Nginx Proxy Manager is a free open source reverse proxy management service that allows you to securely expose services running in your local network to the internet. It also manages the SSL certificates and renewals.
Setup your domain Link to heading
If you don’t already own a domain, purchase one from any registrar.
I use AWS Registrar and Route 53 to manage my domain and DNS.
You will then need to add a DNS A record pointing to your Public IP.
Setup the NGINX Proxy Manager container Link to heading
On a server in your home network, install Docker with docker compose.
Create the docker-compose.yml:
---
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
container_name: nginxproxymanager_app
restart: always
ports:
- '80:8080'
- '443:443'
- '81:81'
environment:
# These are the settings to access your db
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_NAME: "npm"
LOG4J_FORMAT_MSG_NO_LOOKUPS: "true"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
- web
depends_on:
- db
db:
image: 'jc21/mariadb-aria:latest'
container_name: nginxproxymanager_db
restart: always
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- ./data/mysql:/var/lib/mysql
networks:
- web
networks:
web:
external: true
This will create the Nginx Proxy Manager service and database containers on the same docker network.
Run the container with:
docker compose up -d
Port forwarding Link to heading
In your router, port forward the TCP/UDP ports 8080 and 443 to the same ports on your wireguard server IP.
Now any HTTP and HTTPS requests to your domain will be sent to your Public IP, and your router will forward them to the Nginx Proxy Manager service.
Initial Nginx Service setup Link to heading
As per their instructions, when your docker container is running, connect to it on port 81 for the admin interface. Sometimes this can take a little bit because of the entropy of keys.
Go to http://server_ip:81 in your browser when connected to your local network.
Default Admin User:
- Email: admin@example.com
- Password: changeme
Immediately after logging in with this default user you will be asked to modify your details and change your password.
How to setup a reverse proxy Link to heading
Say you have a service running on 192.168.1.42 port 5050. You can now securely expose this service to the internet with Nginx Proxy Manager.
- First, create a new DNS A record with subdomain like app.domain.com in your DNS provider and point it to your Public IP.
- Then go to the Nginx Proxy Manager proxy hosts tab and “Add Proxy Host”:
- Domain Name: In this example app.domain.com
- Scheme: https
- Forward Hostname / IP: In this example
192.168.1.42 - Forward Port: In this example
5050 - Enable “Cache Assets”, “Block Common Exploits” and “Websocket Support”
- Access List: Publicly Accessible
- In SSL tab Request New SSL Certificate. I use Route 53 and have to use the DNS challenge and provide my AWS credentials.
- Enable “Force SSL”, “HTTP/2 Support” and “HSTS Enabled”
- Save. It will take a second to verify the DNS and create the SSL Certificate.
And that should be it. You can now go to app.domain.com on any device connected to the internet and see your service, secured behind a reverse proxy with SSL certificate.