Nginx Proxy Manager: Complete Setup Guide

Nginx Proxy Manager Logo

A reverse proxy management system that exposes web services to the internet with SSL termination and access controls.

Prerequisites

• Docker installed (Docker Guide)

• Docker Compose installed (Compose Guide)

• Domain name with DNS access

• Ports 80, 81, and 443 available

Installation

1. Create Project Directory

mkdir ~/nginx-proxy-manager && cd ~/nginx-proxy-manager

2. Create docker-compose.yml

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: nginx-proxy-manager
    restart: unless-stopped
    ports:
      - '80:80'    # HTTP traffic
      - '81:81'    # Admin interface
      - '443:443'  # HTTPS traffic
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    environment:
      DB_SQLITE_FILE: "/data/database.sqlite"
      DISABLE_IPV6: "false"

3. Launch the Container

docker compose up -d

Initial Configuration

Access the Admin Panel

1. Navigate to:

   http://your-server-ip:81

2. Default credentials:

   Email:    admin@example.com
   Password: changeme

3. Immediately change these after first login

Basic Proxy Setup

1. Add Proxy Host

1. Go to Hosts → Proxy Hosts → Add Proxy Host

2. Configure:

   • Domain Name: yourdomain.com

   • Scheme: http

   • Forward Hostname/IP: container-name or local-ip

   • Forward Port: container-port

3. Enable SSL under the SSL tab

2. Request SSL Certificate

1. Select Let's Encrypt in SSL tab

2. Enter valid email address

3. Agree to terms of service

4. Select "Use a DNS challenge" for wildcard certs

Advanced Features

Access Control

1. Navigate to Access Lists

2. Create rules for:

   • Basic HTTP auth

   • IP whitelisting

   • Client certificate authentication

Redirection Hosts

• Setup 301/302 redirects under Hosts → Redirection Hosts

Streams (TCP/UDP)

• Forward non-HTTP traffic via Hosts → Streams

Maintenance

Backup Configuration

# Backup data and certificates
tar -czvf npm-backup-$(date +%Y%m%d).tar.gz ./data ./letsencrypt

Update NPM

cd ~/nginx-proxy-manager
docker compose pull
docker compose up -d --force-recreate

Troubleshooting

Issue	Solution
"Invalid domain" error	Verify DNS points to server IP
SSL not working	Check port 443 is open and forwarded
502 Bad Gateway	Ensure backend service is running
Admin UI inaccessible	Verify :81 isn't blocked by firewall

Security Recommendations

1. Change default admin credentials immediately

2. Set up 2FA for admin access

3. Regularly rotate Let's Encrypt certificates

4. Restrict admin UI (port 81) to VPN/internal network

5. Monitor for brute force attempts

Pro Tip: For high-traffic sites, consider adding - ./nginx:/etc/nginx/conf.d volume to customize NGINX configs directly.

---

Final Notes:

• Official docs: nginxproxymanager.com

• Community support: GitHub Discussions

• Default login timeout: 2 hours