[BUG] SSL Fails when using linuxserver.io/swag

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

When I add the following .conf file to proxy-confs inside of the nginx folder of a swag container:

## Version 2023/05/31
# make sure that you have a cname set for the webtop
# set up authentication here, for better security

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name webtop.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app webtop;
        set $upstream_port 3000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_buffering off;
    }
}

and update my DNS records accordingly, the SSL certification fails when I visit the website (get an unsafe warning in my browser).

I have many other services behind this proxy and they all authenticate correctly.

Expected Behavior

There should be no 'unsafe' warning from my browser.

Steps To Reproduce

Set up a webtop service by using the recommended docker-compose.yaml contents
Set register webtop to the swag reverse proxy
Visit the website

Environment

- OS:Ubuntu
- How docker service was installed:apt-get

CPU architecture

x86-64

Docker creation

webtop:
    image: lscr.io/linuxserver/webtop:amd64-arch-kde
    container_name: webtop
    security_opt:
      - seccomp:unconfined #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SUBFOLDER=/ #optional
      - TITLE=Webtop #optional
      - CUSTOM_USER=user
      - PASSWORD=password123
    volumes:
      - ./webtop/data:/config
      - /var/run/docker.sock:/var/run/docker.sock #optional
    ports:
      - 3000:3000
      - 3001:3001
    devices:
      - /dev/dri:/dev/dri #optional
    shm_size: "1gb" #optional
    restart: unless-stopped


