Post

Nginx Proxy Manager

Posted
By Roman TechnoVerse
2 min read
Nginx Proxy Manager

Prerequisites

Before starting, ensure you have:

  1. Virtual Machine (VM) with root access
  2. Public IP address (find yours here)
  3. Domain configured in Cloudflare with DNS management access

WireGuard VPN Setup Walkthrough

Optional: Install Docker & Docker Compose

If you don’t have Docker installed, follow the official Docker installation guide or use these commands for Ubuntu:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

# Install Docker components:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify installation:

1

docker -v && docker compose version

1. Configure nginx-proxy-manager

Docker Compose Configuration

Create a docker-compose.yml file with these contents:

1
2
3
4
5
6
7
8
9
10
11
12

services:
  nginx-proxy-manager:
    image: "jc21/nginx-proxy-manager:2.12.3"
    restart: unless-stopped
    container_name: nginx-proxy-manager
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

Start the service:

1

docker compose up -d

2. Initial Nginx Proxy Manager Setup

  1. Access the web UI at http://your-vm-ip:81
    Default Credentials:
1
2

Email:    [email protected]
Password: changeme
  1. Immediately change these credentials after first login.

3. Port Forwarding Configuration

  • On your router, forward UDP ports 80 and 443 to your VM’s local IP.

4. DNS Configuration

  1. In Cloudflare, create an A record:
    • Name: npm.your-domain.com
    • Value: Your public IP
  2. In Nginx Proxy Manager:
    • Navigate to Hosts > Proxy Hosts
    • Click Add Proxy Host and configure:
1
2
3
4

Domain Names: npm.your-domain.com
Scheme: http
Forward Hostname/IP: [your-VM-local-IP]
Forward Port: 80
  1. Verify access at npm.your-domain.com - you should see the NPM login page.

5. Wildcard SSL Certificate Setup

  1. Navigate to SSL Certificates > Add SSL Certificate > Let’s Encrypt
    • Domain Names: your-domain.com, *.your-domain.com
    • Email: Your Cloudflare-registered email

  2. Select DNS Challenge and choose Cloudflare as DNS provider.

  3. Create a Cloudflare API Token:
    • Permissions: Zone.DNS Edit (for all zones or specific domain)
    • Copy the generated token (store securely - it won’t be shown again)

  4. Paste the token into Nginx Proxy Manager.
    ⚠️ Warning: This data will be stored as plaintext in the database and in a file!

  5. Agree to Let’s Encrypt terms and wait for certificate issuance (~2-5 mins).

  6. Apply the certificate:
    • Edit npm.your-domain.com proxy host
    • SSL tab: Select your wildcard certificate
    • Enable: Force SSL, HTTP/2, HSTS, and HSTS Subdomains

Verify secure access at https://npm.your-domain.com.

Useful References

homelab
homelab proxmox nginx-proxy-management docker cloudflare letsencrypt
This post is licensed under CC BY 4.0 by the author.