From the description:
SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relation to Let's Encrypt™) sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt and ZeroSSL). It also contains fail2ban for intrusion prevention.
I use this image on my home network to:
- automate certificate retrieval from Let's encrypt (yes, you have to have your own domain to do that),
- provide reverse proxies to my sites (it's much nicer to use names that IP address:port combo) and
- Provide a catch-all page for unrecognised sites :)
What about the role?
I use Ansible to automatise my site setup (a life saver for me after my last server crash).
Before the crash I used to use straight Nginx as a reverse proxy and was always annoyed with accepting self-signed certs in my browser. As I have a domain name already, I figured I can use Letsencrypt to get proper certs instead with Cloudflare, DDNS updates and port forwarding from my gateway (I'll write a how-to post on this later).
My initial thoughts were to use discrete setups:
- one for DDNS,
- one for certs and
- one for the reverse proxy
When I looked online, I saw people recommending SWAG, which brings two (certs and reverse proxy). So, I've set it up on my desktop. Lo and behold, it worked out of the box (once I set up Cloudflare and the port forwarding on my internal net). So... the next step was to create a role to automatise installation.
In conclusion, I use this role to set up my 'internet' and 'intranet', simply because it's easier that using straight nginx and copy certificates over.
How can you use it?