{"id":3289,"date":"2023-01-22T17:30:33","date_gmt":"2023-01-22T22:30:33","guid":{"rendered":"https:\/\/dft.wiki\/?p=3289"},"modified":"2026-06-08T17:08:18","modified_gmt":"2026-06-08T21:08:18","slug":"nginx-proxy-manager-as-a-lxc-in-promox","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=3289","title":{"rendered":"NGINX Proxy Manager as a LXC in Promox"},"content":{"rendered":"<p><strong>NGINX Proxy Manager<\/strong> [<a href=\"https:\/\/nginxproxymanager.com\/guide\/\">Link<\/a>] is an open-source tool for managing and configuring NGINX servers. It supports:<\/p>\n<ul>\n<li>A single entry point to the DMZ (with optional HA to avoid a single point of failure),<\/li>\n<li>Reverse proxy, forward, or stream routing based on domain name, path, and\/or port,<\/li>\n<li>Quick and easy free SSL certificate issuing and renewal,<\/li>\n<li>Access control based on authentication or source.<\/li>\n<\/ul>\n<p>Running NGINX Proxy Manager as an LXC container in Proxmox [<a href=\"https:\/\/www.proxmox.com\/en\/proxmox-ve\/\">Link<\/a>] offers several additional advantages:<\/p>\n<ul>\n<li>Isolation from the host and other guest systems,<\/li>\n<li>Shared kernel with the host for optimal resource usage,<\/li>\n<li>Easy backup, migration, and cloning,<\/li>\n<li>And much more.<\/li>\n<\/ul>\n<p>Learn more about Proxmox with the cheat sheet at [<a href=\"https:\/\/dft.wiki\/?p=2602\">Link<\/a>].<\/p>\n<hr \/>\n<p><strong>INSTALLATION<\/strong><\/p>\n<p>On the Proxmox server, via SSH or the Web Shell, run the following command:<\/p>\n<pre>curl -sL https:\/\/raw.githubusercontent.com\/ej52\/proxmox\/main\/lxc\/nginx-proxy-manager\/create.sh | bash -s<\/pre>\n<p><strong>Note:<\/strong> This script is not from the official repository and is not maintained by the NGINX Proxy Manager team, but it is referenced in their official documentation. It is strongly recommended that everyone review the script code thoroughly before running it.<\/p>\n<p>It will create a new CT based on an Alpine LXC template with the following default parameters:<\/p>\n<ul>\n<li>ID\n<ul>\n<li>Next available ID number<\/li>\n<\/ul>\n<\/li>\n<li>Bridge\n<ul>\n<li><strong>vmbr0<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>Cores\n<ul>\n<li>1<\/li>\n<\/ul>\n<\/li>\n<li>RAM\n<ul>\n<li>2 GB<\/li>\n<\/ul>\n<\/li>\n<li>SWAP\n<ul>\n<li>0 GB<\/li>\n<\/ul>\n<\/li>\n<li>Storage\n<ul>\n<li><strong>local-lvm<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>All of these parameters can be customized. Read more at [<a href=\"https:\/\/github.com\/ej52\/proxmox-scripts\/tree\/main\/lxc\/nginx-proxy-manager\">Link<\/a>].<\/p>\n<p>At the end of the script execution, the address to access the NGINX Proxy Manager web interface will be printed.<\/p>\n<hr \/>\n<p><strong>OVERVIEW OF THE WEB UI AND FEATURES<\/strong><\/p>\n<p>Navigate to its IP address on port <strong>81<\/strong>. The default email is <strong>admin@example.com<\/strong> and the default password is &#8220;<strong>changeme<\/strong>&#8220;.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3294\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-54-39.png\" alt=\"\" width=\"749\" height=\"334\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-54-39.png 749w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-54-39-300x134.png 300w\" sizes=\"auto, (max-width: 749px) 100vw, 749px\" \/><\/p>\n<p>You will be prompted to change your credentials on the first login.<\/p>\n<p>Main dashboard:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3295\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-55-51.png\" alt=\"\" width=\"1197\" height=\"281\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-55-51.png 1197w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-55-51-300x70.png 300w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-55-51-1024x240.png 1024w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_11-55-51-768x180.png 768w\" sizes=\"auto, (max-width: 1197px) 100vw, 1197px\" \/><\/p>\n<p>This server must have TCP ports 80 and 443 directly exposed to the internet (or forwarded to it) in order to issue and manage free SSL certificates from Let&#8217;s Encrypt.<\/p>\n<p>First, create an A record on the desired domain pointing to this server&#8217;s IP.<\/p>\n<p>Then, go to <strong>SSL Certificates &gt; Add SSL Certificate<\/strong>. Provide the domain or subdomain address and a real email address (@example.com is not accepted):<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3302\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-18-13.png\" alt=\"\" width=\"504\" height=\"528\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-18-13.png 504w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-18-13-286x300.png 286w\" sizes=\"auto, (max-width: 504px) 100vw, 504px\" \/><\/p>\n<p>Once SSL certificates are issued, they can be linked to Hosts, Redirects, and\/or Streams.<\/p>\n<ul>\n<li><strong>Proxy Host<\/strong>\n<ul>\n<li>Shields the web host where the application is running and terminates the SSL connection at the edge. Internally, it can use an unencrypted HTTP connection or a self-signed HTTPS connection. Either way, the web application will know which domain or subdomain to serve for each request.