[BUG] FYI SWAG won't start with Crowdsec mod again

[Bidonh]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Recurring issue as described in #552 has reappeared.

2026/03/27 09:18:58 Server ready

2026/03/27 09:18:59 [emerg] 1002#1002: module "/var/lib/nginx/modules/ngx_http_lua_module.so" version 1028003 instead of 1028002 in /etc/nginx/modules/30_http_lua.conf:1

2026/03/27 09:19:00 [emerg] 1007#1007: module "/var/lib/nginx/modules/ngx_http_lua_module.so" version 1028003 instead of 1028002 in /etc/nginx/modules/30_http_lua.conf:1

Deleting and/or downgrading the containers does not work.
You will need to disable linuxserver/mods:swag-crowdsec.

Expected Behavior

Completes startup.

Steps To Reproduce

Install with crowdsec mod. Try to start container.

Environment

- OS: DSM 7.2.2.

CPU architecture

x86-64

Docker creation

networks:
  swag_macvlan:
    external: true

services:
  swag:
    container_name: swag
    image: linuxserver/swag:latest
    #version: 5.4.0-ls447
    cap_add:
      - NET_ADMIN
    environment:
      - VALIDATION=dns
      - DNSPLUGIN=*
      - URL=*.org
      - SUBDOMAINS=wildcard
      - EMAIL=
      - ONLY_SUBDOMAINS=false
      - DOCKER_MODS=linuxserver/mods:swag-dashboard|linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-dbip
      - CROWDSEC_API_KEY=*
      - CROWDSEC_LAPI_URL=http://crowdsec:8080
      - SWAG_AUTORELOAD=true
      - SWAG_AUTORELOAD_WATCHLIST=/config/nginx/proxy-confs|/config/keys
      # FIX for Invalid tarball, could not download crowdsec bouncer
      #- CROWDSEC_VERSION=v1.0.8
    networks:
      swag_macvlan:
        ipv4_address: 192.168.1.145
    volumes:
      - /volume1/docker/swag/config:/config
      #Fail2BAN
      - /var/log/auth.log:/log/host_ssh_auth.log:ro      
      - /volume1/docker/nextcloud/data/nextcloud.log:/nextcloud/nextcloud.log:ro
      #dashboard
      - /volume1/docker/swag/config/fail2ban/fail2ban.sqlite3:/dashboard/fail2ban.sqlite3:ro
    ports:
      - 443:443 #Https port
#      - 80:80   #Http port required for http validation and http -> https redirect
#      - 81:81   #Dashboard Internal access using <server-ip>:81
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped

  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec:latest
    #version: v1.7.6
    environment:
      - COLLECTIONS=crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/base-http-scenarios crowdsecurity/http-cve crowdsecurity/http-dos crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/smb crowdsecurity/sshd crowdsecurity/synology-dsm crowdsecurity/whitelist-good-actors LePresidente/authelia LePresidente/jellyfin sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma
    depends_on:
      - swag
    volumes:
      - /var/log/auth.log:/var/log/host_ssh_auth.log:ro
      - /var/log/samba:/var/log/samba:ro
      - /volume1/docker/nextcloud/mariadb/log/mysql/error.log:/var/log/mysql/error.log:ro
      - /volume1/docker/swag/config/log/nginx:/var/log/nginx:ro
      - /volume1/docker/authelia/config/authelia.log:/var/log/authelia.log:ro
      - /volume1/docker/nextcloud/data/nextcloud.log:/var/log/nextcloud.log:ro
      - /volume1/docker/jellyfin/config/log:/var/log/jellyfin:ro
      - /volume1/docker/swag/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - /volume1/docker/swag/crowdsec/crowdsec-db:/var/lib/crowdsec/data/
      - /volume1/docker/swag/crowdsec/crowdsec-config:/etc/crowdsec/
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped

Container logs

2026/03/27 09:18:58 Server ready

2026/03/27 09:18:59 [emerg] 1002#1002: module "/var/lib/nginx/modules/ngx_http_lua_module.so" version 1028003 instead of 1028002 in /etc/nginx/modules/30_http_lua.conf:1

2026/03/27 09:19:00 [emerg] 1007#1007: module "/var/lib/nginx/modules/ngx_http_lua_module.so" version 1028003 instead of 1028002 in /etc/nginx/modules/30_http_lua.conf:1

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[thespad]

This is unfortunately not something we can avoid, the Alpine nginx lua module and lua resty core packages are maintained by different people and if they don't coordinate updates the packages end up out of sync for a while.

We just can't bundle the necessary packages with the mod to pin the version because it's the packages we're installing as part of the mod that are behind the nginx packages in the Swag image, not the other way around.

[Magfive]

Same problem here :)

[Bidonh]

This is unfortunately not something we can avoid, the Alpine nginx lua module and lua resty core packages are maintained by different people and if they don't coordinate updates the packages end up out of sync for a while.

Thanks, I understand the issue now.
And apparently, 5.4.0-ls448 is fixed.