Ansible - Install SWAG in Docker
2 min read

Ansible - Install SWAG in Docker

Ansible - Install SWAG in Docker

Recently I've published my first role on the Ansible Galaxy. It's capable to install SWAG on a docker-capable machine.

SWAG?

From the description:

SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.

I use this image on my home network to:

  • automate certificate retrieval from Let's encrypt (yes, you have to have your own domain to do that),
  • provide reverse proxies to my sites (it's much nicer to use names that IP address:port combo) and
  • Provide a catch-all page for unrecognised sites :)

What about the role?

I use Ansible to automatise my site setup (a life saver for me after my last server crash).

Before the crash I used to use straight Nginx as a reverse proxy and was always annoyed with accepting self-signed certs in my browser. As I have a domain name already, I figured I can use Letsencrypt to get proper certs instead with Cloudflare, DDNS updates and port forwarding from my gateway (I'll write a how-to post on this later).

My initial thoughts were to use discrete setups:

  • one for DDNS,
  • one for certs and
  • one for the reverse proxy

When I looked online, I saw people recommending SWAG, which brings two (certs and reverse proxy). So, I've set it up on my desktop. Lo and behold, it worked out of the box (once I set up Cloudflare and the port forwarding on my internal net). So... the next step was to create a role to automatise installation.

In conclusion, I use this role to set up my 'internet' and 'intranet', simply because it's easier that using straight nginx and copy certificates over.

How can you use it?

I could rehash the role description, but I think it's better to head over to the ansible galaxy or github to read about it :). Feel free to give feedback and even pull requests!

HTH,