Wireguard via Docker Compose & HTTPS

Docker Config:

Initial Parameters in config.json:

{
  "database": {
    "engine": "mysql",
    "host": "db",
    "name": "npm",
    "user": "npm",
    "password": "npm",
    "port": 3306
  },

To configure the Docker Composed file:

version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:2
    restart: always
    ports:
      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:443'
      # Admin Web Port:
      - '81:81'
    networks:
      default:
        ipv4_address: 10.10.10.3
    volumes:
      - /home/tech/nginxmanager/config.json:/app/config/production.json
      - app-data:/data
      - app-letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: jc21/mariadb-aria
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    networks:
      default:
        ipv4_address: 10.10.10.2
    volumes:
      - app-sql:/var/lib/mysql


volumes:
  app-data:
     driver_opts:
           type: none
           device: /home/tech/nginxmanager/data
           o: bind  
  app-letsencrypt:
     driver_opts:
           type: none
           device: /home/tech/nginxmanager/letsencrypt
           o: bind
  app-sql:
     driver_opts:
           type: none
           device: /home/tech/nginxmanager/sql
           o: bind
networks:
  default:
    external:
      name: dockernet
  1. Make sure that ports 80, 443, 81 are open

  2. Add a static IP that you will use to point Nginx Proxy Manager to itself for HTTPS

  3. Map persistent file to config.json

  4. Set up Database username and password & Technical username and password

  5. Map Persistent Data Volumes

Nginx Proxy Manager in Docker:

If you are running this in a docker container your will have to point it to the docker IP:

Create a self signed certificate and make sure to add it to Nginx Proxy Manager.

Then point it to the Container:

This will make the Proxy Manager have HTTPS as well.

Note: Make sure this is not accessible from the Internet Usually this can be done by having a .lan address which is not pointing to a DNS entry or a DDNS entry from the Internet

Let's Encrypt:

NOTE: Since version 2.9.8 NGINX Proxy Manager supports DUCKDNS DNS Challange, much easier to set up with that. Get the token from logging into Duckdns.org

Port Forwarding Rule is required for the Nginx Proxy Manager to be reachable from the Internet:

  • Port 80 to redirect to Internal Server IP on Port 80

  • Port 443 to redirect to Internal Server IP on Port 443

The Ports required are 80 and 443. Once this has been set up and the Firewall Rules on the Server are set up to ALLOW traffic Nginx Proxy Manager is allowed to communicate with the Let's Encrypt servers and generate auto-renewing certificates

Last updated