Create a Docker-based Reverse Proxy Stack with Nginx Proxy Manager and Automatic TLS Certificates
Set up a Docker-based Nginx Proxy Manager stack for internal services that need repeatable TLS and routing.
Expected Outcome
A working reverse proxy stack that can manage multiple web applications with secure HTTPS access.
Assumptions
- Basic knowledge of Docker and Docker Compose
- A server or local machine with Docker installed
- Domain name pointing to your server's IP address
Bill of Materials
- Docker
- Docker Compose
- Nginx Proxy Manager Docker Image
- A registered domain name
Build Steps
- Create a Docker Compose File
Set up a Docker Compose file to define the Nginx Proxy Manager service and its configuration.
Safe to run: read-only
mkdir nginx-proxy-manager cd nginx-proxy-manager touch docker-compose.yml
- Edit the Docker Compose File
Open the docker-compose.yml file and add the necessary configuration for Nginx Proxy Manager.
Safe to run: read-only
nano docker-compose.yml
- Start the Nginx Proxy Manager
Use Docker Compose to start the Nginx Proxy Manager service.
Changes system state: review before running
docker-compose up -d
- Access Nginx Proxy Manager
Open your web browser and navigate to the Nginx Proxy Manager interface to complete the initial setup.
Example pattern only. Adjust for your environment before running.
http://<your-server-ip>:81
- Log In to Nginx Proxy Manager
Use the credentials set in the Docker Compose file to log in to the Nginx Proxy Manager dashboard.
Example pattern only. Adjust for your environment before running.
Admin Email: admin@example.com Admin Password: your_password
- Add a Proxy Host
Configure a new proxy host in Nginx Proxy Manager to route traffic to your web application. Manual action: Click on 'Proxy Hosts' > 'Add Proxy Host'; Click 'Save'.
Example pattern only. Adjust for your environment before running.
Enter the domain name and the IP address of your web application Enable 'Block Common Exploits' and 'Websocket Support' if needed
- Set Up Automatic TLS Certificates
Enable SSL for your proxy host using Let's Encrypt for automatic TLS certificate generation. Manual action: Select 'Request a new SSL certificate'; Click 'Save'.
Example pattern only. Adjust for your environment before running.
In the 'Add Proxy Host' dialog, check 'Enable SSL' Enter your email for Let's Encrypt notifications
Validation
- Visit your domain in a web browser to ensure it routes to your web application securely.
- Check the SSL certificate details to confirm it is issued by Let's Encrypt.
Troubleshooting
- Check service logs before changing the design.
- Confirm ports, paths, credentials, DNS names, and container names match the guide assumptions.
Cleanup or Rollback
- Stop test services you no longer need and keep a copy of working configuration before deleting volumes or data directories.
Next Improvements
- Explore advanced configurations in Nginx Proxy Manager.
- Set up additional proxy hosts for other applications.
- Consider securing your Nginx Proxy Manager interface with additional authentication.