Guide for Setting Up SWAG with Cloudflare for Reverse Proxying on Unraid
Setting up a reverse proxy using SWAG (Secure Web Application Gateway) with Cloudflare can enhance the security and accessibility of your web applications hosted on Unraid. This guide will walk you through the necessary steps to achieve this setup.
Prerequisites
- Unraid Server: Ensure you have Unraid installed and running.
- Domain Name: Purchase a domain name from a registrar (e.g., Namecheap).
- Cloudflare Account: Create an account on Cloudflare and add your domain.
Step 1: Configure Domain with Cloudflare
-
Add Domain to Cloudflare:
- Log in to your Cloudflare account.
- Add your domain by following the prompts.
- Update your domain’s nameservers at your registrar to point to Cloudflare’s nameservers.
-
DNS Settings:
- In the Cloudflare dashboard, navigate to the DNS settings for your domain.
- Create an A record pointing to your home’s public IP address.
- Optionally, create CNAME records for subdomains if needed.
Step 2: Set Up Port Forwarding on Your Router
-
Access Router Settings:
- Log in to your router’s web interface.
-
Port Forwarding Configuration:
- Forward external port 80 to internal port 180 on your Unraid server’s IP address (e.g.,
192.168.1.150
). - Forward external port 443 to internal port 1443 on the same IP address.
- Forward external port 80 to internal port 180 on your Unraid server’s IP address (e.g.,
Step 3: Install SWAG on Unraid
-
Install SWAG Container:
- Go to the Docker tab in Unraid.
- Click on “Add Container” and search for the SWAG image (usually
linuxserver/swag
).
-
Container Configuration:
- Set the following environment variables:
URL
: Your domain name (e.g.,example.com
).SUBDOMAINS
: Leave blank if no subdomains are used; otherwise, specify them (e.g.,www,api
).ONLY_SUBDOMAINS
: Set totrue
if using subdomains only.VALIDATION
: Set this todns
.- Add your Cloudflare API credentials in a file named
cloudflare.ini
in the/config
directory of the SWAG container.
- Set the following environment variables:
-
Network Type:
- Set the network type to “Custom” and select or create a network (e.g.,
proxynet
).
- Set the network type to “Custom” and select or create a network (e.g.,
-
Port Configuration:
- Map ports as follows:
- Host Port 180 → Container Port 80
- Host Port 1443 → Container Port 443
- Map ports as follows:
Step 4: Configure Cloudflare for SSL
-
SSL/TLS Settings in Cloudflare:
- Navigate to the SSL/TLS settings in your Cloudflare dashboard.
- Set the SSL mode to Full or Full (strict) for enhanced security.
-
Edge Certificates:
- Ensure that “Always Use HTTPS” is enabled and “Automatic HTTPS Rewrites” is turned on.
Step 5: Verify Configuration
-
Check SWAG Logs:
- Access the logs of the SWAG container from the Unraid Docker interface.
- Look for any errors regarding certificate generation or connectivity issues.
-
Test Access:
- Open a web browser and navigate to your domain (e.g.,
https://example.com
). - You should see a secure connection without errors.
- Open a web browser and navigate to your domain (e.g.,
Troubleshooting Common Issues
- Connection Timeout/Error 522: This may indicate that Cloudflare cannot reach your server. Double-check your port forwarding settings and ensure that SWAG is running correctly.
- Certificate Issues: If certificates fail to generate, ensure that your DNS settings in Cloudflare are correct, and verify that you have inputted valid API credentials in
cloudflare.ini
.
Conclusion
By following these steps, you should have a fully functional reverse proxy setup using SWAG with Cloudflare on your Unraid server.