Nginx Proxy Manager

Nginx Proxy Manager is a web-based proxy management tool that makes it easy to set up and manage reverse proxy servers using Nginx. Nginx is a high-performance web server and reverse proxy that is widely used in production environments to serve web content and balance traffic across multiple servers.

Nginx Proxy Manager simplifies the process of setting up and managing reverse proxies by providing a graphical user interface that allows you to configure and manage multiple proxy servers in a single location. With Nginx Proxy Manager, you can easily create and manage proxy hosts, configure SSL/TLS certificates, set up port forwarding, and much more.

One of the main advantages of using Nginx Proxy Manager is that it helps to improve security by acting as a middleman between the client and the server. This can help to protect against attacks such as Distributed Denial of Service (DDoS) and SQL injection, as well as improve privacy by hiding the origin server’s IP address.

Deploy Nginx with docker-compose

The docker-compose file that we will use is:

version: "3"
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    container_name: nginx    
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    volumes:
      - ~/Docker/Nginx/data:/data
      - ~/Docker/Nginx/letsencrypt:/etc/letsencrypt

Access the UI at http://localhost:81, as specified by the configuration file.

During the first login, you will be able to access the UI with the credentials:

Using NGINX with other services

Important: When the container will be created, the network: nginx_default will be assigned to it. This is the one that we will use when deploying other services with Docker that we want to expose through NGINX.

With Docker Compose

You will need to add this in the docker-compose file of the service that you want to map to NGINX its network:

  • Showing that the network already exists:
networks:
  nginx_default:
    external: true
  • Making the service to expose visible by NGINX:
    networks:
      - nginx_default #this will allow communication between chevereto service and the existing nginx service  

For example:

version: "3.7"

services:
  service_to_expose_to_nginx:
    image: an_image
    container_name: a_container
    ports:
      - 90:80 #you will use 80 to add the service to the NGINX UI.
    environment:
      env_var: a_variable
    networks:
      - any_other_network
      - nginx_default #this will allow communication between chevereto service and the existing nginx service  
  
networks:
  nginx_default:
    external: true

With CLI

docker network connect nginx_default your_new_container_to_go_on_nginx_network
#docker network connect nginx_default focalboard

With Portainer

After any of these 3 procedures, you can use the UI to add proxy host and expose the service.

HTTPS Locally: NGINX + DuckDNS

If you have been self-hosting for a while, you might want to see the proper https sign when accessing your services.

For a long time I was looking for a solution to this and finally I found it: we can use DuckDNS service together with NGINX.

  • To setup local HTTPS with NGINX, we need to:

    • Create a rule in DuckDNS with the Private IP address of our server where we run the self-hosted devices:

    Adding Domain to DuckDNS

    • Add in NGINX’s Admin Panel the Proxy Host: remember that you need the container’s Port!

    Adding NGINX Proxy Host

DuckDNS and Dynamic IPs

If your IP is not static, you might want to use this duckdns container prepared by linuxserver, that will update the ip records in your duckdns account:

---
version: "2.1"
services:
  duckdns:
    image: lscr.io/linuxserver/duckdns:latest
    container_name: duckdns
    environment:
      - PUID=1000 #optional
      - PGID=1000 #optional
      - TZ=Etc/UTC #optional
      - SUBDOMAINS=subdomain1,subdomain2
      - TOKEN=token
      - LOG_FILE=false #optional
    volumes:
      - /path/to/appdata/config:/config #optional
    restart: unless-stopped

FAQ

One Practical Example

I created a guide to expose Focalboard with NGINX and Docker as a reference to apply the same concept with any other service.

Check Similar Services

Interested to discover similar services that you can self-host with Docker? - Check this out: