Nginx Proxy Manager — How To Installation and Configuration using Docker — Portainer
NGINX proxy manager is a reverse proxy management system, that is based on NGINX with a nice and clean web UI. You can also obtain trusted SSL certificates, and manage several proxies with individual configs, customizations, and intrusion protection. It is open-source and maintained on GitHub.
Features
- Beautiful and Secure Admin Interface based on Tabler
- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
- Free SSL using Let’s Encrypt or provide your own custom SSL certificates
- Access Lists and basic HTTP Authentication for your hosts
- Advanced Nginx configuration available for super users
- User management, permissions, and audit log
Hosting your home network
I won’t go in to too much detail here but here are the basics for someone new to this self-hosted world.
- Your home router will have a Port Forwarding section somewhere. Log in and find it
- Add port forwarding for port 80 and 443 to the server hosting this project
- Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or Amazon Route53
- Use the Nginx Proxy Manager as your gateway to forward to your other web based services.
Quick Setup
- Install Docker and Docker-Compose
- Create a docker-compose.yml file similar to this:
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt- Bring up your stack by running
docker-compose up -d- Log in to the Admin UI
When your docker container is running, connect to it on port 81 for the admin interface. Sometimes this can take a little bit because of the entropy of keys.
Default Admin User:
Email: admin@example.com
Password: changemeImmediately after logging in with this default user you will be asked to modify your details and change your password.
Best Practice: Use a Docker network
For those who have a few of their upstream services running in Docker on the same Docker host as Nginx Proxy Manager, here’s a trick to secure things a bit better. By creating a custom Docker network, you don’t need to publish ports for your upstream services to all of the Docker host’s interfaces.
Create a network, e.g “nginx-network”:
docker network create nginx-networkThen add the following to the docker-compose.yml file for both Nginx Proxy Manager and any other services running on this Docker host:
networks:
default:
external:
name: nginx-networkLet’s look at a Portainer example:
version: '3'
services: portainer:
image: portainer/portainer
privileged: true
volumes:
- './data:/data'
- '/var/run/docker.sock:/var/run/docker.sock'
restart: unless-stoppednetworks:
default:
external:
name: nginx-network
Now in the Nginx Proxy Manager UI, you can create a proxy host with portainer as the hostname, and port 9000 as the port. Even though this port isn't listed in the docker-compose file, it's "exposed" by the Portainer Docker image for you and not available on the Docker host outside of this Docker network. The service name is used as the hostname, so make sure your service names are unique when using the same network.
Screenshots
Many thanks,
