nginx ignition is a web-based user interface for the nginx web server that lets developers and home lab enthusiasts configure and manage nginx without editing configuration files by hand. It solves the complexity barrier of nginx’s text-based config system by offering a visual, form-driven interface for common tasks like setting up virtual hosts, SSL certificates, and routing rules.
Built with Go and React, nginx ignition runs as a standalone application that can either manage nginx directly or generate config files for external use. It supports Docker, Docker Swarm, Tailscale, NetBird, and TrueNAS, with native packages for Linux, Windows, and macOS. The app uses SQLite by default and PostgreSQL for production, with multi-language support and built-in logging, caching, and security controls.
What You Get
- Virtual Hosts - Create and manage multiple domains with custom routes, port bindings, and server names through a visual interface without touching nginx.conf.
- Stream Proxying - Configure TCP, UDP, and Unix socket proxies with SNI-based routing, circuit breakers, and load balancing for non-HTTP services.
- Automated SSL Certificates - Automatically obtain and renew Let’s Encrypt certificates or upload custom SSL certs for HTTPS-enabled virtual hosts.
- Server Configuration Panel - Adjust nginx server-level settings like client_max_body_size, server_tokens, timeouts, and log levels via form inputs.
- Real-Time Traffic Statistics - Monitor request rates, response times, and traffic breakdowns by host, domain, and upstream server in a live dashboard.
- Caching Configuration - Enable and tune nginx’s built-in caching for static and dynamic content with a simple UI toggle and parameter inputs.
- Multi-Language Support - Full UI localization in 11 languages including English, Chinese, German, Spanish, Japanese, and Russian.
- Docker & VPN Integrations - First-class support for Docker, Docker Swarm, Tailscale, NetBird, and TrueNAS with pre-configured network setups.
- Two-Factor Authentication & ABAC - Secure access with 2FA, attribute-based access control, and per-host IP-based or basic auth restrictions.
- Automatic Log Rotation - View and manage access and error logs for the server and each virtual host with built-in rotation and retention policies.
- Config Generation Mode - Generate nginx configuration files without running the server, useful for deployment automation or air-gapped environments.
Common Use Cases
- Running a homelab reverse proxy - A home user uses nginx ignition to expose multiple services (Nextcloud, Portainer, Radarr) to the internet with SSL and domain routing without learning nginx syntax.
- Managing a multi-site development environment - A developer configures 5 different local domains with custom ports and SSL for testing web apps without editing nginx.conf files manually.
- Securing internal services with access control - A sysadmin sets up IP-based and basic auth restrictions on internal dashboards using nginx ignition’s ABAC and host-level access lists.
- Deploying nginx with Docker in production - A DevOps engineer uses the provided docker-compose.yml to deploy nginx ignition with PostgreSQL, health checks, and automated SSL for a small-scale production service.
Under The Hood
Architecture
- Clear separation of concerns through layered modules (cache, stream, host, integration) with well-defined interfaces and decoupled implementations
- Dependency injection via a central container enables dynamic service registration and modular extension of core functionality
- Plugin-style integration system based on Strategy pattern allows seamless addition of new VPNs and drivers without core modifications
- Nginx configuration generation is abstracted through a composite fileProvider facade that unifies domain-specific generators
- Configuration loading uses a singleton pattern with environment and flag fallbacks to ensure consistent behavior across environments
- Multi-platform build automation supports cross-compilation and containerized deployment with minimal overhead
Tech Stack
- Go 1.21+ backend with custom HTTP handlers, JWT authentication, and embedded Nginx server compiled as a Go binary
- Embedded Nginx enhanced with Lua, JS, VTS, GeoIP2, and stream modules for dynamic configuration and real-time metrics
- PostgreSQL 18-alpine as the primary database with Go-managed migration scripts for schema evolution
- Multi-platform packaging via Makefile, Go build flags, and nfpm to produce Debian, RPM, APK, and Arch packages
- Dockerized deployment with health checks, multi-arch image builds, and lightweight Alpine-based containers
- Comprehensive Go tooling including golangci-lint, gosec, govet, gofumpt, and golines for code quality and consistency
Code Quality
- Extensive test coverage across unit, integration, and end-to-end scenarios using testify and gomock
- Clean layering of API handlers, command services, and repositories enables testability and maintainability
- Robust error handling with typed errors and structured validation, relying on explicit returns and centralized wrapping
- Consistent naming conventions and domain-driven patterns (DTO, service, repository) improve readability and predictability
- Strong type safety enforced through static typing, UUIDs, and domain-specific structs that prevent invalid states
- Strategic use of dependency injection and mockable interfaces ensures components can be tested in isolation
What Makes It Unique
- Uses a dependency injection container to orchestrate Nginx configuration lifecycle events, enabling dynamic integration of certificates, VPNs, and settings
- Implements a unified, string-based permission system that provides fine-grained RBAC across Nginx, logs, certificates, and VPNs
- Integrates TOTP-based two-factor authentication directly into the infrastructure layer, treating auth as a core concern
- Modular component architecture allows services to self-register, enabling extensibility without touching core logic
- Generic, type-safe pagination system (Page[T]) eliminates boilerplate while preserving type safety across all data endpoints
- Embeds certificate and configuration management as first-class domain objects with declarative scheduling for automated renewal and reloads