How to Install SWAG (Secure Web Application Gateway) on NetBSD

SWAG is a complete security solution that provides SSL/TLS encryption and authentication for your web applications. It also comes with reverse proxy and web server capabilities, making it a versatile tool for securing your web applications. In this tutorial, we will take you through the steps required to install SWAG on NetBSD.

Prerequisites

Before you start the installation process, ensure that you have the following:

  • Access to a NetBSD machine
  • Docker installed on the NetBSD machine
  • A domain name for the server that you want to secure

Step 1: Clone the docker-swag Repository

Clone the docker-swag repository from the official GitHub page by running the following command:

git clone https://github.com/linuxserver/docker-swag.git

Step 2: Configure the .env file

Navigate to the cloned docker-swag directory and create a .env file by copying the .env.sample file. Run the following command:

cd docker-swag
cp .env.sample .env

Then, open the .env file using your favorite text editor and modify the following variables:

  • URL: Set this to the domain name of your server
  • SUBDOMAINS: Set this to www,*,*.<domain_name>
  • EMAIL: Set this to your email address
  • TZ: Set this to the time zone of your server (e.g. America/New_York)

Step 3: Run the Docker Compose File

Now run the docker-compose.yml file using the following command:

docker-compose up -d

This command will download and build the images required to run SWAG and start the containers in the background.

Step 4: Verify the Installation

Check if the SWAG containers are running using the following command:

docker ps

This command will show you a list of containers on your system. You should see the SWAG containers running with their respective names.

Step 5: Configure Your Web Applications

You can now secure your web applications by routing them through the SWAG reverse proxy. To do this, you need to modify the configuration files of your web applications to reflect the new server configuration. Here is a sample configuration file for NGINX:

server {
  listen 80;
  server_name www.<domain_name>;

  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name www.<domain_name>;
  
  ssl_certificate /path/to/fullchain.pem;
  ssl_certificate_key /path/to/privkey.pem;
  
  location / {
      proxy_pass http://swag;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Replace <domain_name> with your actual domain name and /path/to/fullchain.pem and /path/to/privkey.pem with the file paths to your SSL/TLS certificate and key.

Conclusion

You have successfully installed and configured SWAG on NetBSD. You can now use it to secure your web applications and protect them from unauthorized access.