← All posts
· 3 min read
NetworkingSSLDocker

Nginx Proxy Manager: SSL Termination Made Simple

Date: 2025-11-24 Tags: Networking, Reverse Proxy, SSL, Docker Author: Wissam Ztaoui

Introduction

Nginx Proxy Manager (NPM) is a powerful, user-friendly interface for managing Nginx reverse proxies. It simplifies the process of exposing internal services to the internet, handling SSL/TLS certificates via Let’s Encrypt, and managing access lists. This guide covers deploying NPM via Docker and configuring a secure reverse proxy.

1. Deployment

We will deploy NPM using Docker Compose. It requires a database (SQLite or MariaDB) to store configurations.

Docker Compose Configuration

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'      # HTTP Traffic
      - '81:81'      # Admin Interface
      - '443:443'    # HTTPS Traffic
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

Installation

  1. Save the above configuration to docker-compose.yml.
  2. Start the stack: 
    docker-compose up -d

2. Initial Configuration

  1. Access the Admin Interface at http://<YOUR_SERVER_IP>:81.
  2. Default Credentials:
    • Email: admin@example.com
    • Password: changeme
  3. Security First: Immediately change the email and password upon first login.

3. Creating a Proxy Host

To expose a service (e.g., Portainer running on port 9000):

  1. Navigate to Hosts > Proxy Hosts.
  2. Click Add Proxy Host.
  3. Details Tab:
    • Domain Names: portainer.example.com
    • Scheme: http
    • Forward Hostname / IP: 172.17.0.1 (Docker Host IP) or container name if on the same network.
    • Forward Port: 9000
    • Cache Assets: Enable for static sites.
    • Block Common Exploits: Enable for security.
    • Websockets Support: Enable (required for Portainer).

4. SSL/TLS Configuration

NPM automates certificate management with Let’s Encrypt.

  1. Go to the SSL Tab in the Proxy Host dialog.
  2. SSL Certificate: Select “Request a new SSL Certificate”.
  3. Force SSL: Enable to redirect HTTP to HTTPS.
  4. HTTP/2 Support: Enable for performance.
  5. HSTS Enabled: Enable for strict transport security.
  6. Email Address: Enter your email for Let’s Encrypt notifications.
  7. Click Save. NPM will validate the domain ownership and issue the certificate.

5. Access Lists

To restrict access to sensitive services (like the NPM admin panel itself):

  1. Go to Access Lists > Add Access List.
  2. Name: Internal Only.
  3. Authorization: Add a username/password for Basic Auth.
  4. Access: Allow specific IP ranges (e.g., 192.168.1.0/24) and deny all others.
  5. Apply this list to any Proxy Host via the Details Tab.

Conclusion

Nginx Proxy Manager abstracts the complexity of manual Nginx configuration, making secure, SSL-encrypted reverse proxying accessible for any self-hosted infrastructure.

← Back to all posts