Nginx Proxy Manager

Nginx Proxy Manager (NPM) is a lightweight, self‑hosted reverse proxy front‑end that abstracts the complexity of Nginx and Let’s Encrypt. It exposes a web‑based admin UI (built on Tabler) while internally generating and maintaining Nginx configuration files, SSL certificates, and access controls. For developers, the value lies in its ability to surface a declarative API over traditional file‑based configuration, enabling rapid iteration on routing logic without manual edits to Nginx stanzas.

Key Features

• Declarative Routing: Create forwarding hosts, redirects, streams, and 404 handlers through REST endpoints or the UI; NPM writes the corresponding nginx.conf snippets automatically.
• SSL Automation: Leverages Certbot under the hood to obtain and renew Let’s Encrypt certificates, or accept user‑supplied PEM bundles for custom certs.
• Access Control: Basic HTTP authentication, IP whitelisting/blacklisting, and user‑role permissions are managed via the API.
• Audit Trail: Every change is logged, providing traceability for security audits or debugging.

Technical Stack

• Runtime: Node.js (Express) serves the admin UI and API; Nginx runs as a separate process inside the same container.
• Persistence: SQLite (file‑based) stores configuration, users, and logs; optional migration to PostgreSQL is available for larger deployments.
• Containerization: Official Docker image (jc21/nginx-proxy-manager) exposes ports 80, 443, and 81 (UI). Volume mounts for /data and /etc/letsencrypt persist state across restarts.
• Certificates: Certbot (acme‑client) is bundled; certificates are stored under /etc/letsencrypt.

Core Capabilities

The API follows standard REST conventions and returns JSON, making it straightforward to integrate with CI/CD pipelines or custom dashboards.

Deployment & Infrastructure

• Self‑Hosting: Runs on any host with Docker; no external dependencies beyond the container runtime.
• Scalability: Designed for home or small‑office use; scaling horizontally requires external load balancing and shared storage (e.g., NFS or S3 for /etc/letsencrypt).
• High Availability: A single instance is sufficient for most scenarios; for HA, duplicate containers with a shared SQLite or Postgres backend and an external reverse proxy can be employed.

Integration & Extensibility

• Webhooks: NPM supports webhook callbacks on host creation/deletion, enabling automated downstream actions (e.g., updating DNS records).
• Custom Nginx Directives: Super‑user mode allows injection of arbitrary nginx.conf snippets per host, providing flexibility for advanced routing or performance tuning.
• Plugin Hooks: While no formal plugin system exists, the open‑source code can be forked to add middleware or extend the API.

Developer Experience

• Configuration: Minimal Docker compose snippet; all runtime parameters are exposed via environment variables (e.g., NGINX_PROXY_MANAGER_ADMIN_PASSWORD).
• Documentation: Comprehensive README, API docs, and a live UI guide; community contributions are encouraged through GitHub issues.
• Community: Active GitHub repo with frequent updates, a dedicated Discord channel, and an ecosystem of DDNS helpers (e.g., route53-ddns).

Use Cases

• Home Lab: Expose local services (e.g., Pi‑Hole, Home Assistant) with HTTPS and basic auth.
• DevOps: Quick reverse proxy for staging environments, automatically provisioning Let’s Encrypt certs during deployment.
• Edge Services: Serve as a lightweight entry point for IoT devices requiring secure HTTP endpoints.

Advantages Over Alternatives

For developers who need a rapid, secure reverse‑proxy layer without wrestling with Nginx syntax, NPM offers a production‑ready solution that blends declarative configuration, automation, and an extensible API—all within a single Docker image.