Nginx Proxy Manager is a web-based tool designed to simplify the setup and management of reverse proxies. It provides an easy interface to configure SSL certificates, manage multiple domains, and route traffic to local services. I will be referring to it as "NPM".

But why use something like this? It has many advantages like needing only 1 public IP-Address for multiple services on multiple domains, only needing 1 open port on the network instead of multiple ports for all your services.

This method is tested on Debian 12.

The easiest way to host an instance of NPM is using docker-compose: For this, we you need docker and docker-compose installed on your server.

  $ sudo apt install docker.io docker-compose -y

Once that is done, you can create a file called "docker-compose.yml" and put the following content in it:

nginx-proxy-manager:
  image: jc21/nginx-proxy-manager:latest
  container_name: nginx-proxy-manager
  environment:
    DB_SQLITE_FILE: "/data/database.sqlite"
  volumes:
    - ./nginx-proxy-manager/config:/config
    - ./nginx-proxy-manager/data:/data
    - ./nginx-proxy-manager/letsencrypt:/etc/letsencrypt
  ports:
    - "81:81"      # NPM webUI
    - "443:443"   # HTTPS for NPM
    - "80:80"    # HTTP for NPM
  restart: unless-stopped

Now you can start NPM with one of these 2 commands:

  # To run in current shell:
  $ sudo docker-compose up

  # To run it in the background:
  $ sudo docker-compose up -d

Perform your first login: Access the webUI of NPM in your browser with "http://ip:81". These are the default login credentials:

  Email:    [email protected]
  Password: changeme

In this example we will use 1 root domain & 1 subdomain.

Root domain: bytesofprogress.net

Subdomain: subdomain.bytesofprogress.net

The first thing you want to do is pointing your DNS A-Record or AAAA-Record to the public IP-Address of your NPM instance. In this example Cloudflare DNS is being used.

Then we want to issue an SSL certificate:

For a wildcard certificate (which inlcudes subdomains) type "*.example.com". Then enable "Use DNS challenge" and choose Cloudflare as the DNS provider. Paste your Cloudflare API-Token.

You can obtain your API-Token by logging into the Cloudflare Dashboard. From there, navigate to your Profile ---> API-Token. Then click on "Create Token" and choose the template "Edit Zone DNS". Then choose the zone of your domain.

Now, click on "Save". The process can take up to a few minutes.

You can now create your first proxy host:

What this will do: Whenever NPM is hit with a request for "subdomain.bytesofprogress.net", it will proxy the connection to "192.168.1.234" port 8080.

On the SSL tab, you can choose to use the certificate we just created.