SWAG – Secure Web Application Gateway
SWAG is a reverse proxy software based on NGINX. I tried to do the same with Traefik but I failed – even if it worked somehow, many pages simply had missing information and were therefore useless.
SWAG has a lot of ready-made configuration files for frequently used programs integrated and is therefore very easy to use.
You can also have SSL certificates created automatically by Let’s Encrypt and fail2ban is also on board.
However, there is a big problem on a Synology, namely ports 80 and 443. Although the DSM software runs on a different port, these two ports were blocked and redirected.
To get around this, there is a small script that I am giving you here. This is run via an SSH session and unlocks ports 80 and 443 again.
There are a lot of instructions on the internet about this but I found a script on Github that worked for me – a lot of things hadn’t worked before. As always, I put the link below in the list of used links.
#! /bin/bash
# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
# Developed for DSM 6 - 7.0.1. Not tested on other versions.
# Steps to install
# Save this script in one of your shares
# Edit it according to your requirements
# Backup /usr/syno/share/nginx/ as follows:
# # cd /usr/syno/share/
# # tar cvf ~/nginx.tar nginx
# Run this script as root
# Reboot and ensure everything is still working
# If not, restore the backup and post a comment on this script's gist page
# If it did, schedule it to run as root at boot
# through Control Panel -> Task Scheduler
HTTP_PORT=81
HTTPS_PORT=444
BACKUP_FILES=true # change to false to disable backups
BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=false # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS=30
DATE=$(date +%Y-%m-%d-%H-%M-%S)
CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"
if [ "$BACKUP_FILES" == "true" ]; then
mkdir -p "$CURRENT_BACKUP_DIR"
cp /usr/syno/share/nginx/*.mustache "$CURRENT_BACKUP_DIR"
fi
if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache
if which synoservicecfg; then
synoservicecfg --restart nginx
else
synosystemctl restart nginx
fi
echo "Made these changes:"
diff /usr/syno/share/nginx/ $CURRENT_BACKUP_DIR 2>&1 | tee $CURRENT_BACKUP_DIR/changes.logTo run the script, please change to the directory where you created it and run it as follows:
sudo ./free_ports.shWhy this script? Well, as I said, it works, and above all it creates a backup of all changed files and tells you at the end what it has changed.
You can also decide which port should be used instead of 80 and 443 to then free them up.
It is best to save this script in a share under the name free_ports.sh, for example, and run it in an SSH session (don’t forget sudo).
I use Bitvise, for example, as an SSH client under Windows – but there are countless others.
The script is supposed to always run at startup – but I haven’t had to do that yet (my server restarts every day overnight – so it shuts down for 6 hours a night).
docker run -d \ --name=swag \ --cap-add=NET_ADMIN \ -e PUID=1027 \ -e PGID=100 \ -e TZ=Europe/Luxembourg \ -e URL=my.ddns.server \ -e VALIDATION=http \ -e EMAIL=euremailadresse \ -e SUBDOMAINS=heimdall, \ -p 443:443 \ -p 80:80 \ -v /volume1/docker/Swag:/config \ --restart unless-stopped \ linuxserver/swag
Please remember to enter your DynDNS domain or similar under URL as well as a correct email address. Also always enter the correct IDs for folder rights.
To create a .htpasswd file, use the following command:
sudo htpasswd -c /volume1/docker/Swag/nginx/.htpasswd newuserOr for an additional user:
sudo htpasswd /volume1/docker/Swag/nginx/.htpasswd newuser2Used Links
Random Number (for a port number by random generator)
SWAG Reverse Proxy Configurations @GitHub (read the readme.md on this page!)
