Ech0 - 00 / 00 / 00

Nginx Proxy Manager (Docker)

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.

You can use DuckDNS to get a free domain name:

[ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Documents/Github/blog/Conf]
→ ssh root@ech4.duckdns.org
The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@debian-s-1vcpu-1gb-lon1-01:~#

Docker Installation

apt install curl -y
curl -fsSL https://get.docker.com -o get-docker.sh 
sh get-docker.sh
apt install docker-compose -y

or:

apt install docker.io docker-compose -y

which docker && docker -v

Next create nginxproxymanager (npm)'s directory and get the configuration files:

mkdir nproxy 
cd nproxy
nano config.json

{
    "database": {
            "engine": "mysql",
            "host":"db",
            "name":"npm",
            "user":"nothing",
            "password":"P@SSW0RD!",
            "port":3306
    }
}

Hit ctrl+S to save and ctrl+X to exit nano, then create docker-compose.yml

nano docker-compose.yml

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
    image: 'jc21/mariadb-aria:10.4'
    environment:
      MYSQL_ROOT_PASSWORD: 'R00T_P@SSW0RD!'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'nothing'
      MYSQL_PASSWORD: 'P@SSW0RD!'
    volumes:
	  - ./data/mysql:/var/lib/mysql
	  

docker-compose up -d

Wait a bit for it to run:

Once it's done, run docker ps to see your running containers:

root@debian-s-1vcpu-1gb-lon1-01:~/nproxy# docker ps
CONTAINER ID        IMAGE                             COMMAND             CREATED             STATUS                    PORTS                                            NAMES
b9bcb6598f65        jc21/mariadb-aria:10.4            "/scripts/run.sh"   56 seconds ago      Up 54 seconds             3306/tcp                                         nproxy_db_1
bf2a4c279e3c        jc21/nginx-proxy-manager:latest   "/init"             56 seconds ago      Up 54 seconds (healthy)   0.0.0.0:80-81->80-81/tcp, 0.0.0.0:443->443/tcp   nproxy_app_1
	

you can verify it is working by visiting your website (here it's http://ech4.duckdns.org/)

And there you have it. Now from here go to the admin page on port 81 where you'll log in with the default credentials admin@example.com:changeme:

Change the default admin credentials:

Then log out and back in again with your new credentials:

Next let's create a proxy host for this server, just to test if it's working.

 ip addr show docker0 | grep inet
	inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
	

So we're going to make sure that manage.ech4.duckdns.org redirects to the server's INTERNAL ip address 172.17.0.1's port 81:

Next head over to the SSL tab:

Hit Save:

Once that's done, you'll see that we have been able to:

1. create a subdomain to our website

2. enable SSL for that subdomain thanks to letsencrypt

3. Create the subdomain https on port 443 regardless of the original port

4. set it's access to public

So let's test it:

With this done, you realize now that you can use nginx proxy manager in order to bring together multiple web applications regardless of their ports (wether it is 8080 or 80 or 9090 or 443 etc) and enable them out publicly from a private ip subnet, to nproxy's public interface as a subdomain with SSL enabled thanks to letsencrypt.

In other words, this is giving me ideas to run a proxmox server locally at home where i will be able to host my web applications in virtualised environments (wether it is on debian or windows or centos) and therefore being able to use nproxy to make them available publicly as a list of subdomains. This also works for external servers that are accessible through public ip addresses and/or through their respective domain names:

2

3