NGINX Proxy Manager - a simple way to SSL certificates and service management in Docker
In the world of server administration, we are increasingly relying on solutions that allow us to manage our infrastructure in a simple way, while ensuring the security and convenience of our users. One tool that is perfect for this role is NGINX Proxy Manager. It's a lightweight and intuitive open source solution that lets you manage reverse proxies, SSL certificates and hosts in a simple web interface.
Why use NGINX Proxy Manager?
Many administrators face the problem of how to make several different services available on a single public IP address. NGINX Proxy Manager solves this problem in a transparent way - using reverse proxy. In practice, this means that a user connects to a single IP address, and Proxy Manager knows which service "in the backend" should direct traffic to. This makes it possible to expose multiple applications or websites without the need for additional public addresses.
The second key function is SSL certificate management. NGINX Proxy Manager integrates with. Let’s Encrypt, enabling automatic generation and renewal of certificates. It supports both HTTP Challenge - ideal for publicly available services, as well as DNS Challenge - which works well for internally operating sites that should not be exposed to the Internet. It is the DNS Challenge that allows you to generate a certificate even if the service only operates on the local network.
Installation with Docker Compose
In the material I show a complete setup using the Docker Compose, which makes running NGINX Proxy Manager down to a few lines in a file docker-compose.yml. All you need to do is prepare the containers, indicate the port mapping (80, 443 and administrative port 81), and take care of mounting directories data i letsencrypt, to keep the configuration and certificates even after a reboot.
With this solution, the whole configuration is easy to transfer to another server - just backup the mentioned directories and file docker-compose.yml. This approach not only facilitates maintenance, but also significantly speeds up the process of restoring the environment in the event of a disaster.
Practical applications
NGINX Proxy Manager is not just about managing sites WWW. With its help, you can expose different web services running on the same host to the network, such as. Nextcloud, admin panel, test applications or internal dashboards. With SSL and simple host management, all these services can run under secure addresses with Let's Encrypt certificates.
An important element is the correct configuration of DNS. Whether you're using Cloudflare, OVH, DigitalOcean or another provider, the key to success is correctly pointing domain records to the server running Proxy Manager. This is where most errors occur - especially with the HTTP Challenge method - so in the material I discuss in detail how to set up DNS so that the whole thing works without a problem.
plik docker-compose.yaml:
services:
app:
image: 'jc21/nginx-proxy-manager:2'
restart: unless-stopped
ports:
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
healthcheck:
test: ["CMD", "/usr/bin/check-health"]
interval: 10s
timeout: 3s
Commands:
Start docker compose
docker compose up -d
Stopping docker compose
docker compose stop
Download the latest version of images
docker compose pull
Kody:
Summary
NGINX Proxy Manager is a solution that should be in every administrator's arsenal. It combines simplicity of use with great configuration capabilities, and thanks to its integration with Let's Encrypt, it allows you to fully automate the process of managing SSL certificates. On top of that, it comes with easy installation using Docker, the ability to issue multiple services behind a single IP address and an intuitive administration panel.
If you want to see the step-by-step installation and configuration, watch the prepared video - you will find complete instructions from creating a simple test environment to generating a wildcard certificate for the entire domain.