A time comes in a homelabber’s journey where it isn’t enough to simply publish ports, or map ports from docker. There are many limitations to simply having a bunch of web services on different ports:
- Browsers expect HTTP to be served on port 80 and HTTPS on port 443. That limits you to a single “correctly” mapped service per IP.
- Speaking of HTTPS, most services get published on unencrypted HTTP, or HTTPS with self-signed certs. Browsers dislike http and really dislike https on untrusted certs.
- No descriptive names. What service are you running on what port?
These are all problems that a reverse proxy can solve.
What Reverse Proxy should we use?
Wait, haven’t we already talked about reverse proxies? Yep, in fact I have a published reverse proxy guide for caddy already! Choice is a wonderful thing however, and we can improve our choice with Nginx Proxy Manager. This doesn’t make Nginx Proxy Manager the right choice, or caddy the wrong one: they are just different tools to accomplish the same thing.
This guide will:
- Install the Nginx Proxy Manager web server into a docker container
- set caddy to proxy a docker service
- show the following capabilities with caddy:
- Hot Reloading
- IP Whitelisting
- Proxying self signed TLS services
- Serving with Self Signed TLS
- Using ACME based providers for signed SSL certificates
Like most of my guides, this guide will be docker oriented. You will need:
- A docker server (this guide will be running a minimal fedora installation with docker)
- If following the let’s encrypt components, a valid registered domain with a registrar like cloudflare.
Let’s install nginx proxy manager!