Why you need Reverse Proxy

Reverse Proxy provides a means to allow more than one service to be offered on your single IPv4 WAN address that is granted to your router by your ISP. In the last tutorial entitled “Why you need DDNS” we defined a ddns record for your domain name and configured a client on your local network to update the address in case it changes. In this video, we learn how to configure NginX Proxy Manager and also subdomain records which are CNAME aliases for your services at your domain name provider.

For simplicity, I created a LXD container presented to my main LAN in order to run the NginX Proxy Manager (NPM) application. Note that the configuration of LXD and the bridgeprofile are subjects covered in my other tutorials.

lxc launch ubuntu:22.04 npm --profile default --profile bridgeprofile -c boot.autostart=true -c security.nesting=true

I connected to the LXD container console:

lxc exec npm bash

The following commands to create NPM will work on this LXD container, a virtual machine or even a Raspberry Pi. Note that you may need to “sudo” the commands if you are not running as root.

apt update

Create myself an account. Add it to the sudo group and connect to the user account.

adduser scott
usermod -aG sudo scott
su - scott

Install docker and docker-compose:

curl -sSL https://get.docker.com | sh
sudo apt install docker-compose

Add my username to the docker group:

sudo usermod -aG docker scott
newgrp docker
groups

Make a folder for NPM and move into it:

mkdir NPM
cd NPM

Edit the docker-compose file:

nano docker-compose.yml

Insert the following, making adjustments to the ports left of the colon if needed.

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

Go to your router and add port forwards for port 80 & 443 that point to the address of the docker host (the LXD container, VM, or Raspberry Pi). If you changed the port left of the colon for port 80 or 443 in the docker-compose file, you need to listen to ports 80 & 443, but have them forward to your port numbers with the address of your server.

Back at the terminal, start the app:

docker compose up -d

We needed an application to host as an example. For this, I added a “grocery list app” which is a docker container named “grocy”. Either create another LXD container or go to your home folder on the NPM container and create a new folder:

cd
mkdir grocery
cd grocery

Edit the docker compose for this application.

nano docker-compose.yml

Enter the following, adjusting for your time zone and port number if desired.

version: "2.1"
services:
  grocy:
    image: lscr.io/linuxserver/grocy:latest
    container_name: grocy
    environment:
      - TZ=America/Chicago
    volumes:
      - ./config:/config
    ports:
      - 9283:80
    restart: unless-stopped

Launch the application:

docker compose up -d

You should be able to visit your web browser and access the app at your address http://a.b.c.d:9283

The next step is to go to your domain name provider and add a cname record that points to your domain as in the video:

grocery.yourdomain.com

Once you have your CNAME record, you can go back to NPM and create a record for your new service as shown in the video. Once that’s done, your service will be reachable from the Internet with an address like:

https://grocery.yourdomain.com/

The port is not needed because it is defined by the NPM definition.

1 Like