# Wireguard via Docker Compose & HTTPS

### Docker Config:

Initial Parameters in `config.json`:

```json
{
  "database": {
    "engine": "mysql",
    "host": "db",
    "name": "npm",
    "user": "npm",
    "password": "npm",
    "port": 3306
  },
```

To configure the Docker Composed file:

```yaml
version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:2
    restart: always
    ports:
      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:443'
      # Admin Web Port:
      - '81:81'
    networks:
      default:
        ipv4_address: 10.10.10.3
    volumes:
      - /home/tech/nginxmanager/config.json:/app/config/production.json
      - app-data:/data
      - app-letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: jc21/mariadb-aria
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    networks:
      default:
        ipv4_address: 10.10.10.2
    volumes:
      - app-sql:/var/lib/mysql


volumes:
  app-data:
     driver_opts:
           type: none
           device: /home/tech/nginxmanager/data
           o: bind  
  app-letsencrypt:
     driver_opts:
           type: none
           device: /home/tech/nginxmanager/letsencrypt
           o: bind
  app-sql:
     driver_opts:
           type: none
           device: /home/tech/nginxmanager/sql
           o: bind
networks:
  default:
    external:
      name: dockernet
```

1. Make sure that ports `80`, `443`, `81` are open
2. Add a static IP that you will use to point `Nginx Proxy Manager` to itself for HTTPS
3. Map persistent file to config.json
4. Set up Database username and password & Technical username and password
5. Map Persistent Data Volumes

### Nginx Proxy Manager in Docker:

If you are running this in a docker container your will have to point it to the docker IP:

![](https://3885248957-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FoE4wMO1dMVDOGDjh0En7%2Fuploads%2F67XyZDKJJ2YZ0BVHIWq0%2Fimage.png?alt=media\&token=7c79fa2f-b2cf-46bf-95d6-cb99d86b7ed0)

Create a self signed certificate and make sure to add it to Nginx Proxy Manager.

Then point it to the Container:

![](https://3885248957-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FoE4wMO1dMVDOGDjh0En7%2Fuploads%2FowBtdZKQPhEOLoANfbUc%2Fimage.png?alt=media\&token=e71dd860-2525-401d-a6bc-80daedd8bfb6)

This will make the Proxy Manager have HTTPS as well.

**Note**: Make sure this is not accessible from the Internet Usually this can be done by having a .lan address which is not pointing to a DNS entry or a DDNS entry from the Internet

### Let's Encrypt:

{% hint style="info" %}
`NOTE:` Since version 2.9.8 NGINX Proxy Manager supports `DUCKDNS` DNS Challange, much easier to set up with that. Get the token from logging into `Duckdns.org`
{% endhint %}

Port Forwarding Rule is required for the Nginx Proxy Manager to be reachable from the Internet:

* Port `80` to redirect to Internal Server IP on Port `80`
* Port `443` to redirect to Internal Server IP on Port `443`

The Ports required are `80` and `443`. Once this has been set up and the `Firewall Rules` on the `Server` are set up to `ALLOW` traffic `Nginx Proxy Manager` is allowed to communicate with the `Let's Encrypt` servers and generate auto-renewing certificates