Setting up the NGINX Proxy Manager on Raspberry Pi?

The NGINX Proxy Manager provides a web interface for managing and monitoring reverse proxies on NGINX. With the NGINX Proxy Manager installed on a Raspberry Pi, you can easily set up reverse proxies for services and applications hosted on other devices on your network.

Setting up the NGINX Proxy Manager on Raspberry Pi?

Benefits of Using the NGINX Proxy Manager

The NGINX Proxy Manager brings several benefits for home lab use cases:

  • Web-based interface for easily managing multiple reverse proxy configurations instead of editing NGINX config files manually
  • SSL encryption support for secure remote access to self-hosted services
  • Block common exploits and vulnerabilities with ModSecurity Web Application Firewall
  • Monitoring tools for proxy status, traffic, response times, and more

Hardware and Software Requirements

To install the NGINX Proxy Manager on a Raspberry Pi, you will need:

  • Raspberry Pi OS (32 or 64-bit)
  • Raspberry Pi 2 or newer (Pi 3 recommended)
  • 16GB+ SD card
  • Static IP address assigned to the Pi on your network

Step 1 – Prerequisites

Before installing the NGINX Proxy Manager, update the system packages:

sudo apt update

sudo apt upgrade -y

Install curl to download files later:

sudo apt install curl -y

Step 2 – Install and Set Up Docker

The NGINX Proxy Manager requires Docker to run as a container.

Install Docker with the convenience script:

curl -sSL https://get.docker.com | sh

Enable Docker auto-start and add your pi user to the docker group:

sudo systemctl enable docker

sudo usermod -aG docker ${USER}

You will need to reboot for group changes to take effect:

sudo reboot

Step 3 – Install NGINX Proxy Manager

Create directories for persistent data and appdata:

mkdir -p /home/${USER}/data

mkdir -p /home/${USER}/appdata

Launch the NGINX Proxy Manager docker container:

docker run -d 

  –name=nginx-proxy-manager 

  –restart=unless-stopped 

  -p 80:80 

  -p 81:81 

  -p 443:443 

  -v /home/${USER}/data:/data 

  -v /home/${USER}/appdata:/appdata 

  –label com.centurylinklabs.watchtower.enable=”true” 

  –log-opt max-size=10m 

  -e DEBUG=true 

  alexdoe/nginx-proxy-manager:latest

This exposes the web UI on ports 80 and 443, with persistent storage for configs, databases, and certificates mapped to the /data and /appdata host folders.

Step 4 – Access and Configure the Admin UI

Once the container is running, access the admin UI at:

http://your_pi_ip:81

The default login is:

Be sure to change this password immediately!

Under Settings > SSL Certificates, generate and install a free Let’s Encrypt SSL certificate for your domain.

Step 5 – Set Up Reverse Proxy Hosts

Now you can configure proxy hosts! Under the Proxy Hosts tab:

  1. Click Add Proxy Host
  2. Enter your domain and subdomain
  3. Select the target destination type and enter its information
  4. Click Submit to save

That’s it! Your reverse proxy will now forward traffic from the proxy subdomain to your destination service.

Optimizing Performance on the Raspberry Pi

To ensure optimal performance when running multiple proxy hosts on the Raspberry Pi, here are some tips:

  • Use a heatsink case or cooling fan to prevent overheating
  • Overclock the RAM and GPU if supported by your Pi model
  • Enable the Docker log-opt max-size option to rotate logs
  • Set the Docker Debug mode to false once setup is complete
  • Remove unused containers and images to conserve disk space

Conclusion

Installing the user-friendly NGINX Proxy Manager on a Raspberry Pi makes it trivial to set up reverse proxies with encryption for self-hosted services. With proxy hosts configured via the web UI, you don’t have to edit NGINX config files manually every time you want to route traffic or enable HTTPS.

The NGINX Proxy Manager brings enterprise-grade proxy management and security tools like ModSecurity WAF to your homelab. Combined with the low-cost and flexibility of the Raspberry Pi platfrom, it’s a robust solution for access and organization as your self-hosted environment grows in complexity.

Key Takeaways

  • The NGINX Proxy Manager provides a web UI for managing reverse proxies on NGINX
  • Simple to install via Docker on the Raspberry Pi
  • Enables encrypted access to self-hosted services through subdomains
  • Extra blocking and monitoring features compared to a basic NGINX setup
  • Streamlines managing multiple reverse proxy configurations

Frequently Asked Questions

  1. What are the hardware requirements to run NGINX Proxy Manager on a Pi?
    You need a Raspberry Pi 2 or newer. Pi 3 or 4 is recommended for best performance with multiple proxy hosts. Also use a heatsink case and 16GB+ SD card.

  2. What network ports need to be open on my router?
    Ports 80, 81, and 443 need to be routed to your Pi’s internal IP address.

  3. Do my self-hosted services need to be publicly exposed?
    No, your services can still be hosted privately on your LAN while allowing secure remote access through the reverse proxy URLs.

  4. How do I add a new proxy host?
    In the web UI go to Proxy Hosts > Add Proxy Host, then fill in the subdomain name, destination URL/IP, and other settings.

  5. Can I upload custom SSL certificates?
    Yes, you can upload your own SSL certificates under Settings instead of using the built-in Let’s Encrypt integration.

  6. What backup options are available?
    Apps data and NGINX configs can be backed up from the UI. You should also periodically backup the Docker volumes mapped to /data and /appdata.

  7. How do I migrate the proxy manager to a different device?
    Stop the container, backup the /data and /appdata volume directories from the host system, then restore them to the same paths on the new host.

  8. Can I monitor traffic flowing through proxy hosts?
    Yes, click Proxy Hosts > Access Lists to see bandwidth usage charts, response times, access logs, and more for each host.

  9. Is failed login protection available?
    Yes, under Settings > Authentication you can enable login protection against brute force password guessing.

  10. Can I set resource usage limits?
    Oom score adjustments and CPU/memory quotas for the Docker container can be configured under Settings > Container.

  11. What troubleshooting tips do you have?
    Check Debug Logs under About for helpful errors. Make sure your router has the necessary ports forwarded correctly to your Pi’s IP.

  12. How do I uninstall the NGINX Proxy Manager?
    Stop and remove the Docker container, then delete the /data and /appdata directories from the host system.

  13. What is the best way to optimize performance?
    Overclock your Pi’s CPU/GPU, enable log rotation, disable excess logging, and use a PI heatsink case or fan.

  14. Can I backup and restore the Proxy Manager configuration?
    Yes! Under Settings > Backup you can download a full backup or schedule automated backups to restore later.

  15. Is there phone or chat support available
    No phone support, but very active community forums available on GitHub to post issues or questions.

  16. What is the difference between NGINX and NGINX Proxy Manager
    NGINX is the actual reverse proxy server software. NGINX Proxy Manager provides the web UI and automation layer on top of NGINX open source.

  17. How do I migrate SSL certificates to a new Pi?
    Certs are stored under /data. You can backup this whole directory and restore to another instance without needing to reissue certificates.

  18. Can I restrict access to the Proxy Manager admin interface?
    Yes, under Settings > Authentication you can limit admin access to allowed IP ranges for increased security.

Leave a Comment