Proxy internal services with Nginx Proxy Manager
I recently moved some core services to LXC Containers. During that migration, I discovered a super easy to use NGINX Proxy app called NGINX Proxy Manager. This service is very similar to traefik. Why use it then? Well it seemed new and interesting. It also was included in the proxmox helper scripts so why not.
I did not have a need to expose these services externally, but I did want an easier way to handle SSL/TLS certificates. This seemed like a good compromise for a homelab environment. The GUI was a nice addition as well for an easy overview of current state of all certs.
Setup of NGINX Proxy Manager LXC Container
I used a Proxmox Helper Script to install the LXC Container
1
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/nginxproxymanager.sh)"
See my previous post on LXC Containers with tteck’s proxmox helper scripts for more in-depth details.
NOTE: To route service through the nginx proxy, configure an A record in your DNS to point to the IP of NGINX-Proxy-Manager. This setup also uses Cloudflare DNS with Let’s Encrypt to automatically renew certificates. Ensure you have a Cloudflare Access Token capable of creating DNS entries.
- Once the Container was available on the assigned IP, I logged in with the default credentials on port
81.- Remember to update the credentials so something secure but known.
-
Create a new proxy host and enter the details required including the local IP address and port of the internal service
Configure NGINX Proxy Host -
Under the SSL Tab select Request a new SSL Certificate
-
Use Cloudflare DNS and enter the Cloudflare Access Token
Configure NGINX Proxy Host SSL with Let’s Encrypt and Cloudflare DNS
-
Once the certificate has been issued you will now be able to hit the service you desire from the FQDN you directed through the nginx proxy.
Configure NGINX Proxy Host to access wiki
Super simple and effective way to manage SSL/TLS with services that may not have an easy way to add certificates.