Set up Nginx Proxy Manager on AlmaLinux 8: Best Setup

By Posted on

Set up Nginx Proxy Manager on AlmaLinux 8: Best Setup

Set up Nginx Proxy Manager on AlmaLinux 8: Best Setup

In this guide from Orcacore, we’ll explore the best way to Set up Nginx Proxy Manager on AlmaLinux 8. Nginx Proxy Manager is a powerful tool, fitting into the Load Balancer / Reverse Proxy category. It’s delivered as a pre-built Docker image, simplifying the process of forwarding traffic to your websites, even those running at home. It handles SSL certificates with Letsencrypt, without needing extensive Nginx configuration knowledge. Let’s delve into how to Set up Nginx Proxy Manager on AlmaLinux 8.

Set up Nginx Proxy Manager on AlmaLinux 8 By Using Docker

Before we begin, ensure you have a non-root user with sudo privileges on your AlmaLinux 8 server and a basic firewall configured. Our guide on Initial Server Setup with AlmaLinux 8 can help with this.

You’ll also need a domain name pointing to your server’s IP address.

Follow these steps to Set up Nginx Proxy Manager on AlmaLinux 8:

1. Configure Firewall For Nginx Proxy Manager

FirewallD should already be installed. Verify its status:

sudo firewall-cmd --state
**Output**
running

Open the necessary ports:

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --permanent --add-port=81/tcp

Reload the firewall to apply the changes:

sudo firewall-cmd --reload

2. Requirements for Nginx Proxy Manager: Install Docker

Docker is essential for this setup. Install it with the following commands:

$ sudo dnf install -y yum-utils
$ sudo yum-config-manager 
    --add-repo 
    https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install docker-ce docker-ce-cli containerd.io

Start and enable the Docker service:

sudo systemctl start docker --now

Add your user to the docker group to avoid using sudo for Docker commands:

sudo usermod -aG docker $(whoami)

For other users:

sudo usermod -aG docker username

Log out and back in to apply the changes.

Note: For more information, refer to our guide on installing Docker on AlmaLinux 8.

3. Requirements for Nginx Proxy Manager: Install Docker Compose

Download and install Docker Compose:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Set the correct permissions:

sudo chmod +x /usr/local/bin/docker-compose

Note: Further details are available in our guide on installing Docker Compose on AlmaLinux 8.

4. Create a Docker Compose File for Nginx Proxy Manager

Create a directory for Nginx Proxy Manager:

mkdir ~/nginx-proxy

Navigate to the directory:

cd ~/nginx-proxy

Create directories for data and SSL certificates:

mkdir {data,letsencrypt}

Create and open the docker-compose.yml file using your preferred text editor (e.g., Vi or Nano):

sudo vi docker-compose.yml

Add the following content:

version: "3"
services:
  npm-app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: npm-app
    restart: unless-stopped
    ports:
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      DB_MYSQL_HOST: "npm-db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # Uncomment the line below if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - npm-db
    networks:
      - npm-nw
      - npm-internal

  npm-db:
    image: 'mariadb:latest'
    container_name: npm-db
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql
    networks:
      - npm-internal

networks:
  npm-internal:
  npm-nw:
    external: true

Save and close the file.

This file defines the Nginx Proxy Manager service (npm-app) and its database (npm-db). It exposes ports 80, 443, and 81. You can expose additional ports as needed (e.g., 21 for FTP). IPv6 support can be disabled by uncommenting DISABLE_IPV6: 'true'. Volumes are mapped for data and SQL storage. Two networks are defined: npm-internal for communication between the proxy manager and the database, and npm-nw, an external network for connecting to other Docker containers.

5. Run Nginx Proxy Manager on AlmaLinux 8

Create the external network npm-nw:

docker network create npm-nw
**Output**
a5310551bb46b9f751d7109eec26588f70bf53bfa356541236ec570b08cfc00b

Launch the Docker container:

docker-compose up -d
**Output**
Status: Downloaded newer image for jc21/nginx-proxy-manager:latest
Creating npm-db … done
Creating npm-app … done

Check the container status:

docker ps
**Output**
CONTAINER ID   IMAGE                             COMMAND                  CREATED              STATUS              PORTS                                                                                  NAMES
228d2cf45994   jc21/nginx-proxy-manager:latest   "/init"                  About a minute ago   Up About a minute   0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   npm-app
11e8ac436394   mariadb:latest                    "docker-entrypoint.s…"   About a minute ago   Up About a minute   3306/tcp                                                                               npm-db

6. Access Nginx Proxy Manager UI

Access the UI using your server’s IP or domain on port 81:

http://your-server-IP:81
Or
http://your-domain:81

Use the following default credentials:

**Email address**: admin@example.com
**Password**: changeme

Nginx Proxy Manager Login screen

Upon initial login, update the administrator details.

Edit Nginx proxy manager user login

Change NMP user password

After updating the details, you’ll see the main dashboard.

Nginx proxy manager dashboard

Opening http://yourserverIP will display a default page.

Default Nginx Proxy Manager page

7. Setting up a Domain Name and SSL for Nginx Proxy Manager

This is optional but recommended. To secure the application with SSL, set up a domain name.

Navigate to Hosts >> Proxy Hosts and click Add Proxy Host.

Enter your FQDN (e.g., npm.orcacore.net), your server’s IP address, and 81 as the Forward Port.

Add Proxy Host on AlmaLinux 8

Switch to the SSL tab. Select Request a new SSL Certificate. Choose Force SSL and HTTP/2 support. Consider enabling HSTS as well.

