Building a home lab is a process, and the more self-hosted services you add, the more complicated it becomes to provide security and manage them. It gets to be a headache eventually, but you can make things easier by using a reverse proxy to expose your services using human-readable URLs instead of IP and port combinations. There are plenty of options to choose from, depending if you need versatility, ease of setup and use, and how well you're versed in the command line, but Nginx Proxy Manager ticks all the boxes for most home lab users. It's got a web-based GUI, is quick to set up thanks to a Docker container, and has the option of advanced configuration if you need it down the road.

5 Web-based interface

I've had enough of using CLI to deal with networking setups

Nginx is one of the most used reverse proxies, but having to adjust everything using the CLI is a chore. That's fine if you're a huge corporation using a predefined setup script each time, but for home lab use, it's far easier to have a nice web-based GUI to manage things in. And that's what NPM gives you: a user-friendly dashboard for managing users, proxy routes, SSL certificates, and more. If you've got a ton of Dockerized services, it's even easier to set up as you can create a Docker network that's used by the containers, making your proxy routing even easier to handle as you can use the container names as the hostnames.

4 Effortless SSL certificate management

Why don't all apps do this for you

You want SSL on your reverse proxy because you get HTTPS inside your network, keeping everything a little bit safer. NPM makes this easy, but you will need a domain name that you own to do so. When creating your new proxy routes, there's a SSL tab to request a new certificate from Let's Encrypt; all you need to do is add your email address. NPM will also automate renewals, making this an easy task for you.

3 Centralized proxy management

Being able to get to all your self-hosted services from one central hub is fantastic

One of the annoyances of running your own services and apps is having to access each one individually for management purposes. NPM makes it easy to set up human-readable subdomains for each service, like plex.domain.com, instead of the IP address and port combination. Being able to handle multiple domains, subdomains, and services from the same place makes NPM easy, and if you're self-hosting your own DNS server, you can handle all your subdomain mapping there, without needing external services.

2 Built-in security

You get plenty of handy security features without adding them in

NPM also makes it relatively easy to secure itself, with user-based management that lets you set the level of access for NPM configuration settings, and also access lists for the individual hosts. That way, you can set the reverse proxy up once, add users, then let them manage their own hosts and services, without being able to see or adjust those of other users. Plus, you get an audited log of all changes so that every action can be traced back to the user who actioned it, just in case something goes wrong.

You also get IP block and deny lists, HTTP authentication, and if you use the LePresidente fork, you get NPM with the CrowdSec security plugin many of us use on our OPNsense installations. As that's a drop-in replacement for the current NPM Docker container, all you need to do is edit your docker-compose.yaml file so that it gets the image: 'Lepresidente/nginxproxymanager:latest'instead of the default. Then you get reCAPTCHA support and the knowledge that any port scanners on your network are being blocked from exposing your services.

1 Easy to deploy

Docker is your best friend in the home lab

While many reverse proxies take some time to get running, with NPM, you only need a quick Docker Compose file. Put some YAML together into a .yml file in the folder you want to use for data and configuration files, open a command prompt in that folder, and then it's a quick docker-composer up -d. to get NPM running.

version: ‘3.8’
 services:
 app:
 image: ‘jc21/nginx-proxy-manager:latest’
 restart: unless-stopped
 ports:
 – ’80:80′ # Public HTTP Port
 – ’81:81′ # Admin Web Port
 – ‘443:443’ # Public HTTPS Port
 volumes:
 – ./data:/data
 – ./letsencrypt:/etc/letsencrypt

This doesn't just save you time in the first place, but because Docker is platform agnostic, you can use the same setup file anywhere else if your host operating system or system configuration changes. All you need to keep backed up is the base YAML file, and the data and configuration files generated as you use NPM, and you can restore or migrate at any time without any worrying loss of functionality.

Plus, you can create a Docker network if you have multiple other Docker services on the same host as NPM, and then you don't need to publish ports for all the Docker host interfaces. Instead, you use docker network create $network and then add the following to the docker-compose files for each service.

networks:
 default:
 external: true
 name: $network

That lets you add proxy hosts in NPM with the service name, like portainer, as the hostname and 9000 as the port. This is much easier than having to put IP addresses in, and works without tying up ports on the rest of the network.

Nginx Proxy Manager (NPM) takes the hard work out of managing your reverse proxy

There are many ways to set up a reverse proxy for your self-hosted apps and servers. Nginx has been used for decades and is constantly used by large corporations, but the CLI is complicated, and it's all too easy to make a mistake. The GUI of Nginx Proxy Manager makes it easier to use. It also adds Docker integration, easy SSL certificates with Let's Encrypt, and support for multiple users so that you can have access control and an audited log of changes. While there's no one-size-fits-all solution for reverse proxy users, NPM gives home labbers all the tools they need for success.