nginx ignition

A modern web UI for nginx that eliminates config file editing with visual virtual hosts, SSL automation, Docker integrations, and real-time traffic analytics.

2.1Kstars
151forks
MIT License
Go

nginx ignition is a web-based control panel for the nginx web server, built for developers and homelab enthusiasts who want the full power of nginx without manually editing configuration files. It wraps nginx’s text-based configuration system in a clean, form-driven interface that handles the most common tasks — virtual hosts, SSL certificates, routing rules, and stream proxies — through point-and-click controls.

Built on a Go backend with a React and Ant Design frontend, nginx ignition runs as a standalone application that can either manage nginx directly or generate configuration files for external use. It ships with first-class support for Docker, Docker Swarm, Tailscale, and NetBird VPN integrations, and supports TrueNAS for NAS-hosted deployments. The application uses SQLite by default for quick starts, with PostgreSQL recommended for production environments.

The project follows an active release cadence with over 70 releases since November 2024, adding features like two-factor authentication, traffic statistics, database backup and restore, external SSL certificate support, and a rebuilt dashboard home page. Installation options span Docker, native Linux packages (Debian, RPM, Alpine, Arch, OpenWrt), and Windows and macOS ZIP archives.

nginx ignition is explicitly scoped for common homelab and developer use cases rather than enterprise-grade complexity. Its goal is to deliver a powerful, intuitive nginx experience for the scenarios most self-hosters actually encounter, without trying to replace manual configuration for highly advanced setups.

What You Get

  • Virtual Hosts - Create and manage multiple domains with custom routes, port bindings, and server names through a visual interface without touching nginx.conf.
  • Stream Proxying - Configure TCP, UDP, and Unix socket proxies with SNI-based routing, circuit breakers, and load balancing for non-HTTP services.
  • Automated SSL Certificates - Automatically obtain and renew Let’s Encrypt certificates via ACME with support for dozens of DNS challenge providers, or upload custom and self-signed certs.
  • External Certificate Support - Point nginx ignition at certificate and key files managed by external tools like Certbot, letting it read and use them without taking ownership.
  • Real-Time Traffic Statistics - Monitor request rates, response times, bandwidth, and traffic breakdowns by host, domain, and upstream server in a live dashboard powered by embedded nginx VTS and GeoIP2 modules.
  • Server Configuration Panel - Adjust nginx server-level settings including client_max_body_size, server_tokens, timeouts, and log levels via form inputs without editing configuration files.
  • Caching Configuration - Enable and tune nginx’s built-in caching for static and dynamic content with toggle controls and parameter inputs.
  • Docker and VPN Integrations - First-class support for Docker, Docker Swarm, Tailscale, and NetBird VPNs, automatically resolving container addresses and VPN peers as routing targets.
  • Two-Factor Authentication and ABAC - Secure the management interface with TOTP-based 2FA and attribute-based access control, with per-host IP allowlists and basic auth restrictions.
  • Database Backup and Restore - Export and import the full configuration database (SQLite or PostgreSQL) through the UI for migrations, disaster recovery, or instance cloning.
  • Automatic Log Rotation - View and search access and error logs for the server and each virtual host with built-in rotation, configurable retention, and surrounding-line context for search matches.
  • Config Generation Mode - Generate nginx configuration files without running the server, useful for deployment automation, GitOps pipelines, or air-gapped environments.

Common Use Cases

  • Running a homelab reverse proxy - A home user exposes multiple self-hosted services (Nextcloud, Portainer, Radarr) to the internet with custom domains and Let’s Encrypt SSL without learning nginx configuration syntax.
  • Managing a multi-site development environment - A developer configures several local domains with custom ports and self-signed SSL for testing web applications without manually editing nginx.conf on each environment.
  • Securing internal services with access control - A sysadmin locks down internal dashboards with IP-based allowlists and basic auth restrictions using nginx ignition’s per-host access list controls.
  • Deploying nginx in Docker with PostgreSQL - A small team uses the provided docker-compose.yml to run nginx ignition with PostgreSQL, health checks, and automated Let’s Encrypt certificates as a production reverse proxy.
  • Exposing VPN-connected services - A developer uses the Tailscale or NetBird integration to route nginx traffic to peers and subdomains on a private VPN network without manual IP management.
  • Migrating from manual nginx configs - An operator imports existing nginx setups into nginx ignition and transitions management to the UI while still being able to export raw configuration files when needed.

