Nginx Proxy Manager: Managing your web server, it couldn’t be easier!

Have you ever stayed up all night manually modifying Nginx configuration files? 🤯 Do you find it complicated to run multiple web services on one server and manage their respective domains and SSL certificates? If so, Nginx Proxy Manager (NPM) will be your savior! 🎉.

Today, we’re going to take a deep dive into what Nginx Proxy Manager is, why you should use it, and how to install and utilize it. I’m confident that your web server management will become much easier and more intuitive with this article.

—.

1. What is Nginx Proxy Manager? 🤔

Nginx Proxy Manager (NPM), as the name suggests, is a tool that allows you to manage Nginx’s powerful reverse proxy features through an easy and intuitive web interface (GUI). In a nutshell, it’s a magical solution that lets you set up reverse proxy, SSL certificate issuance/renewal, port forwarding, and more with just a few clicks in your web browser, without having to touch the complex Nginx configuration files yourself! ✨

It runs primarily in a Docker container environment and is excellent for connecting various internal services (websites, API servers, private clouds, etc.) to external domains and enforcing HTTPS security.

—.

2. Why should you use Nginx Proxy Manager? (Core Benefits) 🌟

There are so many reasons to use NPM, but here are some of the core benefits.

• Easy web UI for beginners 🖥️: Nginx configuration is powerful, but it’s also hard to learn and mistakes are common. NPM provides a user-friendly web interface, making it easy for anyone to set up and manage a proxy without any Nginx knowledge.
• Automated SSL/TLS (Let’s Encrypt) 🔐: HTTPS is a must for website security! NPM integrates with Let’s Encrypt to issue free SSL certificates in a few clicks and even handle renewals automatically. No more memorizing complicated certificate commands!
• Easy subdomain and port forwarding 🚀: With one public IP, it becomes super simple to point multiple subdomains (e.g. blog.example.com, cloud.example.com) to different internal services (WordPress, Nextcloud, etc.). Connecting services on specific ports by entering port numbers directly is also a piece of cake.
• Centralized Management 🌟: You can efficiently manage proxy settings, SSL certificates, access control, etc. for multiple web services from one dashboard. This greatly reduces maintenance time.
• Full compatibility with Docker 🐳: NPM itself is available as a Docker container, and most of our internal services are often run as Docker as well. Internal services can be connected via the Docker network using just the container name, which is a great combination for Docker users.
• Support for custom Nginx settings ⚙️: If the basic UI isn’t enough for you, we also provide the ability to add custom Nginx settings for each proxy host for advanced users. This allows for granular control as needed.

—.

3. Installing Nginx Proxy Manager (Docker Compose example) 🐳

NPM is the easiest and most reliable way to install in a Docker environment. Here is an example installation using Docker Compose.

You’ll need to bring:

• Server with Docker and Docker Compose installed (Linux is recommended)
• Domain (optional, but required to enable SSL)

Installation Steps:

1. Create a docker-compose.yml file: Create a new directory and put docker-compose.yml inside it. Create a new directory and create a docker-compose.yml file inside it.

   # ~/npm/docker-compose.yml
   version: '3'
   
   services:
     app:
       image: 'jc21/nginx-proxy-manager:latest'
       restart: unless-stopped
       ports:
         # Web UI and HTTP requests (externally accessed).
         - '80:80'
         # HTTPS requests (accessed externally)
         - '443:443'
         # Admin web interface (accessed externally, recommended to be accessible only from internal network for security reasons)
         - '81:81'
       volumes:
         # NPM data storage (certificates, settings, etc.).
         - ./data:/data
         # Store Nginx logs
         - ./logs:/var/log/nginx
       environment:
         # DB_MYSQL_HOST: 'mysql' # If using MySQL (requires additional setup).
         # db_mysql_port: 3306
         # DB_MYSQL_USER: 'npm'
         # DB_MYSQL_PASSWORD: 'npm'
         # DB_MYSQL_DATABASE: 'npm'
         # This setting is not required when using SQLite (default)
         PUID: 1000 # User ID (optional)
         PGID: 1000 # Group ID (optional)

   • ports:
     • 80:80: Connect external port 80 to port 80 of the NPM container (HTTP).
     • 443:443: Connect external port 443 to port 443 of the NPM container (HTTPS).
     • 81:81: Connect external port 81 to port 81 of the NPM container (admin web UI). 🚨 For security reasons, it is strongly recommended that you avoid accessing port 81 directly from the outside, and access it via SSH tunneling or VPN.
   • volumes:
     • ./data:/data: The volume where NPM’s settings, database, SSL certificate, etc. will be stored. This connects the data directory on the host machine to the /data directory inside the container. This must be set to ensure that data is preserved even if the container is deleted.
     • ./logs:/var/log/nginx: Stores Nginx logs on the host machine.
   • environment: If you want to use MySQL or PostgreSQL, refer to the commented part to set it up.

2. Run Docker Compose: Execute the following command in the directory where the docker-compose.yml file is located.

   docker-compose up -d

   This command will run the NPM container in the background.

