Hi there. I’m sure that many people have a question – how to forward ports on their routers, for make several internal HTTP or HTTPS services working on one external IP address. The question is mostly actual for home and small businesses. And the task can be solved with configuring a reverse proxy.
There are many of products, from very expensive as they said - enterprise class, to very simple which were made on their knees – for example raw Nginx, or something like that, without any control panel. Today I want to show you, very interesting product, which I have been using for several years in my home lab, and for which I have no any questions at all. That’s Nginx Proxy Manager .
This is something like an addon for Nginx, or a control panel, with very pleasant and intuitive web interface. It is coming as a docker container, so installation doesn’t require any special knowledge or editing any configs, and takes for about 5 minutes.
So lets start to install that system. I have a fresh installed Ubuntu Server 22.04.
First of all update your system:
apt update apt upgrade
Then we must install docker:
sudo apt install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update sudo apt install docker-ce
And docker-compose. You should look for actual version on github :
sudo curl -SL https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-linux-x86_64 -o /usr/libexec/docker/cli-plugins/docker-compose sudo chmod +x /usr/libexec/docker/cli-plugins/docker-compose sudo docker compose version
Finally lets install Nginx Proxy Manager. We have to create a file docker-compose.yml. Because this is yml – indentation matters here, keep it in mind:
nano docker-compose.yml
Content of the file:
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "npm"
DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_NAME: "npm"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
db:
image: 'jc21/mariadb-aria:latest'
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- ./data/mysql:/var/lib/mysql
sudo docker compose up -d
Wait for the end of command execution and in browser go to the address of your server on port 81.
Default username and password are – [email protected] and changeme.
After the first login system will ask you to change account settings and password.
Let’s look to the interface. On the dashboard tab, information about your rules is showed.
By clicking on a tile, you will go to the control interface. The main one, is Proxy Hosts – this is actually reverse proxying.
In the redirection hosts you can add domain redirection rules.
Streams are needed, if you plan to host, for example, a game server.
In the 404 hosts tab, custom error pages can be set.
In the access lists tab, different access rules can be added. You can create rules with nginx auth requirements, or rules for different ip addresses or networks, or both of them.
In the SSL Certificates tab – Certificates can be managed.
In the users tab, some additional users for system control, can be added.
In the settings – default site can be set, if request will come to site which hadn’t been added to proxy host, or somewhere else. It can be the control site of Nginx Proxy Manager, a 404 page, redirect to specified address, or a custom page.
As I said, I have been using this system for several years, and it works great, I hadn’t had any problems with it. Due to simplicity of the interface, there is no need to bother either reissuing certificates or editing Nginx configs.
I think, this is almost perfect reverse proxying system for home or small business. Great respect and thanks to developers!
Share the article with your friends in social networks, maybe it will be useful to them.
If the article helped you, you can >>thank the author<<