Hi, I need to setup a access from outside of my network to expose my Jellyfin and Starr apps running all on docker. I am aware of both swag and nginx proxy manager, but is there a preferred option for omv users? I am not sure which one to use, but I do like the webui from NPM. I have a duckdns domain and a personal domain for subdomains like jellyfin, sonarr, radarr, etc. Thanks
Swag vs Nginx Proxy Manager?
-
- OMV 6.x
- resolved
- vbarter
-
I am by no means an expert but I have indeed tried both SWAG and NGINX... Though I was fine with SWAG and the more "CLI" configurations, I felt there was more extra configs to make certain things work. I have been using NGINX + Fail2ban and have had next to 0 issues with them, and I love the easy letsencrypt integration as well. Plus along with the l/p for each container you can also do another l/p for anything behind NGINX when you set up a user database.
-
I am by no means an expert but I have indeed tried both SWAG and NGINX... Though I was fine with SWAG and the more "CLI" configurations, I felt there was more extra configs to make certain things work. I have been using NGINX + Fail2ban and have had next to 0 issues with them, and I love the easy letsencrypt integration as well. Plus along with the l/p for each container you can also do another l/p for anything behind NGINX when you set up a user database.
Your welcome for turning you on to it,
I am just chiming in to let everyone know that the current official version of NPM is V2, but V3 is being worked on. V2 is only getting security fixes right now, as it is not in active development.
All that said, I would recommend staying with V2 for now, as V3 is currently more like an alpha or early beta and will probably have a few bugs and nonworking features yet, or at leas it did 2 months ago when I looked at it last.
-
-
Absolutely, I would have know of neither SWAG or NGINX. And of course the addition of fail2ban. I guess I did not wanna sound like a kiss-ass
-
Hi, I need to setup a access from outside of my network to expose my Jellyfin and Starr apps running all on docker. I am aware of both swag and nginx proxy manager, but is there a preferred option for omv users? I am not sure which one to use, but I do like the webui from NPM. I have a duckdns domain and a personal domain for subdomains like jellyfin, sonarr, radarr, etc. Thanks
Most of the users here use SWAG, probably because there are posted guides for it. I prefer NPM, and have recently been approached about writing a guide for it to add to the archives here. To be honest though, the official info on the NPM site is pretty darn good. I am currently in the middle of a big facility upgrade at work, but when I get some down time I plan on starting on that guide, but it will be borrowing heavily from that official NPM documentation.
-
Most of the users here use SWAG, probable because there are posted guides for it. I prefer NPM, and have recently been approached about writing a guide for it to add to the archives here. To be honest though, the official info on the NPM site is pretty darn good. I am currently in the middle of a big facility upgrade ate work, but when I get some down time I plan on starting on that guide, but it will be borrowing heavily from that official NPM documentation.
NPM has been pretty darn easy to install! I got it up and running with let's encrypt working for these proxy hosts I have setup.
Is there a need to do https capability for when accessing the server within my home network? I saw options for https certificates in both jellyfin and qbittorrent, was wondering if NPM could also set this up or at least connect the certs?
-
-
NPM has been pretty darn easy to install! I got it up and running with let's encrypt working for these proxy hosts I have setup.
Is there a need to do https capability for when accessing the server within my home network? I saw options for https certificates in both jellyfin and qbittorrent, was wondering if NPM could also set this up or at least connect the certs?
No need for https inside your home network. If you do want to use https in your network, the easiest way is you use a local DNS server like pihole, dnsmasq, or even some routers can do it. This way you can use the same web address and therefore the same certificate regardless of if you are home or not.
At home I do have pihole running, but the main reason is for nextcloud so I can create share links with the correct address since it uses the address you are accessing the server by as the root of the link. Everything else I use the local IP addresses for, which bypasses NPM and the certificates it is managing.
I agree NPM itself is easy to set up. Adding in fail 2ban is a little more involved, but not difficult. The hardest part is the regex filters for it. (I'm horrible at regex)
The official documents recommend using a multicontainer stack so all containers are on the same docker network and the hosts can then be set up by container name instead of IP address. The same can be achieved by attaching individual containers to the same network. I prefer the multi-stack for the simplicity.
The one point I will put out there is that some containers require a bit of extra code be placed in the Advanced>Custom Configuration section of the host config for them to work. This is the one point where I think swag is better, in that the configs are pre-defined so this extra stuff is already there, but a 3 minute web search can usually find the right snippet for you to get them working.
-
Display More
No need for https inside your home network. If you do want to use https in your network, the easiest way is you use a local DNS server like pihole, dnsmasq, or even some routers can do it. This way you can use the same web address and therefore the same certificate regardless of if you are home or not.
At home I do have pihole running, but the main reason is for nextcloud so I can create share links with the correct address since it uses the address you are accessing the server by as the root of the link. Everything else I use the local IP addresses for, which bypasses NPM and the certificates it is managing.
I agree NPM itself is easy to set up. Adding in fail 2ban is a little more involved, but not difficult. The hardest part is the regex filters for it. (I'm horrible at regex)
The official documents recommends using a multicontainer stack so all containers are on the same docker network and the hosts can then be set up by container name instead of IP address. The same can be achieved by attaching individual containers to the same network. I prefer the multi-stack for the simplicity.
