If you are running more than two Docker containers and you are still typing :8080 or :9000 at the end of your IP addresses, you are doing it wrong – and you are likely leaving yourself exposed. Most people think network security requires an expensive enterprise firewall, but the truth is simpler: you just need a better gatekeeper.

Let me show you the one container that acts as the brain for my entire network’s security. It handles the encryption, hides the complexity, and ensures that the only person getting into your network is you. It’s the tool that turned my messy collection of exposed services into a streamlined environment that I can actually trust: Nginx Proxy Manager.

The problem with IP exposure

The insecure trap

When I first started self-hosting, I felt like a genius. I had a media server (Jellyfin), a private cloud (Nextcloud), and a smart home dashboard (Heimdall) all running on my hardware. But as my collection of apps grew, so did my anxiety.

To access my apps when I was away from home, I was doing what most of us do: Port Forwarding. I would go into my router settings and open a hole for port 32400, then port 8123, then port 9000. Every one of those open ports was a tiny digital tunnel leading directly into my home.

To make matters worse, I was constantly dealing with ‘Not Secure’ warnings. My browser was screaming at me because I didn’t have SSL encryption, and I couldn’t blame it.

Trying to manage security certificates for ten different apps felt like a full-time job. I was stuck typing in messy IP addresses followed by random port numbers and prayed that no one else would stumble across my exposed login pages.

I realized I wasn’t running a secure network. I needed a way to close all those holes and use a professional service that could handle the IDs, the encryption, and the traffic all at once.

Introducing NPM

The centralized gateway

That’s when I discovered the missing link in my setup – the one tool that finally let me close those router holes for good: Nginx Proxy Manager (NPM). Because I’m already running everything in Docker, adding NPM was convenient.

Instead of treating every app like a separate headache, I could tuck them all away on a private, internal Docker network where the outside world can’t see them.

What really sold me, though, was the user interface. Usually, setting up a ‘Reverse Proxy’ involves dealing with lines of code and confusing configuration files. But NPM gives you this clean, web-based dashboard that makes security feel easy.

With just a few clicks, I can point a pretty domain name to a container, toggle on ‘Block Common Exploits’ and grab a professional SSL certificate. It took the most complicated part of my network and turned it into the most polished part of my home lab.

👁 Accessing a Swarm cluster on Portainer
I run 8 Docker containers on 4GB of RAM, and performance is flawless

From backups services to media streaming, my 4GB RAM laptop defies expectations with a carefully curated selection of Docker containers.

Key security features

Many of them

One of the biggest quality of life upgrades I got from Nginx Proxy Manager was finally being able to stop memorizing a random string of numbers. Before NPM, if I wanted to check my file server, I had to remember things like 192.168.1.50:8123 or 192.168.1.50:9000.

Once I set up NPM, that all changed. I could suddenly give every single one of my apps a real name. Now, instead of a mess of numbers, I just type cameras.mydomin.com.

Plus, because NPM is doing the routing, I don’t even have to remember which port belongs to which app anymore; I just tell NPM once and it handles the directions behind the scenes.

Now, NPM isn’t just a redirect tool; it’s a protective layer. NPM connects directly to Let’s Encrypt to give me free, professional SSL certificates. This means every bit of data traveling between my phone and my home is encrypted.

Access Control List is another of my favorite features. For my most sensitive apps, I set up an Access List. Even if someone finds the URL to my login page, they can’t even see it unless they get past a secondary username and password check I created in NPM.

We have all had that moment of panic where we see a weird login attempt or realize a specific app had a new security vulnerability. With NPM, I have a kill switch for every single service I host.

If I ever suspect that one of my apps is being targeted, or if I just want to take a service offline for maintenance, I don’t have to touch my router or stop my Docker containers. I just log into the NPM dashboard, find the proxy host, and flip the status toggle to Disabled.

The ultimate gateway

Setting up a home lab is easy, but securing one is where most people fail. The transition from a messy home lab to a hardened network starts with this one single container. Nginx Proxy Manager provides the strongest foundation you can ask for in a Docker environment. It’s fast, free, and most importantly, it works.

So, what are you waiting for? Pull the image, set up your first proxy host, and watch those ‘Not Secure’ warnings vanish for good. Aside from NPM, here are other quality-of-life Docker containers you can explore.