Nginx Proxy Manager

Install Nginx Proxy Manager with Docker, a visual interface to manage reverse proxies, SSL and redirects without touching config files

Nginx Proxy Manager (NPM) is a Docker-based reverse proxy with a web GUI. It lets you manage proxy hosts, SSL certificates (via Let's Encrypt), access lists and redirects from a browser, no Nginx config files required.

Prerequisites

Docker and Docker Compose installed (see Docker guide)
Ports 80, 443 and 81 open on the firewall (81 is the admin panel)
A domain pointing to your server (for SSL)

Installation

Create the directory

mkdir -p /opt/nginx-proxy-manager
cd /opt/nginx-proxy-manager

Create `docker-compose.yml`

services:
  npm:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy-manager
    restart: unless-stopped
    ports:
      - "80:80"       # HTTP
      - "443:443"     # HTTPS
      - "81:81"       # Admin panel
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

docker compose up -d

First access

Open http://YOUR_SERVER_IP:81 in your browser.

Default credentials:

Email: admin@example.com
Password: changeme

Change the email and password immediately after first login. The admin panel is exposed on port 81, consider blocking this port from the internet after setup and accessing it only via SSH tunnel.

Adding a Proxy Host

A Proxy Host routes an external domain to an internal service.

Go to Hosts → Proxy Hosts → Add Proxy Host
Fill in:
- Domain Names: app.yourdomain.com
- Scheme: http (or https if the backend uses TLS)
- Forward Hostname / IP: IP or container name of the destination service
- Forward Port: port of the destination service (e.g. 8080)
Enable Block Common Exploits (recommended)
Under the SSL tab: select Request a new SSL Certificate, check Force SSL and HTTP/2 Support
Click Save

NPM will automatically request a Let's Encrypt certificate and configure Nginx.

Using NPM with Other Docker Containers

When NPM and target containers are on the same Docker network, you can use container names instead of IPs.

Shared network example

Add both services to the same network in your docker-compose.yml files:

NPM docker-compose.yml:

services:
  npm:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy-manager
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "81:81"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - proxy

networks:
  proxy:
    name: proxy
    driver: bridge

Your app's docker-compose.yml:

services:
  myapp:
    image: myapp:latest
    container_name: myapp
    networks:
      - proxy

networks:
  proxy:
    external: true

In the NPM proxy host, set:

Forward Hostname / IP: myapp (container name)
Forward Port: the app's internal port

Go to Hosts → Redirections → Add Redirection
Set the source domain and destination URL
Choose 301 (permanent) or 302 (temporary)

Access Lists (IP Restrictions)

To restrict access to specific IPs:

Go to Access Lists → Add Access List
Add allowed IPs or CIDR ranges under Allow
Assign the Access List to a proxy host under the Access tab

Useful Commands

# View logs
docker logs nginx-proxy-manager

# Restart NPM
docker compose restart npm

# Update to latest version
docker compose pull && docker compose up -d

Protecting the Admin Panel (Port 81)

After completing the setup, restrict access to port 81:

# With iptables: allow port 81 only from your IP
iptables -A INPUT -p tcp --dport 81 -s YOUR_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j DROP

Or access it securely via SSH tunnel:

ssh -L 8181:localhost:81 user@your-server
# Then open http://localhost:8181 in your browser

NPM is ideal for managing multiple services on a single VPS without manually editing Nginx configs. For complex setups with many containers, combine it with a Docker Compose network as shown above.