudxns`, `cpanel`, `digitalocean`, `directadmin`, `dnsimple`, `dnsmadeeasy`, `domeneshop`, `gandi`, `gehirn`, `google`, `hetzner`, `inwx`, `linode`, `luadns`, `netcup`, `njalla`, `nsone`, `ovh`, `rfc2136`, `route53`, `sakuracloud` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`.
- DNSPLUGIN=cloudflare # optional
# Optionally override (in seconds) the default propagation time for the dns plugins.
- PROPAGATION= # optional
# Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org
- DUCKDNSTOKEN= # optional
# Optional e-mail address used for cert expiration notifications (Required for ZeroSSL).
- EMAIL= # optional
# If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`
- ONLY_SUBDOMAINS=false # optional
# Additional fully qualified domain names (comma separated, no spaces) ie. `extradomain.com,subdomain.anotherdomain.org,*.anotherdomain.org`
- EXTRA_DOMAINS= # optional
# Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes.
- STAGING=false # optional
# Add your MaxmindDB license key to automatically download the GeoLite2-City.mmdb database. Download location is /config/geoip2db. The database is updated weekly.
- MAXMINDDB_LICENSE_KEY= # optional
volumes:
# All the config files including the webroot reside here.
- ${BASEDIR:-/volume1/docker}/swag/config:/config
ports:
# Https port
- 443:443
# Http port (required for http validation and http -> https redirect)
- 80:80 # optional
restart: unless-stopped