Setting up a reverse proxy is a great way to secure your websites. A reverse proxy faces the internet and proxies all requests for internal sites for you. This allows you to have a small amount of servers ports open externally while protecting your site data internally.
Nginx Proxy Manager (or NPM for short) handles the proxying as well as the SSL certificates for your sites. It leverages Letsencrypt and Certbot to create and renew certs on expiration.
Prerequisites: Docker Host, Domain Name, DNS provider like Cloudflare.
We will be using Docker to run NPM. So first things first follow the steps in articles to install Docker and Docker Compose.
The command for this would be $ sudo mkdir /opt/npm
Once Docker and Docker compose are installed, create a directory somewhere on your system to store the docker-compose.yml files. Personally, I put things in /opt/$directoryname. In this case it would be /opt/npm.
Create a new file by typing
$ sudo touch docker-compose.yml
Open up the file using your favorite editor. For simplicity I use nano.
$ sudo nano docker-compose.yml
Paste the following text in the file, then press Control + O to save and then Control + X to exit.
version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest restart: unless-stopped ports: # These ports are in format <host-port>:<container-port> - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port # Add any other Stream port you want to expose # - '21:21' # FTP # Uncomment the next line if you uncomment anything in the section # environment: # Uncomment this if you want to change the location of # the SQLite DB file within the container # DB_SQLITE_FILE: "/data/database.sqlite" # Uncomment this if IPv6 is not enabled on your host # DISABLE_IPV6: 'true' volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt
Once the file is created and the content saved run docker-compose up -d from the same directory that the docker-compose.yml file is saved. This will begin downloading and setting up the necessary files.
The new application will take a few minutes depending on the host its running on. After its finished navigate to IP:81 of the machine. This will load the admin panel for NPM.
The default creds are:
Email: [email protected]
Once logged in you will be prompted to update that information.