🌐 Setup Nginx Proxy Manager (NPM)
Deploy a powerful reverse proxy with a web UI and built-in Let's Encrypt SSL support on Ubuntu 22.04 or 24.04 — fully automated.
📦 Resources & Setup Scripts
Grab the automated bash script from GitHub to follow along with the video.
Quick Install:
Tutorial Steps
1 Download & Run the Script
The script automatically installs Docker if missing, generates secure DB credentials, creates the docker-compose.yml and starts everything.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/npm/npm-ubuntu.sh
chmod +x npm-ubuntu.sh
sudo bash npm-ubuntu.sh2 Access the Admin Panel
Open your browser and go to the NPM admin UI:
http://<your-server-ip>:813 Login with Default Credentials
| Field | Value |
|---|---|
| admin@example.com | |
| Password | changeme |
4 Add Your First Proxy Host
Go to Proxy Hosts → Add Proxy Host, fill in your domain name and forward it to your internal service. Enable SSL with Let's Encrypt in the SSL tab.
Ports Used
| Port | Purpose |
|---|---|
| 80 | HTTP traffic |
| 443 | HTTPS traffic |
| 81 | Admin Web UI |
Files Location
/root/docker/npm/
├── docker-compose.yml
├── config.json
├── data/
└── letsencrypt/Overview
Nginx Proxy Manager (NPM) is a reverse proxy management tool with a web UI, built on top of the battle-tested Nginx web server. It allows you to host multiple web services on a single server under different domain names, manage SSL/TLS certificates via Let's Encrypt with one click, and set up HTTP authentication — all without writing a single Nginx config file.
Why Use It
Nginx Proxy Manager gives you a visual dashboard to manage reverse proxies, SSL certificates, and access lists without touching Nginx config files. For businesses, it means faster deployments, fewer configuration errors, and less reliance on senior engineers. It handles Let's Encrypt certificate provisioning and renewal automatically, supports multiple domains, and secures internal services behind access controls — all while running a battle-tested Nginx engine under the hood.
When You Need It
Who Should Use It
Real Use Cases
Main Features
How to Use After Installation
Security Best Practices
Ports and Firewall Notes
NPM requires three ports. Port 80 must be public for HTTP traffic and Let's Encrypt HTTP-01 validation — without it certificate provisioning fails. Port 443 must be public for HTTPS traffic. Port 81 is the admin dashboard and must never be exposed publicly; restrict it through your firewall to trusted IPs only. Leaving port 81 open allows anyone to attempt login to your proxy management interface.
Backup and Maintenance
Common Mistakes
Troubleshooting
Alternatives
Caddy is a lightweight web server with automatic HTTPS — simpler but lacks a GUI. Traefik is designed for containerized environments with automatic service discovery via Docker labels; powerful but steeper learning curve. Cloudflare Tunnel exposes internal services without opening inbound ports and adds DDoS protection, but requires a Cloudflare account. HAProxy is a high-performance load balancer for enterprise workloads but requires manual configuration with no visual management interface.
When Not to Use It
NPM may not be right when you need high-availability clustering or load balancing across multiple servers — a dedicated load balancer like HAProxy would be better. For fully containerized infrastructure with dynamic scaling, Traefik handles routing changes more seamlessly. At enterprise scale with thousands of domains and advanced traffic management, a purpose-built edge proxy or CDN provides better control. If you prefer managing Nginx directly through version-controlled config files, NPM's GUI may feel limiting.
PrismaTechWork Professional Help
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Frequently Asked Questions
Is Nginx Proxy Manager free to use?
Yes, fully open-source and free. No licensing fees, feature tiers, or usage limits. You run it on your own infrastructure.
Can NPM handle high-traffic production websites?
NPM runs Nginx under the hood, one of the most performant web servers available. It handles significant traffic for most small to medium deployments. For very high-traffic environments, consider dedicated load balancers or CDN integration.
How does NPM compare to managing Nginx directly?
NPM provides a visual interface that generates Nginx config files for you — reducing human error, speeding up SSL setup, and making proxy management accessible. Advanced users can still inject custom directives when needed.
Does NPM support wildcard SSL certificates?
Yes, through the Let's Encrypt DNS-01 challenge. Configure DNS credentials for your provider (Cloudflare, Route53, etc.) so NPM can create the required TXT records automatically.
Can I run NPM on the same server as my applications?
Yes. Make sure no other service uses ports 80, 443, or 81. Your applications should listen on different internal ports that NPM proxies traffic to.
What happens if the NPM container crashes or restarts?
All data is stored in a persistent Docker volume that survives restarts. Using docker-compose with restart: unless-stopped ensures automatic recovery.
Can I use NPM with Cloudflare or other CDN services?
Yes. Set Cloudflare SSL mode to Full (Strict) if NPM has a valid certificate, or Full for self-signed. You get Cloudflare DDoS protection and caching while NPM handles the reverse proxy layer.
How do I migrate NPM to a new server?
Stop the container, copy the entire data volume to the new server, deploy a fresh NPM container pointing to the copied data, verify all hosts and certificates, update DNS if the IP changed, and test each proxy host.