How to Use Nginx Proxy Manager for Remote Access to Home Services
In this guide, we’ll walk you through how to set up Nginx Proxy Manager (NPM) for securely accessing services hosted at home, using a Proxmox virtualized environment, VLANs for network segmentation, and Let’s Encrypt SSL certificates for secure HTTPS access. This will allow you to expose services running in your home network to the public internet with controlled access, all while ensuring the system is secure and efficient.
⚙️ Prerequisites
Before proceeding with the setup, make sure you have the following:
- Proxmox Setup: A running Proxmox Virtual Environment (VE) for hosting virtual machines (VMs) that run the services.
- Nginx Proxy Manager (NPM): Installed on a VM within Proxmox, running a reverse proxy to route external traffic to internal services.
- VLAN Configuration: To create a DMZ (Demilitarized Zone) with VLANs for segregating your internal network and making NPM more secure.
- Public Domain: A domain name (e.g.,
yourdomain.com) to create DNS records that point to your router’s public IP address. - Router with VLAN Support: To configure VLANs for DMZ and internal network segregation.
- SSL Certificates: Use Let’s Encrypt to automatically manage SSL certificates for secure HTTPS connections.
🖥️ Step 1: Setting Up Proxmox Virtualization
💿 1.1 Install Proxmox
If you don’t have Proxmox set up, follow these steps:
- Download the Proxmox ISO from Proxmox’s official website and install it on your server.
- Once Proxmox is installed, access the Proxmox web interface via
https://<YourProxmoxServerIP>:8006.
🧰 1.2 Set Up Virtual Machines (VMs)
You’ll need a VM for Nginx Proxy Manager (NPM) and potentially other VMs for the services you want to make publicly accessible.
- Create a new VM on Proxmox for NPM:
- In Proxmox, navigate to Datacenter > Node > Create VM.
- Allocate resources (CPU, RAM, disk space) according to the requirements of NPM and your other services.
- Create VMs for Services: Create additional VMs for the services (e.g., web server, file server) that you want to expose.
🌐 1.3 Network Configuration with VLANs
To set up a DMZ using VLANs for your NPM VM:
- In Proxmox, configure network interfaces by creating a VLAN bridge for the DMZ.
- Go to Datacenter > Node > Network and create a new VLAN bridge for each VM (e.g.,
vmbr1for DMZ). - Assign the correct VLAN tags to the interfaces.
- Go to Datacenter > Node > Network and create a new VLAN bridge for each VM (e.g.,
- Assign VLAN to VMs:
- Assign the NPM VM and any other service VMs to the appropriate VLAN bridge.
- Ensure that the NPM VM is on the DMZ VLAN to limit access to internal network services while still allowing external traffic.
🔐 1.4 Set Up a Firewall
- In Proxmox, configure firewall rules to restrict traffic from your internal network to the DMZ, allowing only specific ports (80, 443) to be open for NPM.
- Configure the router firewall to forward only the necessary ports (HTTP and HTTPS) to the DMZ.
🧱 Step 2: Install Nginx Proxy Manager (NPM)
🐳 2.1 Install Docker & NPM
We will install Nginx Proxy Manager on a VM in the DMZ using Docker. If Docker isn’t already installed, use the following commands to install Docker and NPM.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Install Docker
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install docker-ce docker-compose
# Set up Nginx Proxy Manager using Docker
docker volume create npm_data
docker run -d \
--name="npm" \
-p 81:81 \
-v npm_data:/config \
--restart=unless-stopped \
jc21/nginx-proxy-manager:latest
- This will set up NPM on port
81inside your network.
🌍 2.2 Access NPM Web Interface
Once NPM is running, you can access its web interface by navigating to http://<NPM_VM_IP>:81 from your browser. The default credentials are:
- Username:
admin@example.com - Password:
changeme
Change the password upon logging in for security.
🧾 Step 3: Set Up DNS Entries
🔎 3.1 Find Your Public IP Address
To make services accessible from the internet, you need your public IP address. You can find it by visiting a website like What Is My IP.
🌐 3.2 Create DNS Records
Go to your domain registrar (e.g., Namecheap, GoDaddy, Google Domains) and create DNS records for each service you want to expose to the internet.
- Create A Records:
- Type: A
- Name:
home.yourdomain.com(or any subdomain you want) - Value: Your public IP (e.g.,
123.456.78.90)
- Repeat the process for additional services, such as
files.yourdomain.com, if needed.
⏳ 3.3 Propagation
DNS changes might take a few hours to propagate, but once they are updated, you can access your services by typing the corresponding domain (e.g., https://home.yourdomain.com) in a browser.
🚪 Step 4: Set Up Port Forwarding on Your Router
🔁 4.1 Configure Port Forwarding
You’ll need to set up port forwarding on your router so that external HTTP and HTTPS requests are forwarded to NPM running in the DMZ:
- Forward ports 80 (HTTP) and 443 (HTTPS) to the internal IP address of the NPM VM.
- External Port: 80 → Internal IP Address of NPM: 80
- External Port: 443 → Internal IP Address of NPM: 443
- This ensures that when someone tries to access
http://home.yourdomain.comorhttps://home.yourdomain.com, the traffic will be routed to NPM. Make sure you also route port 80 even if you do not indent to use HTTP - Let’s Encrypt needs this port to verify the domain name!
🧱 4.2 Enable DMZ Access
Ensure that the DMZ (where NPM is hosted) can receive traffic from the internet, but other internal devices are protected.
🔐 Step 5: Configure SSL with Let’s Encrypt in NPM
🛠️ 5.1 Enable SSL in NPM
NPM can automatically obtain SSL certificates from Let’s Encrypt for your domain. Here’s how to configure it:
- Navigate to Proxy Hosts in the NPM dashboard.
- Click on Add Proxy Host to create a new proxy.
- Fill in the following details:
- Domain Names: The domain/subdomain you created (e.g.,
home.yourdomain.com). - Scheme: Choose
httporhttpsdepending on the service. - Forward Hostname / IP: The internal IP address of the service you want to proxy (e.g.,
192.168.1.100). - Forward Port: The internal port of the service (e.g.,
80for a web server).
- Domain Names: The domain/subdomain you created (e.g.,
- Under the SSL section:
- Check Enable SSL.
- Select Request a new SSL certificate to get a certificate from Let’s Encrypt.
- Select Force SSL to ensure all traffic is encrypted.
- Click Save to apply the configuration.
Once this is done, NPM will automatically request and install a free SSL certificate from Let’s Encrypt for your domain, and the connection will be secure.
🔍 5.2 Verify SSL Access
Test your setup by visiting https://home.yourdomain.com. You should see the service running over HTTPS, secured with an SSL certificate from Let’s Encrypt.
🧪 Step 6: Test and Monitor Access
📡 6.1 Test Remote Access
From an external network (e.g., mobile data or another Wi-Fi), try accessing your domain (e.g., https://home.yourdomain.com). If everything is set up correctly, you should be able to access your service securely via HTTPS.
📊 6.2 Monitor NPM and Services
- Regularly monitor NPM logs and system performance.
- Ensure that SSL certificates are renewed automatically by Let’s Encrypt. NPM handles this automatically, but you should verify it occasionally.
🧠 Final Thoughts
By combining Proxmox, VLANs, Nginx Proxy Manager, and Let’s Encrypt, you can easily expose services hosted on your home network to the public internet in a secure manner. This setup not only makes your home services accessible remotely but also ensures that they are protected using SSL encryption and proper network segmentation.
With Nginx Proxy Manager, managing and securing remote access becomes much easier, and the use of VLANs ensures that your internal network remains protected from potential threats.