The one point I will put out there is that some containers require a bit of extra code be placed in the Advances>Custom Configuration section of the host config for them to work. This is the one point where I think swag is better, in that the configs are pre-defined so this extra stuff is already there, but a 3 minute web search can usually find the right snippet for you to get them working.
Awesome, thanks a lot! I got NPM running smoothly with my domain and configured properly with jellyfin.
-
vbarter
Added the Label resolved -
No problem. Jellyfin doesn't really require anything extra if i recall correctly.
Nextcloud does require a few extra lines and a few custom locations entries, just in case you are planning on a go at nextcloud. My instance is not running in docker so that I can get full access to all nextcloud features as there used to be a few things that didn't work well or worked differently in docker such as the nextcloud talk app, but if you have no plans on running outside of docker to make use of talk, half of those added lines and customizations are not needed.
If you need them at some point let me know and I'll pass them along.
-
-
I tried npm and while it works fine.. I just couldn't get away from swag. Swag is just so easy, I can set it up with ease .. To me it's like a pair of shoes. A new pair may look nicer.. but while an older pair may be a bit weathered, they are broken in and perfectly comfortable.
That's why I end up sticking with swag...
-
Though I can not at this time mention which specific containers, or reverse proxies, I had issues with, I just recall there were several I just could not get to work. The final straw for me was not being able to gets the (authelia?) to work on different things and that was my final straw. NPM is far from perfect but I find it easier. But that’s nothing to sway anyone. Clearly it was I with the issues, not SWAG.
-
Though I can not at this time mention which specific containers, or reverse proxies, I had issues with, I just recall there were several I just could not get to work. The final straw for me was not being able to gets the (authelia?) to work on different things and that was my final straw. NPM is far from perfect but I find it easier. But that’s nothing to sway anyone. Clearly it was I with the issues, not SWAG.
I've found some of swag's "preconfigured" .conf files to be problematic in the past.
Usually that's simple to resolve... I just create one off the template, point it at ip:/port/http, save it, restart swag.. .and it's done.
For what it's worth, I don't think there's a wrong answer here. swag works for me and many others, npm works for you and many others. I'm perfectly fine with choice. It's kinda like when people bickered here over whether to use Portainer, Cockpit, or Yacht for container management. Even though everyone knew that by far Portainer was the best (lol), there was no wrong answer. It was just whatever worked for an individual
-
-
I tried npm and while it works fine.. I just couldn't get away from swag. Swag is just so easy, I can set it up with ease .. To me it's like a pair of shoes. A new pair may look nicer.. but while an older pair may be a bit weathered, they are broken in and perfectly comfortable.
That's why I end up sticking with swag...
I started out with npm solely because of the web UI. I'm decently comfortable at docker-composes, but web ui is king to me
-
I started out with npm solely because of the web UI. I'm decently comfortable at docker-composes, but web ui is king to me
Honestly after you set up swag and have successfully pulled a cert... There really is no significant command line work that needs done.
When you want to add a service, just copy it's sample conf folder in the proxy-confs folder, and drop the sample extension.
Examples:
Codecp nextcloud.subdomain.conf.sample nextcloud.subdomain.conf cp piwigo.subdomain.conf.sample piwigo.subdomain.confthen restart swag. On the occasion one of their confs doesn't work (or doesn't exist) just create one for it off the template.
Codecp _template.subdomain.conf.sample wetty.subdomain.confThen edit the new .conf as necessary (lines 12, 43, 44, 45 below). Restart swag, and all is good.
I can literally forward almost any nginx app through swag in less than a minute.
Code
Display More## Version 2023/02/05 # REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template. # REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done. # REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings. # make sure that your <container_name> container is named <container_name> # make sure that your dns has a cname set for <container_name> server { listen 443 ssl; listen [::]:443 ssl; server_name wetty.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app 192.168.1.166; set $upstream_port 2222; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. } # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints. # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below. # location ~ (/<container_name>)?/api { # include /config/nginx/proxy.conf; # include /config/nginx/resolver.conf; # set $upstream_app <container_name>; # set $upstream_port <port_number>; # set $upstream_proto <http or https>; # proxy_pass $upstream_proto://$upstream_app:$upstream_port; # # # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above. # } }but like I said.. it's all about finding about what works for you. I'm all about having options. Sometimes though, it seems like 2 is not enough, and 4 is to many..
-
For the most part, they do the exact same thing. Both use nginx as the reverse proxy, but swag can be configured for things like load balancing if you know how to edit those config files. The current release of NPM can not do load balancing but it is slated to be included in the upcoming v3 release. NPM also does not currently do wildcard certificates.
I have also looked at other reverse proxies, such as traefik, caddy, and HAproxy, but ran into deployment or configuration problems that I just didn’t want to spend hours on trying to figure out.
Personally I use NPM as I am often working on building custom deployments or testing various things that are either not included in the swag templates or are custom vm builds, so I find NPM easier and faster to spin up these test or temporary setups.
But as was said, it about finding what works right for you.
-
-
jourNbo
Participate now!
Don’t have an account yet? Register yourself now and be a part of our community!
