mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 07:53:39 +00:00

Go to file

renovate[bot] 80d49cd2a2 dep updates/fix quic

Update zoeyvid/nginx-quic Docker tag to v103
Update zoeyvid/nginx-quic Docker tag to v101
Update zoeyvid/nginx-quic Docker tag to v99
Update zoeyvid/nginx-quic Docker tag to v97
Update zoeyvid/nginx-quic Docker tag to v96
Update dependency @babel/core to v7.21.4
Update dependency nodemon to v2.0.22
Update dependency eslint to v8.37.0
Update alpine Docker tag to v3.17.3
Signed-off-by: Zoey <zoey@z0ey.de>

2023-04-04 11:47:50 +02:00

.github

merge upstream

2023-03-22 12:30:58 +01:00

backend

dep updates/fix quic

2023-04-04 11:47:50 +02:00

frontend

dep updates/fix quic

2023-04-04 11:47:50 +02:00

global

Merge branch 'developo' into develop

2023-03-24 06:18:53 +01:00

rootfs

dep updates/fix quic

2023-04-04 11:47:50 +02:00

.gitignore

init

2022-12-17 14:25:32 +01:00

.imgbotconfig

init

2022-12-17 14:25:32 +01:00

.whitesource

init

2022-12-17 14:25:32 +01:00

compose.yaml

dep updates/fix quic

2023-04-04 11:47:50 +02:00

Dockerfile

dep updates/fix quic

2023-04-04 11:47:50 +02:00

LICENSE

Initial commit

2017-12-21 09:01:17 +10:00

README.md

dep updates/fix quic

2023-04-04 11:47:50 +02:00

renovate.json

dep updates/fix quic

2023-04-04 11:47:50 +02:00

security.txt

make image smaller + allow long passwd + dep updates + fix compression/misspellings

2023-02-24 21:10:51 +01:00

README.md

This project comes as a pre-built docker image that enables you to easily forward to your websites running at home or otherwise, including free TLS, without having to know too much about Nginx or Letsencrypt.

Project Goal

I created this project to fill a personal need to provide users with a easy way to accomplish reverse proxying hosts with TLS termination and it had to be so easy that a monkey could do it. This goal hasn't changed. While there might be advanced options they are optional and the project should be as simple as possible so that the barrier for entry here is low.

Features

Beautiful and Secure Admin Interface based on Tabler
Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
Free trusted TLS certificates using Certbot (Let's Encrypt) or provide your own custom TLS certificates
Access Lists and basic HTTP Authentication for your hosts
Advanced Nginx configuration available for super users
User management, permissions and audit log

New Features

HTTP/3 (QUIC) Support
Fix Proxy Hosts, if origin only accepts TLSv1.3
Only use TLSv1.2 and TLSv1.3
Uses OCSP Stapling
- Needs manual migration if you use custom certificates, just upload the CA/Intermediate Certificate (file name: chain.pem) in the /opt/npm/tls/custom/npm-[certificate-id] folder
Smaller then the original
Runs the admin interface on port 81 with https
Default page runs also with https
Uses fancyindex if you use the npm directly as webserver
Expose INTERNAL backend api only to localhost
Easy security headers, see here
Access Log disabled
Error Log written to console
PHP optinal, you can add php extensions, see aviable packages here and here
allows different acme servers
up to 99 domains per cert allowed
Brotli can be enabled
HTTP/2 always enabled
HTTP/2 upload fixed
Infinite upload size allowed
Auto database vacuum (only sqlite) (FULLCLEAN=true)
Auto certbot old certs clean (FULLCLEAN=true)
Passwort reset (only sqlite) (docker exec -it nginx-proxy-manager password-reset.js USER_EMAIL PASSWORD)

Soon

migration

NOTE: migrating back to the original is not possible, so make first a backup before migration, so you can use the backup to switch back
if you use custom certificates, you need to upload the CA/Intermediate Certificate (file name: chain.pem) in the /opt/npm/tls/custom/npm-[certificate-id] folder
some buttons have changed, check if they are still correct

Use as webserver

Create a new Proxy Host
Set Scheme to https, Forward Hostname / IP to 0.0.0.0, Forward Port to 1 and enable Websockets Support (you can also use other values, since these get fully ignored)
Maybe set an Access List
Make your TLS Settings

a) Custom Nginx Configuration (advanced tab), which looks the following for file server:

Note: the slash at the end of the file path is important

location / {
alias /var/www/<your-html-site-folder-name>/;
}

b) Custom Nginx Configuration (advanced tab), which looks the following for file server and php:

Note: the slash at the end of the file path is important
Note: first enable PHP81 and/or PHP82 inside your compose file
Note: you can replace fastcgi_pass php82; with fastcgi_pass php81/php82 ;
Note: to add more php extension use the packes from here and add them using the PHP_APKS env (see compose file)

location / {
alias /var/www/<your-php-site-folder-name>/;

location ~ [^/]\.php(/|$) {
fastcgi_pass php82;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {return 404;}
}}

custom acme server

Open this file: nano /opt/npm/ssl/certbot/config.ini
uncomment the server line and change it to your acme server
maybe set eab keys
create your cert using the npm web ui

Quick Setup

Install Docker and Docker Compose (or portainer)

Create a compose.yaml file similar to this (or use it as a portainer stack):

version: "3"
services:
    nginx-proxy-manager:
        container_name: nginx-proxy-manager
        image: zoeyvid/nginx-proxy-manager
        restart: always
        network_mode: host
        volumes:
        - "/opt/npm:/data"
#        - "/opt/npm-letsencrypt:/etc/letsencrypt" # Only needed for first time migration from original nginx-proxy-manager to this fork
#        - "/var/www:/var/www" # optional, if you want to use it as webserver for html/php
        environment:
        - "TZ=Europe/Berlin"
#        - "NGINX_LOG_NOT_FOUND=true" # Allow logging of 404 errors
#        - "NPM_LISTEN_LOCALHOST=true" # Bind the NPM Dashboard on Port 81 only to localhost
#        - "NPM_CERT_ID=1" # ID of cert, which should be used instead of dummycerts
#        - "CLEAN=false" # Clean folders
#        - "FULLCLEAN=true" # Clean unused config folders
#        - "PHP81=true" # Activate PHP81
#        - "PHP81_APKS=php81-curl php-81-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php81-*
#        - "PHP82=true" # Activate PHP82
#        - "PHP82_APKS=php82-curl php-82-curl" # Add php extensions, see aviable packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17&repo=community&arch=x86_64&name=php82-*

Bring up your stack by running (or deploy your portainer stack)

docker compose up -d

When your docker container is running, connect to it on port 81 for the admin interface. Sometimes this can take a little bit because of the entropy of keys. You may need to open port 81 in your firewall. You may need to use another IP-Address.

https://127.0.0.1:81

Default Admin User:

Email:    admin@example.com
Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi

Immediately after logging in with this default user you will be asked to modify your details and change your password.

Contributors (original NPM)

Special thanks to all of our contributors.

Please report Bugs first to this fork before reporting them to the original Repository

Getting Support

Languages

JavaScript 72.3%

EJS 22.4%

Shell 3%

SCSS 1.5%

Dockerfile 0.6%

Other 0.2%

README.md

Project Goal

Sponsor the original creator (not us):

Features

New Features

Soon

migration

Use as webserver

custom acme server

Quick Setup

Contributors (original NPM)

Please report Bugs first to this fork before reporting them to the original Repository

Getting Support