selfhosting-blogposts/nginx_p_mngr/index.md

# Nginx Proxy Manager (Docker) 

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server. 

You can use DuckDNS to get a free domain name:

![](0.png)
    
    
    [ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Nextcloud/blog/Conf]
    → ssh root@ech4.duckdns.org
    The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
    ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
    Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64
    
    The programs included with the Debian GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    root@debian-s-1vcpu-1gb-lon1-01:~#
    
    

## **Docker Installation**
    
    
    apt install curl -y
    curl -fsSL https://get.docker.com -o get-docker.sh 
    sh get-docker.sh
    apt install docker-compose -y
    

_or:_
    
    
    apt install docker.io docker-compose -y
    
    which docker && docker -v
    
    

Next create nginxproxymanager (npm)'s directory and get the configuration files:
    
    
    mkdir nproxy 
    cd nproxy
    nano config.json
    
    
    
    
    {
        "database": {
                "engine": "mysql",
                "host":"db",
                "name":"npm",
                "user":"nothing",
                "password":"P@SSW0RD!",
                "port":3306
        }
    }
    
    

Hit ctrl+S to save and ctrl+X to exit nano, then create docker-compose.yml
    
    
    nano docker-compose.yml
    
    
    
    
    version: '3'
    services:
      app:
        image: 'jc21/nginx-proxy-manager:latest'
        ports:
          - '80:80'
          - '81:81'
          - '443:443'
        volumes:
          - ./config.json:/app/config/production.json
          - ./data:/data
          - ./letsencrypt:/etc/letsencrypt
      db:
        image: 'jc21/mariadb-aria:10.4'
        environment:
          MYSQL_ROOT_PASSWORD: 'R00T_P@SSW0RD!'
          MYSQL_DATABASE: 'npm'
          MYSQL_USER: 'nothing'
          MYSQL_PASSWORD: 'P@SSW0RD!'
        volumes:
    	  - ./data/mysql:/var/lib/mysql
    	  
    
    
    
    docker-compose up -d
    
    

Wait a bit for it to run:

![](1.png) ![](2.png)

Once it's done, run docker ps to see your running containers:
    
    
    
    root@debian-s-1vcpu-1gb-lon1-01:~/nproxy# docker ps
    CONTAINER ID        IMAGE                             COMMAND             CREATED             STATUS                    PORTS                                            NAMES
    b9bcb6598f65        jc21/mariadb-aria:10.4            "/scripts/run.sh"   56 seconds ago      Up 54 seconds             3306/tcp                                         nproxy_db_1
    bf2a4c279e3c        jc21/nginx-proxy-manager:latest   "/init"             56 seconds ago      Up 54 seconds (healthy)   0.0.0.0:80-81->80-81/tcp, 0.0.0.0:443->443/tcp   nproxy_app_1
    	
    

you can verify it is working by visiting your website (here it's http://ech4.duckdns.org/)

![](3.png)

And there you have it. Now from here go to the admin page on port 81 where you'll log in with the default credentials **admin@example.com:changeme** :

![](4.png)

Change the default admin credentials:

![](5.png) ![](6.png)

Then log out and back in again with your new credentials:

![](7.png) ![](8.png)

Next let's create a proxy host for this server, just to test if it's working.
    
    
     ip addr show docker0 | grep inet
    	inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
    	
    

So we're going to make sure that manage.ech4.duckdns.org redirects to the server's INTERNAL ip address 172.17.0.1's port 81:

![](14.png)

Next head over to the SSL tab:

![](10.png)

Hit Save:

![](11.png)

Once that's done, you'll see that we have been able to:

  1. create a subdomain to our website

  2. enable SSL for that subdomain thanks to letsencrypt

  3. Create the subdomain https on port 443 regardless of the original port

  4. set it's access to public




So let's test it:

![](15.png)

With this done, you realize now that you can use nginx proxy manager in order to bring together multiple web applications regardless of their ports (wether it is 8080 or 80 or 9090 or 443 etc) and enable them out publicly from a private ip subnet, to nproxy's public interface as a subdomain with SSL enabled thanks to letsencrypt. 

In other words, this is giving me ideas to run a proxmox server locally at home where i will be able to host my web applications in virtualised environments (wether it is on debian or windows or centos) and therefore being able to use nproxy to make them available publicly as a list of subdomains. This also works for external servers that are accessible through public ip addresses and/or through their respective domain names: