Nginx Proxy Manager

• Go to https://nginxproxymanager.com/ and read the documentation (You won't)
• Install Docker and Docker-Compose
• Docker Install documentation
• Docker-Compose Install documentation

1. Create a docker-compose.yml file similar to this it goes without saying you can throw this in a existing docker-compose.yml:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

services:
  app:
    image: 'docker.io/jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

This is the bare minimum configuration required. See the documentation for more.

2. Bring up your stack by running

1
2
3
4

docker-compose up -d

# If using docker-compose-plugin
docker compose up -d

3. Log in to the Admin UI

When your docker container is running, connect to it on port 81 for the admin interface.
Sometimes this can take a little bit because of the entropy of keys.

http://127.0.0.1:81 This is a local host url if reaching it remotely figure out the IP of your device you should be able to find it in your router portal

Default Admin User:

1
2

Email:    admin@example.com
Password: changeme

Immediately after logging in with this default user you will be asked to modify your details and change your password.

• Now we reach the fun part what you need to do is get a domain name and that can be figured out in the wiki, look for something cheap like ultra cheap you can even go to a site like https://tld-list.com/ (As shown in the wiki)

After buying the domain what you want to do is setup a record group

1. Host *
   • *.domain.com
2. -Type
   • In most cases you can use A, I typically set my local IPs static
3. The actual IP
   • point it to your local instance of Nginx Proxy Manager you don't need to expose anything lets encrypt will handle the rest

• Now go to your Nginx Proxy Manager instance and navigate to the following page

1. Click add SSL certificate
2. Toggle use DNS challenge
3. Please see the attached image to get an idea what you need to do, be aware that you do need to get the api keys for your domain which will be provided by your registrar. Lets encrypt has support for all major sites so it should be easy to follow.

• 
• Once you have that squared away what you need to do is go to your DNS resolver, I use opnsense so that's done by unbound DNS. I'm going to try to give general direction on this
  1. In whatever interface you use to add hostnames navigate there
  2. Set a domain name
     1. In order to test if everything is working let's start with NPM
     2. Because of the * card character used in your certificate you can basically put whatever the fuck you want as long as it follows
        • (inset text here).domain.com
        • Because of the test lets start with npm.domain.com
        • This will be important later because this will also be the basis for our other domains
     3. Add the IP of your NPM instance (Not local host) to the IP address field, if you see a option for type set it to A like the record you created
     4. Now save your changes and let's make go back to npm
     5. Go to proxy host
        
• Next add a new proxy host configured like so (Take note this is the only NPM step that will change once everything is setup you are going to insert your forward host names and ports to each new domain you setup)
• 
• now click the SSL tag and add your cert
• 
• Click save and navigate to your url to confirm.
  • There might be some nuances depending on what resolves your DNS so be sure to account for that.
• Now that everything is setup you can reuse the same certificate and just add more domains
  • When adding more hostnames to your DNS please use the NPM ip, Unbound DNS has a override feature that does that for me automatically I'm sure it's a standard feature in most DNS resolvers
• With that squared away you will no longer see those annoying warnings when using your browser and you will no longer have issues connecting services due to certificate issues.