This is an update to the previous version of this article that you can find linked below. Sometime last year the install script that I used in that guide was updated to support Debian and Ubuntu in addition to Alpine Linux (which the previous guide used). If you want to use Alpine Linux, follow the old guide here:
Now, I cannot stand Alpine. I’m sure it has its uses but I am more comfortable in Debian therefore I decided to migrate my Alpine setup and document the process along the way.
Note: You do not need an existing installation like me to follow this guide.
For more information about Nginx Proxy Manager or what a reverse proxy is, see previous guide here.
Requirements:
- Proxmox setup and accessible
- Basic knowledge on creating LXC
- Internet access
- Access to router admin panel to set static IP address
Creating the new container:
The first step in this process, whether you are migrating like me or are installing anew is the create a container. You can refer to the create a container section of this guide to see how to do that. You can create either a Debian or Ubuntu container. I will be using the former simply because I am more comfortable with using it.
You will also want to assign this container a static IP address, either in Proxmox or your router. Proxy manager is very minimal on resource usage which means that you don’t need to go overboard with container specifications. A privileged container is not required.
Installing proxy manager:
With the new updated script, the installation process is now super easy! No more messing around with Alpine Linux or creating users. Simply run the following command:
sh -c "$(wget --no-cache -qO- https://raw.githubusercontent.com/ej52/proxmox/main/install.sh)" -s --app nginx-proxy-managerVery quickly you should see a screen like this:
Let the installer do its thing… this may take a couple of minutes so go ahead and take this as your daily reminder to drink some water.
Once the installer is complete, you should see something like this:
Perfect! The installation is done! I want to give a huge shout-out to @github/ej52 for his excellent work on this installation script.
Configuring proxy manager:
Configuring proxy manager is much like for the previous version. If you have an older version of proxy manager, this is the point where you will want to begin moving everything over. Unfortunately, there is no simple way of doing this (would be nice to have an import/export function) so go ahead and chug that water again because you’re going to have to do this manually!
Use this guide to create proxy hosts and SSL certificates.
Note: You will need to update port forwarding on your router to point the HTTP and HTTPS ports of your WAN to the new container once you have moved all the proxy hosts over. Do this after you have moved the hosts over to minimize downtime on your services.
Updating proxy manager:
To update proxy manager, simply run the install script!
What about global access with Tailscale?
This is still possible! In fact it is even easier now since Tailscale officially supports Debian! I am working on making an update to that guide too but in the meantime, you can run the Tailscale installer from their website here and follow this guide to setup global access.
Additional considerations:
It is time for me to become a broken record again. Exposing anything from your local network to the world is risky, very risky. Even behind a reverse proxy, you are allowing external traffic into your internal network which could lead to your server getting hacked, or worse, your personal devices. You have been warned.
Luckily for us, we can make our reverse proxy more secure by installing Crowdsec, which will automatically detect and block malicious traffic. It also maintains a public list of blocked malicious actors so these IP addresses are blocked before they even get to your services! More on this soon :)
Disclaimer:
This is not a guide for setup in production or business environments. Please do your own research first for public or production environment setup.
I am not an IT professional. I am not tech support. I am a college student with a server. You are ultimately responsible for any commands you run on your system.
If you have any questions, leave a comment. Enjoy!