Nginx Proxy Manager is a Docker container that provides a user-friendly web interface to manage Nginx reverse proxies without requiring deep knowledge of Nginx configuration. It’s designed for home users and self-hosters who want to securely expose services like Home Assistant, Nextcloud, or Radarr to the internet with HTTPS, using Let’s Encrypt for free SSL certificates.
Built with TypeScript and powered by Nginx, it integrates with Docker Compose for easy deployment and includes a built-in database (SQLite or MySQL) to store configurations. The interface is built on Tabler UI, and it supports advanced Nginx overrides for power users while keeping the default experience simple enough for beginners.
What You Get
- Reverse Proxy Hosts - Create and manage HTTP/HTTPS proxy rules for internal services like Home Assistant or Plex with a point-and-click interface, without editing Nginx config files manually.
- Automatic Let’s Encrypt SSL - Automatically obtain and renew free SSL certificates for your domains without manual intervention or command-line tools.
- Custom SSL Certificate Upload - Upload and assign your own SSL certificates for domains that can’t use Let’s Encrypt, such as internal or private domains.
- Access Lists & HTTP Auth - Restrict access to proxy hosts using IP whitelists or basic HTTP authentication with username/password credentials.
- Multi-User Management - Create user accounts with granular permissions (view-only or admin) to delegate proxy host management across family members or team members.
- Audit Log - Track all changes made to proxy hosts, SSL certificates, and user actions for security and troubleshooting purposes.
- Stream Proxy Support - Forward TCP/UDP streams (e.g., for game servers or MQTT) alongside HTTP traffic using the same interface.
- 404 Host Configuration - Define a custom fallback page or service to handle unmatched domains, improving user experience and security.
Common Use Cases
- Exposing Home Assistant to the internet - A smart home enthusiast uses Nginx Proxy Manager to securely serve Home Assistant over HTTPS with Let’s Encrypt, avoiding port forwarding directly to the device.
- Running a personal Nextcloud instance - A user configures Nginx Proxy Manager to proxy their Nextcloud server with SSL, enabling secure file access from anywhere without exposing the container directly.
- Managing multiple self-hosted apps - A tech-savvy parent uses Nginx Proxy Manager to route traffic to Radarr, Sonarr, and Jellyfin using subdomains (radarr.home, jellyfin.home) with unified SSL and access controls.
- Delegating proxy access to family members - A homeowner grants view-only access to their spouse for monitoring services and admin access to their teen for managing new app deployments without giving full server access.
Under The Hood
Architecture
- Clear separation of concerns through dedicated service layers that handle business logic, decoupled from HTTP route handlers via dependency injection
- Modular frontend architecture with React components tightly aligned to backend services, ensuring cohesive data flow and state encapsulation
- Repository pattern implemented with Knex.js to abstract database operations, enhancing testability and database agnosticism
- API contract consistency between frontend and backend through standardized response and request structures, though layers remain loosely coupled in state management
Tech Stack
- Node.js backend powered by Express and Objection.js with Knex as the query builder for robust database interactions
- React frontend with TypeScript, @tanstack/react-query for data fetching, and react-bootstrap for UI components
- MySQL database with Knex-based migrations ensuring schema evolution aligns with code changes
- Docker-based deployment using multi-stage builds and official Nginx images for lightweight, production-ready reverse proxying
- Comprehensive testing tooling including Jest, React Testing Library, and Cypress, with integrated Swagger validation
Code Quality
- Extensive end-to-end testing with Cypress that validates API contracts through real HTTP requests and Swagger schema verification
- Consistent use of descriptive test naming, structured setup hooks, and environment-aware configurations for maintainable test suites
- Strong static typing with TypeScript across the codebase, complemented by ESLint, Prettier, and Swagger linting in the CI pipeline
- Minimal server-side error handling, relying on standardized HTTP status codes and response structures rather than custom error classes
What Makes It Unique
- Native Nginx configuration generator with real-time reloads and automatic rollback capabilities, eliminating manual config edits and reducing downtime
- Unified dashboard that visually correlates proxy hosts, SSL certificates, and DNS records in a single interactive interface
- Built-in ACME certificate automation with dynamic DNS provider integration for seamless, hands-off SSL provisioning
- Granular audit logging that ties user actions directly to live configuration changes, enabling compliance and forensic traceability
- Extensible frontend table system with dynamic columns and server-side filtering that adapts across diverse data domains
- Tightly integrated two-factor authentication with backup code regeneration and per-user enforcement, embedded into the core admin workflow