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Redirect Host<\/strong>\n<ul>\n<li>Translates a request from one domain to another. For example, from <span style=\"text-decoration: underline;\">www.example.com<\/span> to <span style=\"text-decoration: underline;\">example.com<\/span>.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Stream Host<\/strong>\n<ul>\n<li>Redirects traffic at the TCP\/UDP level, similar to how a router operates.<\/li>\n<\/ul>\n<\/li>\n<li><strong>404 Host<\/strong>\n<ul>\n<li>Defines the behavior when no match is found for a request. It can redirect to a default address or serve a custom page.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Go to <strong>Host &gt; Proxy Hosts &gt; Add Proxy Host<\/strong>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3297\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-10-04.png\" alt=\"\" width=\"504\" height=\"555\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-10-04.png 504w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-10-04-272x300.png 272w\" sizes=\"auto, (max-width: 504px) 100vw, 504px\" \/><\/p>\n<p>Set the parameters for the internal call that NGINX will make to the web server on the private network:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3298\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-10-46.png\" alt=\"\" width=\"506\" height=\"585\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-10-46.png 506w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-10-46-259x300.png 259w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\" \/><\/p>\n<p>Then select the appropriate SSL certificate:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3299\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-11-44.png\" alt=\"\" width=\"506\" height=\"394\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-11-44.png 506w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-11-44-300x234.png 300w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\" \/><\/p>\n<p>A list of all proxy hosts (virtual hosts) will be displayed with their statuses:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3296\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-09-16.png\" alt=\"\" width=\"1184\" height=\"314\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-09-16.png 1184w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-09-16-300x80.png 300w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-09-16-1024x272.png 1024w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-09-16-768x204.png 768w\" sizes=\"auto, (max-width: 1184px) 100vw, 1184px\" \/><\/p>\n<p>Similarly, add <strong>Redirection Hosts<\/strong>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3300\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-14-10.png\" alt=\"\" width=\"506\" height=\"512\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-14-10.png 506w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-14-10-296x300.png 296w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\" \/><\/p>\n<p>Add <strong>Stream Hosts<\/strong>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3301\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-14-39.png\" alt=\"\" width=\"506\" height=\"374\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-14-39.png 506w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_12-14-39-300x222.png 300w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\" \/><\/p>\n<p>Or add <strong>404 Hosts<\/strong>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3303\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_17-02-53.png\" alt=\"\" width=\"504\" height=\"306\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_17-02-53.png 504w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2023\/01\/Screenshot_2023-01-22_17-02-53-300x182.png 300w\" sizes=\"auto, (max-width: 504px) 100vw, 504px\" \/><\/p>\n<hr \/>\n<p><strong>CONCLUSION<\/strong><\/p>\n<p>NGINX Proxy Manager was originally designed to run as a Docker container, but its usefulness extends well beyond that.<\/p>\n<p>When properly orchestrated, a series of Kubernetes Pods can manage the lifecycle of multiple instances of this versatile application.<\/p>\n<p>With a friendly and easy-to-use interface, it can be used to shield applications with access control, offload servers from SSL encryption and decryption overhead for all public traffic, centralize and manage SSL certificates, and distribute site load across multiple servers that operate as one.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NGINX Proxy Manager [Link] is an open-source tool for managing and configuring NGINX servers. It [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,1,7],"tags":[],"class_list":["post-3289","post","type-post","status-publish","format-standard","hentry","category-linux","category-ccna","category-web"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3289"}],"version-history":[{"count":6,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3289\/revisions"}],"predecessor-version":[{"id":5655,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3289\/revisions\/5655"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}