Today we are going to look at how to how to install Nginx Proxy Manager on a Raspberry Pi!
If you’re exposing any services on your network, using a reverse proxy is a great way to increase security and performance. A reverse proxy is a server that sits in front of your web servers and forwards client requests to the web servers. In layman’s terms, you only have to expose one server (using ports 80/443) and will be able to expose as many web services as you want.
This is an example of the network flow of a reverse proxy (simplified):
This tutorial will utilize a Raspberry Pi, which is great for home use, but if you’re hosting anything with a lot of traffic, you’re probably better off using a more capable server. We will check the status of the application after it’s finished installing by using Portainer, but this isn’t required.
Instructions – Nginx Proxy Manager Raspberry Pi
Ensure that Docker is installed. If it’s not installed, you can learn how to install it here.
1. We need to use docker compose to create the Nginx Proxy Manager container. This requires us to install a few dependencies – run the install commands below in order.
sudo apt-get install -y libffi-dev libssl-dev sudo apt-get install -y python3 python3-pip sudo pip3 -v install docker-compose
2. After the commands finish installing, we need to create a folder where our config and docker-compose files will exist. We will then navigate to that folder and create a file named config.json.
mkdir nginx cd nginx nano config.json
3. Paste these contents into the config file.
{
"database": {
"engine": "mysql",
"host": "db",
"name": "npm",
"user": "npm",
"password": "npm",
"port": 3306
}
}
4. Save the file and exit it. Create a new file named docker-compose.yml
nano docker-compose.yml
5. Paste the contents below into the docker-compose file.
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
db:
image: 'yobasystems/alpine-mariadb:latest'
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- ./data/mysql:/var/lib/mysql
If you receive an error and the container will not start and is running as “unhealthy”, please follow the instructions below:
Special thanks to Plan945 for commenting with the solution.
Replace this in the docker-compose.yml:
image: 'yobasystems/alpine-mariadb:latest'
With this:
image: 'yobasystems/alpine-mariadb:10.4.17-arm32v7'
6. Save the file and exit. You should have two files that exist in the nginx folder. Run the command below to start the docker container.
sudo docker-compose up -d
7. The container will download and install all the necessary files.
8. We will now adjust both of the containers that Nginx Proxy Manager uses to automatically start when your Raspberry Pi is rebooted.
sudo docker update --restart always nginx_app_1 sudo docker update --restart always nginx_db_1
9. Restart your Raspberry Pi – very important!
sudo reboot now
10. After the reboot is complete, the container will take a few minutes to fully install. You can run the command below to check on the status of the container. When it reports “healthy”, you will be able to navigate to the Nginx Proxy Manager website. Alternatively, if you setup Portainer, you can open Portainer and check on the status of the container there.
sudo docker ps
11. Wait for the status to change to healthy.
12. Navigate to the IP address of your Raspberry Pi and port 81.
http://[RASPBERRY_PI_IP]:81
13. The default email address is [email protected] and the password is changeme. When you log in, you will be asked to change this information.
14. At this point, Nginx Proxy Manager is fully installed. You will need to open ports 80/443 on your router to point to your Raspberry Pi. From there, you will have to configure Nginx Proxy Manager. The majority of people will use Nginx Proxy Manager as nothing more than a proxy manager. I’m not going to go through the process of configuring a service as this will be different for everyone, but check out the video if you’re interested in seeing how it can be used as I went through an example there!
Conclusion
If you’re exposing services on your network, using a reverse proxy is a great idea. A lot of people don’t have a need for a full server running Nginx Proxy Manager, so a Raspberry Pi is a great option in that case. It runs well and is somewhat simple to setup.
Thanks for reading the tutorial. If you have any questions, leave them in the comments!
Hello,
-I can access Bitwarden Local.
Bitwarden runs great locally on port 8080
-nginx_db_1 which also works correctly:
MySQL init process done. Ready for start up.
Error:
-on nginx_app_1 this error comes every seconds:
[10/4/2021] [Time AM] [Global ] ‘ ✖ error connect ECONNREFUSED 172.18.0.2:3306
– On heuristic_margulis:
level=info msg=”2021/10/04 Time http error: Invalid JWT token (err=Invalid JWT token) (code=401)”
Yes firewall I have an EdgeRouter X v2.0.9
I hope you can help me with mom with my knowledge at the end
greetings Chrisi
Hi worked with this command now I come to the Nginx Proxy Manger am logged in
docker-compose up -d db
Thanks
A potentially unsafe operation has been detected in your request to this site
Your access to this service has been limited. (HTTP response code 403)
If you think you have been blocked in error, contact the owner of this site for assistance.
Block Technical Data
Sorry for not getting to your messages in time. Since you’re using a firewall, did you allow access on that port? Is the port properly opened from the outside?
Dear Wundertech
When I try to create a new Bitwarden account with a master password I get the following error message:
PS: Release ports as described
Browser entered the IP:8080/#/[email protected] comes the following:
This browser requires HTTPS to use the web vault
Check the Vaultwarden wiki for details on how to enable it
because if I call the DDNS address that appears in the Nginx no login is possible.
What else can I change
In the URL, are you using HTTPS? Do you see a valid certificate?
Yes the DDNS is displayed in https:// and the certificate from Lets Encrypt too.
In the browser I can call the 192.168.x.x:8080 but Reg. does not work either see previous post.
What else can I do?
lg
I don’t think you’ll be able to register without using a valid SSL certificate, which is why the IP address won’t work. Unfortunately, I’m not entirely sure what it can be, but if you can get the DDNS hostname + SSL certificate working, you should be able to register.
SSL page opens but another internal page, Lets Encrypt Cert. I can download, in the browser is “Secure” therefore it can not be the Zert, only on what is the question
Hello
nginx_app_1 is in my nginx always only running and not healthy
This could be the reason can I send you somehow the log of nginx_app_1 maybe you find the error because in the net I do not want to post it thanks
thx
I unfortunately won’t be able to solve the problems with logs only, though I wish I could. If you can, I’d start over and see if you can pinpoint where it’s going wrong.
Can you reach them where in a chat that we do it together ?
Dear Wundertech
You can write me a mail regarding this if you want to
Thanks in advance
?
I’m unfortunately very busy and don’t offer 1-on-1 support at this time. The instructions shown are what has worked for me, but individual factors can contribute to different issues.
Thanks I thought so but thank you
But a pity