Setting up a new Linux server usually follows a predictable ritual: update the packages, harden SSH, and for most Docker enthusiasts, immediately pull the Portainer image. But over the years, my ‘Day Zero’ checklist has evolved.

While Portainer is a fantastic visualizer, it isn’t the first thing that touches my fresh builds anymore. Instead, the honor goes to Nginx Proxy Manager. By making NPM my very first install, I’m not just spinning up a container, I’m building a secure, organized gateway that ensures every tool I install afterward is instantly accessible and encrypted.

The ‘Access First’ philosophy

Problem with Portainer first

When I spin up a new VPS or a home server, my instinct used to be: Get the containers running first, worry about how to get to them later. However, I would find myself staring at a browser tab with a raw IP address and a :9000 suffix and click through ‘Your connection is not private’ warnings just to see my dashboard.

By installing Nginx Proxy Manager as the very first step, I’m building a solid foundation. Instead of accessing Portainer via an unencrypted IP, I set up NPM, point my domain’s DNS to it, and immediately create a proxy host for portainer.example.com.

Now, even my management tools are encrypted and professionally mapped from the second they exist. It sets the standard for the rest of the build.

NPM is also crucial for security. Previously, I had a different port open for every single service I wanted to reach from the outside. Every open port is a potential entry point for someone who shouldn’t be there.

With NPM as my gatekeeper, I can close almost everything. I also love the granular control. If I’m testing a tool that doesn’t have built-in authentication, I don’t have to sweat it; I just toggle an Access List in NPM and set a global password on it in seconds.

I can also flip a switch to ‘Block common exploits’ and add an extra layer of peace of mind without messing up every single individual container.

Removing the port confusion

The NPM cleanup

If you have spent any time in the self-hosting world, you know the pain of remembering ports. It starts innocently enough: you install one app on port 8080, another on 9000, and maybe a third on 8123. But before you know it, your browser’s most visited list looks like a mess.

You are constantly trying to remember if your recipe manager was on :7500 or :7050, and your bookmarks folder also looks complex.

I don’t want to think in terms of ports; I want to think in terms of services. By putting NPM at the front of the line, I effectively silence the ports. Instead of a messy mental map of numbers, I get a clean, human-readable list of subdomains.

I used to have to type 192.168.1.50:8123 every time I wanted to check my Home Assistant dashboard. Now, it’s just home.parth.com. It’s simple enough that even my wife can use it without me having to text her a how-to guide for the IP address.

I run a few internal tools like Uptime Kuma to monitor my services. Remembering that it lived on :3001 was a pain. Now, it’s just status.parth.com. If something goes down while I’m out, I can check it from my phone in seconds without fumbling for a port number.

It’s one of the quality-of-life improvements I made to my self-hosting setup.

Excellent and easy-to-use interface

Feels like a control center

I love a good terminal session. There is a certain satisfaction in editing YAML files over SSH. But when I’m in the zone, I don’t want to spend twenty minutes debugging a missing config file.

That’s where the NPM wins me over every single time. While tools like Caddy or Traefik are powerful, they often feel like they require a PhD in configuration syntax just to add a simple subdomain.

NPM gives me a clean, visual dashboard that feels like a Control Center for my web traffic. The real killer feature for me is the Let’s Encrypt integration. In about three clicks, I can request a new SSL certificate, agree to TOS, and have a secure padlock appear in my browser.

For a technology writer who is constantly spinning up and tearing down services, that speed is a necessity.

Once NPM is live, it changes how I use every other tool. I know exactly where my logs are, where my SSL certs are managed, and how to shut down access to everything at once if I need to.

It’s the glue that holds my Docker containers together into a professional-grade infrastructure.

Stop installing Portainer first

Overall, setting up a new server isn’t just about getting containers to run; it’s about creating an environment that is manageable and secure from the very first minute.

While Portainer remains an essential part of my toolkit, Nginx Proxy Manager is the silent hero that makes my home lab experience feel seamless. After all, once the gateway is secure and the paths are cleared, everything else you choose to build becomes easier to manage.