Why the change?
Long story short, we were recently contacted by Let's Encrypt, who politely let us know that
letsencrypt is trademarked by them and that we should pick a different name for our docker image. Legal concerns aside, we also realized that some users were confused about whether this image was an official release by Let's Encrypt (it's not). We decided that re-branding our image was the best course of action.
Little bit of history, our repo was originally called
letsencrypt because this image was almost identical to our Nginx docker image, except it contained the official Let's Encrypt client software, which was called
letsencrypt at the time. This was years ago. Since then, Let's Encrypt transferred ownership of the client to the Electronic Frontier Foundation, and the client was renamed
Certbot. That's when Let's Encrypt made various changes to their branding and reserved the use of the trademarked phrase
Let's Encrypt for the company behind the project.
What is SWAG for?
SWAG is really a LEMP stack minus the M. For those unfamiliar, the letters stand for L=Linux, E=Nginx (because it's pronounced Engine-X), M=MySQL/MariaDB and P=PHP. SWAG has all but MySQL/MariaDB, for which we recommend pairing with our MariaDB docker image if needed. Apart from those, SWAG has the Let's Encrypt client Certbot integrated, for automating retrieval and management of free SSL certs. It also has Fail2ban for intrusion detection and prevention.
Because it is a full-fledged webserver, you can use SWAG to host your own website, whether it is plain html, or Wordpress based, or reverse proxy other services. SWAG does include dozens of preset reverse proxy configs for popular apps, most of which work out of the box, and can be enabled via a simple file rename.
For authentication, SWAG includes snippets in its Nginx confs for basic HTTP Auth, LDAP via our ldap-auth image, and Authelia (2 factor), all of which can be easily enabled by un-commenting their respective lines.
For security, SWAG has Fail2ban built-in and enabled for HTTP Auth by default. Other filters and actions can be set up by editing the local config files.
How to migrate from letsencrypt?
At this point, the SWAG and letsencrypt images are 100% compatible and we plan to keep SWAG backwards compatible as long as we can. The main change is to the
docker image name, which was
linuxserver/letsencrypt for the old image and is
linuxserver/swag for the new.
Docker cli migration:
- Stop and remove existing container via
docker stop letsencryptand
docker rm letsencrypt
- Create a new container using the sample on the SWAG page (container name:
swag, image name:
- As long as you keep the
/configfolder mapping the same, all your previous config and data will be picked up by the new container
- Edit the compose yaml to change the image to
linuxserver/swagand change the service and container names to
docker-compose up -d --remove-orphans
- If you don't want to use the option
--remove-orphans, then you can first do
docker-compose down, then edit the compose yaml as above, and then issue
docker-compose up -d
If you have any containers that reference the old
letsencryptcontainer by name, you'll also have to change those references to reflect the new container name
swag. One prominent known case is that Nextcloud's
config.phpreferences the reverse proxy container by name in its
trusted_proxiesdirective, which would have to be updated to
How to set up SWAG?
First step is to read the main readme on Github to become familiar with the options: https://github.com/linuxserver/docker-swag/blob/master/README.md
You can also check out this guide we created for SWAG with various real world examples of hosting websites as well as reverse proxying services: https://docs.linuxserver.io/general/swag