### Container logs

```bash
───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

..+............+.+.....+....+...+..+.+......+...+..+.+...............+...+..+...+.........+...+.........+.+...+..+++++++++++++++++++++++++++++++++++++++*..+...+++++++++++++++++++++++++++++++++++++++*.....+..+...+.......+.....+.+.........+........+...+.........+.............+...+.................+....+......+...............+.....+....+.........+..+.......+...+...+.....+.+.....+.........+.........+.+..+...+....+...+........+....+..+.+.................+.+......+.....+..........+...+......+..+..........+.........+.....+......+..........+..+..........+..+......+...+......+....+......+.....+.........+....+.....+.............+..+.......+........+............+...+...+....+.....................+..+...+....+...+..+.........+.+...............+.....+.........+......+.+...+..+..........+...............+...+............+..................+......+........+...+.......+......+...........+......+...+.+......+........+.......+..............+.+...+..+.......+......+..+....+......+..+.+..+.......+.....+.......+.....+.+.....+...+.........+...+.......+..+.+...+.....+....+..+......+....+........+......+.........+...............+......+......+...+.+......+.....+..........+...+..+....++++++
..............+.........+++++++++++++++++++++++++++++++++++++++*...+...+...+..............+.+..+.+++++++++++++++++++++++++++++++++++++++*...+.........+.....................+..+..........+..+...+.......+..+.............+..+....+..+....+...+......+..............+......+....+.....+......+.+......+.........+.....+.+.....+....+.....+.+........+.........+................+.....+.......+..+.+......+...+..+.+...+...........+..........+...........+....+.....................+..+.+..+....+........+.+..+.......+...+.....+....+........+.+...........+...+......+.......+.....+....+.........+..+.........+..........+........+................+.....+.+.....+.+..................+.....+............+.......+..+.+............+..+...+.+..............+.+.....+................+......+..+.......+......+.....+.......+.....+.............+.....+...+....+..+......+....+...............+...+...+..+......+.+......+...+.....+............+...+.......+..+.......+...+......+...............+...........+...+.+......+...........+.........+.+.................+...+...+.......+............+..................+............+..+...+................+...........+....+.....+.+.....+..........+........+......+.....................+.............+...............+...+..+...+.......+.......................+....+...+.....+...+..........+............+......+...........+.............+.....+............+...+.+......+.....+....+..+.........+.+.....+.......+.................+......+....+.........+..+..........+..+...+.........+...+.............+...+......+........+.......+...+......+.....+....+......+..+.............+..+....+...+.....+......+.........+.+.....+......+..........+...+...........+.+.....+.+.....+...+.......+..+.+......+...+......+.....+.........+...+.........+...+.+......+.........+..+..........+........+.+...+..+.........+..........+...........+...+.+..+...+.+...+...+.....+.........+.+........+.......+..+............+......+...+......+....+.................+.........+...+.......+...+......+...........+...+.......+......+........+.......+.....+.........++++++
-----
**** creating video group videox8yt with id 110 ****
**** adding /dev/dri/renderD128 to video group videox8yt with id 110 ****
**** creating video group videobvlw with id 44 ****
**** adding /dev/dri/card0 to video group videobvlw with id 44 ****
[custom-init] No custom files found, skipping...
/defaults/startwm.sh: line 7: kwriteconfig5: command not found
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.

Xvnc KasmVNC 1.2.0 - built Mar 15 2024 17:32:48
Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
See http://kasmweb.com for information on KasmVNC.
Underlying X server release 12014000, The X.Org Foundation

[ls.io-init] done.
2024/03/18 20:14:34 [warn] 234#234: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning:          Could not resolve keysym XF86CameraAccessEnable
> Warning:          Could not resolve keysym XF86CameraAccessDisable
> Warning:          Could not resolve keysym XF86CameraAccessToggle
> Warning:          Could not resolve keysym XF86NextElement
> Warning:          Could not resolve keysym XF86PreviousElement
> Warning:          Could not resolve keysym XF86AutopilotEngageToggle
> Warning:          Could not resolve keysym XF86MarkWaypoint
> Warning:          Could not resolve keysym XF86Sos
> Warning:          Could not resolve keysym XF86NavChart
> Warning:          Could not resolve keysym XF86FishingChart
> Warning:          Could not resolve keysym XF86SingleRangeRadar
> Warning:          Could not resolve keysym XF86DualRangeRadar
> Warning:          Could not resolve keysym XF86RadarOverlay
> Warning:          Could not resolve keysym XF86TraditionalSonar
> Warning:          Could not resolve keysym XF86ClearvuSonar
> Warning:          Could not resolve keysym XF86SidevuSonar
> Warning:          Could not resolve keysym XF86NavInfo
Errors from xkbcomp are not fatal to the X server
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning:          Could not resolve keysym XF86CameraAccessEnable
> Warning:          Could not resolve keysym XF86CameraAccessDisable
> Warning:          Could not resolve keysym XF86CameraAccessToggle
> Warning:          Could not resolve keysym XF86NextElement
> Warning:          Could not resolve keysym XF86PreviousElement
> Warning:          Could not resolve keysym XF86AutopilotEngageToggle
> Warning:          Could not resolve keysym XF86MarkWaypoint
> Warning:          Could not resolve keysym XF86Sos
> Warning:          Could not resolve keysym XF86NavChart
> Warning:          Could not resolve keysym XF86FishingChart
> Warning:          Could not resolve keysym XF86SingleRangeRadar
> Warning:          Could not resolve keysym XF86DualRangeRadar
> Warning:          Could not resolve keysym XF86RadarOverlay
> Warning:          Could not resolve keysym XF86TraditionalSonar
> Warning:          Could not resolve keysym XF86ClearvuSonar
> Warning:          Could not resolve keysym XF86SidevuSonar
> Warning:          Could not resolve keysym XF86NavInfo
Errors from xkbcomp are not fatal to the X server
 2024-03-18 20:14:40,899 [INFO] websocket 0: got client connection from 127.0.0.1
 2024-03-18 20:14:40,905 [PRIO] Connections: accepted: @81.111.29.156_1710792880.899162::websocket
 2024-03-18 20:17:59,349 [INFO] websocket 1: got client connection from 127.0.0.1
 2024-03-18 20:17:59,361 [PRIO] Connections: accepted: @192.168.0.200_1710793079.350310::websocket

linuxserver / docker-webtop

[BUG] SSL Fails when using linuxserver.io/swag #223