Skip to content

Linuxserver Docker SWAG usage

Conor McKnight edited this page Jun 27, 2026 · 10 revisions

To use this script with Linux servers docker swag instances to protect Linuxservers SWAG containers from DDoS attacks / exploits is very simple.

You can add to your enviorment variables.

swag:
    image: lscr.io/linuxserver/swag:latest
    cap_add:
      - NET_ADMIN
    container_name: swag
    restart: always
    ports:
      - "80:80/tcp" #http
      - "443:443/tcp" #https
      #- "443:443/udp" #quic optional only needed if you plan to use/enable http3 quic
    environment:
      - DOCKER_MODS=linuxserver/mods:universal-package-install
      - INSTALL_PACKAGES=luajit|lua-resty-lrucache|lua-resty-core|nginx-mod-http-lua
    volumes:
      - /path/docker/swag:/config #nginx config path
      #Optional direct file if prefered: - /path/docker/swag/nginx/lua/anti_ddos_challenge.lua:/config/lua/anti_ddos_challenge.lua

Then you can edit either your nginx.conf file or default.conf / site-confs folder

And add the following to enable the script.

lua_shared_dict antiddos 70m; #Anti-DDoS shared memory zone to track requests per each unique user
access_by_lua_file /config/nginx/lua/anti_ddos_challenge.lua;

Once you saved your nginx.conf or default.conf / site-confs folder be sure to restart the container and all should be working fine and you should be protected.

The reason i use SWAG docker containers is free SSL certs from ZeroSSL or LetsEncrypt this will help prevent DDoS attacks and Flooding of your SWAG containers traffic.

Clone this wiki locally