Under The Hood

Architecture nginx ignition is organized as a Go workspace monorepo with clearly bounded modules: a core domain layer, an API layer built on Gin, a database layer, dedicated modules for each certificate provider, and separate packages for each VPN and integration driver. The application wires everything together through a dependency injection container backed by Uber’s dig library, which registers providers, singletons, and installation functions at startup. Certificate providers (Let’s Encrypt, self-signed, custom, external), VPN drivers (Tailscale, NetBird), and integration drivers (Docker, TrueNAS) each implement well-defined interfaces and are aggregated into slices at the container level, enabling the core to work against abstractions rather than concrete implementations. Nginx configuration is regenerated and reloaded through a lifecycle-aware command interface that fires startup and shutdown events, and certificate renewal runs on a declarative scheduler. The result is a modular system where adding a new VPN provider or DNS challenge handler requires only implementing the relevant interface and registering it in the container.

Tech Stack nginx ignition’s backend is Go 1.26 using the Gin web framework for HTTP routing and JWT-based authentication via golang-jwt. The ORM layer uses Bun with both SQLite (modernc, no CGO) and PostgreSQL dialects, with schema evolution handled by golang-migrate. The custom-compiled nginx binary embeds Lua (via LuaJIT), NJS, the VTS traffic statistics module, GeoIP2, and stream support to power real-time metrics and dynamic configuration. The frontend is React 19 with TypeScript, Ant Design 6 and Ant Design Pro Components for the UI, React Router 7 for navigation, and CodeMirror 6 for the in-browser code editor. Vite 8 handles bundling, and the compiled frontend assets are served directly from the Go binary. TOTP-based two-factor authentication uses the pquerna/otp library. Packaging targets Debian, RPM, Alpine, Arch, OpenWrt, Windows, and macOS using nfpm and Makefile automation, with GitHub Actions for CI and SonarCloud for code quality analysis.

Code Quality nginx ignition maintains comprehensive test coverage across the database layer with integration tests that spin up real SQLite and PostgreSQL instances using a test harness, and unit tests throughout the core and API layers using testify and Uber’s gomock for interface mocking. The codebase follows a consistent domain-driven layering of command interfaces, service implementations, and repositories, making each layer independently testable. Error handling uses typed errors with an i18n-aware message system and explicit returns throughout — no silent swallowing. A golangci-lint configuration enforces formatting, naming, and code style, and SonarCloud runs on every release for continuous quality metrics. The Go workspace setup isolates modules cleanly, preventing accidental cross-module coupling.

What Makes It Unique nginx ignition takes the uncommon approach of compiling nginx from source with embedded Lua, NJS, VTS, and GeoIP2 modules as part of its own Docker image build, rather than wrapping a stock nginx installation. This lets it ship a purpose-built nginx binary that exposes the statistics and dynamic configuration hooks needed for its live dashboard, without requiring users to maintain a custom nginx build themselves. The dependency injection architecture, unusual for a Go application of this size, enables a genuine plugin model where certificate providers, VPN drivers, and deployment integrations are self-registering components that the application orchestrates without hardcoded references. The generic, type-safe pagination type Page[T] eliminates per-entity boilerplate across all list endpoints while preserving compile-time safety.

Self-Hosting

nginx ignition is released under the MIT License, which grants broad freedoms: you can use it commercially, modify it, distribute it, and sublicense it with no copyleft obligations. The only requirement is that the license and copyright notice be included in distributions. There are no open-core restrictions, no feature gates for self-hosted instances, and no license keys required. Everything in the repository is available to every user equally.

Running nginx ignition yourself means taking on the full operational burden. You are responsible for the host or container, database backups (the UI provides export/import, but scheduling and offsite storage are on you), nginx upgrades (nginx ignition ships a custom-compiled binary bundled in its Docker image, so updating means pulling a new image), and TLS certificate renewal automation (handled internally via ACME, but you need to ensure the process stays healthy). The application has no built-in high-availability mode — a single-node deployment is the standard setup. PostgreSQL is recommended over SQLite for production, adding a dependency you will need to manage. For most homelab and small team use cases the operational footprint is light, but production deployments serving significant traffic will need monitoring, backup automation, and a plan for downtime during updates.

There is no official hosted or managed version of nginx ignition, and the project explicitly positions itself as a homelab and developer tool rather than an enterprise product. This means there are no SLAs, no commercial support channels, no managed upgrade paths, and no HA clustering options. If you need enterprise features like role-based multi-tenancy, audit logging, SSO integration, or guaranteed uptime, you will need to build those on top of the open-source base or evaluate a commercial nginx management product instead.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search