3. Access the administrator web interface: Proxy Hosts from the dashboard.

   2. Click the Add Proxy Host button.
   3. Details Tab:
      • Domain Names: Enter the external domain names you want to access through this proxy (e.g. blog.yourdomain.com). You can enter multiple.
      • Scheme: Select the protocol (HTTP or HTTPS) for the internal service. Most often this is http://.
      • Forward Hostname / IP: Enter the IP address or Docker container name of the server the internal service is running on (for example, 192.168.1.100 or wordpress_app).
      • Forward Port: Enter the port number used by the internal service (for example, 80, 8080, 3000).
      • Check Block Common Exploits and Websockets Support as required (Websockets is required for services that require real-time communication). 4.
   4. click Save.

• Example: When connecting to blog.yourdomain.com, set to connect to port 80 of the internal Docker container wordpress_app.
  • Domain Names: blog.yourdomain.com
  • Scheme: http
  • Forward Hostname / IP: wordpress_app
  • Forward Port: 80

4.2. SSL Certificates (SSL Certificates) 🔐

This feature is for enforcing HTTPS on your proxy host. You can issue and auto-renew certificates for free through Let’s Encrypt.

• How to set it up:.

  1. go to the SSL Certificates menu.
  2. select Add SSL Certificate -> Let's Encrypt.
  3. Domain Names: Enter the domain names to which you want to apply SSL (must match the domain set on the proxy host).
  4. Email Address: Enter the email address used by Let’s Encrypt (used for renewal notifications, etc.).
  5. Force SSL: Check to automatically redirect incoming requests over HTTP to HTTPS. (Recommended)
  6. HTTP/2 Support: Check to use the latest HTTP/2 protocol. (Recommended)
  7. check I Agree to the Let's Encrypt Terms of Service: check Agree to the terms.
  8. Click Save.
  9. After the certificate is issued, you can return to the settings of your proxy host, select the issued certificate in the SSL tab, and enable Force SSL.

• Tip: You can also issue a wildcard SSL certificate. These are certificates that apply to all subdomains, such as *.yourdomain.com, and require DNS challenge authentication.

4.3. Redirection Hosts ➡️

Used to redirect incoming requests to a specific domain to a different URL.

• Example:
  • old-site.com -> Permanently move to new-site.com
  • Redirecting www.yourdomain.com -> yourdomain.com (good for SEO)

4.4. Access Control Lists (Access Lists) 🔒

Use this when you want to allow or block access to only certain IP addresses, or when you want to enforce Basic Authentication.

• Add Access List allows you to create new rules and apply them in the proxy host settings.
• IP Restriction: Allow access only from specific IP bands (e.g., company internal network IPs).
• Basic Auth: Make pages accessible only by entering a username and password (useful for admin pages, etc.)

4.5. Stream Hosts 📡

Used to proxy TCP/UDP based services (e.g. SSH, game servers, RDP) rather than HTTP/HTTPS traffic.

• Example: You can forward SSH requests coming from a specific domain to an internal SSH server, or forward game server traffic.

For more information, see: #### 4.6. Custom Nginx Configurations ⚙️

Utilized when you want to use advanced features of Nginx that are not available in NPM’s default UI (e.g. adding specific HTTP headers, complex rewrite rules, using the GeoIP module). You can add your own Nginx configuration snippets in the Advanced tab of each proxy host setting.

—.

5. Example of a real-world scenario: WordPress & NPM 🌐

Let’s say you’re running a WordPress website on Docker and connecting your domain through Nginx Proxy Manager.

1. Run your WordPress container: **.

   docker run -d --name wordpress_blog -p 8080:80 wordpress

   This WordPress is currently accessible on port 8080 on the server, and inside the container, it uses port 80. (It runs under the container name wordpress_blog).

2. configure Nginx Proxy Manager:**

   • Add Proxy Hosts:

     • Domain Names: blog.yourdomain.com
     • Scheme: http
     • Forward Hostname / IP: wordpress_blog (directly accessible by container name!)
     • Forward Port: 80 (port inside the container)
     • Websockets Support: Not required by WordPress, but can be used by some plugins, check as needed.

   • Add SSL Certificate: * Add SSL Certificate.

     • In the SSL Certificates tab, get a Let’s Encrypt certificate for blog.yourdomain.com.
     • Check Force SSL to have all HTTP requests automatically redirected to HTTPS.

   • Enforce SSL on Proxy Hosts: * Check Force SSL.

     • Back in Proxy Hosts, enter the blog.yourdomain.com settings, and on the SSL tab, select the certificate you just issued and enable Force SSL.

Now, when you go to http://blog.yourdomain.com or https://blog.yourdomain.com, Nginx Proxy Manager will take the request and forward it to port 80 in the wordpress_blog container, and it will handle HTTPS communication perfectly! 🎉 !

—.

Conclusion: Experience a new world of web server management! 🚀 .

Nginx Proxy Manager is a revolutionary tool that incredibly simplifies the complex and tricky management of Nginx reverse proxy and SSL certificates. Now you don’t have to wrestle with complicated configuration files, you can control everything from a web interface.

Whether you’re running a home lab, deploying a small service, or simply don’t want to spend more time managing your web server, Nginx Proxy Manager will be your best friend. Install it today and take your web server management experience to the next level!

If you have any questions or need more information, feel free to leave us a comment! 😊