Note: If using Cloudflare, disable Force SSL to avoid redirection loops.

Enter your email address, agree to the Let’s Encrypt Terms of Service, and click Save.

SSL certificate

Your domain should now be live and working. Access https://your-domain to see the Nginx Proxy Manager login screen.

Conclusion

Setting up Nginx Proxy Manager with Docker on AlmaLinux 8 provides a streamlined method for managing reverse proxies, SSL certificates, and access control through an intuitive web interface. Docker ensures a clean, isolated environment, simplifying deployment and updates.

We hope you enjoyed this guide on how to Set up Nginx Proxy Manager on AlmaLinux 8. Please subscribe to us on Facebook, X, and YouTube.

You may also like these articles:

How To Install Sysdig on AlmaLinux 8

Install ModSecurity with Apache on AlmaLinux 8

Set up PHP Composer on AlmaLinux 8

FAQs

How do I access the Nginx Proxy Manager dashboard?

Once the container is running, visit http://your-server-ip:81 to access the dashboard.

Can I manage multiple domains through Nginx Proxy Manager?

Absolutely. Nginx Proxy Manager makes it easy to manage multiple domains and subdomains with separate configurations.

How do I update Nginx Proxy Manager?

Simply pull the latest Docker image and restart the container using Docker Compose.

Alternative Solutions for Reverse Proxy and SSL Management on AlmaLinux 8

While Nginx Proxy Manager offers a user-friendly interface for managing reverse proxies and SSL certificates, alternative solutions exist that provide more granular control and customization options. Here are two alternative approaches:

1. Manual Nginx Configuration with Certbot

Instead of relying on a pre-built image and UI, you can configure Nginx directly and use Certbot for SSL certificate management. This approach provides the most control over every aspect of your reverse proxy setup.

Explanation:

This method involves installing Nginx and Certbot directly on your AlmaLinux 8 server. You then create Nginx configuration files for each domain or subdomain you want to proxy, specifying the upstream servers and other settings. Certbot is used to automatically obtain and renew SSL certificates from Let’s Encrypt.

Steps:

  1. Install Nginx:

    sudo dnf install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

  2. Install Certbot:

    sudo dnf install certbot python3-certbot-nginx

  3. Configure Nginx for a Domain (e.g., example.com):

    Create a new Nginx configuration file (e.g., /etc/nginx/conf.d/example.com.conf) with the following content, adjusting the proxy_pass directive to point to your upstream server:

    server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000; # Replace with your upstream server
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

  4. Obtain SSL Certificate using Certbot:

    sudo certbot --nginx -d example.com -d www.example.com

    Certbot will automatically configure Nginx with SSL certificates and set up automatic renewal.

  5. Restart Nginx:

    sudo systemctl restart nginx

Benefits:

  • Maximum Control: You have complete control over every aspect of the Nginx configuration.
  • Customization: Easily customize Nginx settings to meet specific requirements.
  • No Docker Dependency: Avoids the overhead and complexity of Docker.

Drawbacks:

  • Steeper Learning Curve: Requires a good understanding of Nginx configuration.
  • More Manual Configuration: More manual steps are involved compared to Nginx Proxy Manager.

2. Using Traefik as a Reverse Proxy

Traefik is a modern, cloud-native reverse proxy and load balancer that automates many of the tasks involved in managing reverse proxies, especially in containerized environments.

Explanation:

Traefik automatically discovers and configures routes to your services based on labels and annotations in your container orchestration platform (like Docker or Kubernetes). It also integrates with Let’s Encrypt to automatically obtain and renew SSL certificates.

Steps (Docker Example):

  1. Create a docker-compose.yml file for Traefik:

    version: "3.3"

services:
  traefik:
    image: "traefik:v2.9"
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # Traefik dashboard
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik.yml:/etc/traefik/traefik.yml"
      - "./acme:/acme"

networks:
  default:
    name: traefik_net

  2. Create a traefik.yml configuration file:

    api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

certificatesResolvers:
  letsencrypt:
    acme:
      email: "your-email@example.com" # Replace with your email
      storage: /acme/acme.json
      tlsChallenge: {}

providers:
  docker:
    exposedByDefault: false
    network: traefik_net

  3. Start Traefik:

    docker-compose up -d

  4. Configure your other containers with Traefik labels:

    For example, to expose a web application running in another container, add the following labels to its docker-compose.yml service definition:

    labels:
  - "traefik.enable=true"
  - "traefik.http.routers.my-app.rule=Host(`my-app.example.com`)"
  - "traefik.http.routers.my-app.entrypoints=websecure"
  - "traefik.http.routers.my-app.tls.certresolver=letsencrypt"
  - "traefik.http.services.my-app.loadbalancer.server.port=80" # Port your application listens on

Benefits:

  • Automatic Configuration: Traefik automatically discovers and configures routes.
  • Easy SSL Management: Seamless integration with Let’s Encrypt for automatic SSL certificate management.
  • Cloud-Native: Designed for containerized environments.
  • Dynamic Configuration: Changes are applied dynamically without requiring restarts.

Drawbacks:

  • More Complex Configuration: Requires understanding of Traefik’s configuration model and labels.
  • Potential Overhead: May introduce some overhead compared to a simple Nginx configuration.

These alternative solutions offer different trade-offs between ease of use, control, and flexibility. Choosing the right approach depends on your specific needs and technical expertise. Setting up Nginx Proxy Manager on AlmaLinux 8 is a valid solution, but these options can also work well.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *