Npm
The Nginx Proxy Manager (NPM) is an open-source reverse proxy management system that runs as a Docker container. It is easy to set up and requires no expertise to work with Nginx servers or SSL certificates. All you need to do is install a Docker and Docker Compose on each server.
Prerequisites
- Docker Engine and Docker Compose packages are installed and running
- A non-root user with Docker privileges
- A valid domain name for Nginx Proxy Manager (example.your-domain.tld in this tutorial).
Setting up the Nginx proxy manager
Create the directory structure
1
2
mkdir -p ~/docker/npm/{data,letsencrypt,data/snippet}
touch ~/docker/npm/data/snippet/_hsts.conf
Next, let’s create a docker-compose.yml file to define different services to deploy Nginx Proxy Manager you can use the yaml files depending upon your requirements.
1
nano docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '443:443'
- '81:81'
environment:
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "$secure-user"
DB_MYSQL_PASSWORD: "$secure-password"
DB_MYSQL_NAME: "$database"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- ./data/snippet/_hsts.conf:/app/templates/_hsts.conf
## Optional
# depends_on:
# - db
#
# db:
# image: 'jc21/mariadb-aria:latest'
# restart: unless-stopped
# environment:
# MYSQL_ROOT_PASSWORD: '$secure-password'
# MYSQL_DATABASE: '$database'
# MYSQL_USER: '$secure-user'
# MYSQL_PASSWORD: '$secure-password'
# volumes:
# - ./data/mysql:/var/lib/mysql
Starting the container
Docker Compose allows us to start all the services we specified in the docker-compose.yml file with just one command: docker-compose up.
Let’s start all the containers and make them run in the background using the -d flag:
1
docker-compose up -d
To verify the status of all running containers, run the docker-compose ps command:
1
docker-compose ps (OR) docker ps -a
If something goes wrong, you can check the logs for each container using the docker logs command and specify the service name. For example, to check the log of the Nginx Proxy Manager container, run the following command:
1
docker logs $container (OR) docker compose logs -f
Configuring the headers
Feel free to update the headers according to your specific needs and include them in the nginx proxy vhost while configuring
1
nano ./data/snippet/_hsts.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{% if certificate and certificate_id > 0 -%}
{% if ssl_forced == 1 or ssl_forced == true %}
{% if hsts_enabled == 1 or hsts_enabled == true %}
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header "Access-Control-Allow-Origin *;";
add_header Content-Security-Policy upgrade-insecure-requests;
add_header Permissions-Policy interest-cohort=();
add_header Expect-CT 'enforce; max-age=604800';
more_set_headers 'Server: Proxy';
more_clear_headers 'X-Powered-By';
{% endif %}
{% endif %}
{% endif %}
For More details please check the manual