Configuring Nginx Proxy Manager on OpenWRT
Nginx Proxy Manager (NPM) is a graphical management tool based on Nginx that simplifies the process of reverse proxying, SSL management, and virtual host configuration. NPM is ideal for users who are not familiar with the command line or who want to quickly set up a reverse proxy.
- Reverse Proxy: It can proxy external requests to internal servers, hiding the real IP addresses of the internal servers. It supports routing via domain names or paths.
- SSL/TLS Management: Built-in support for Let's Encrypt allows for automatic acquisition and renewal of SSL certificates, enabling HTTPS encryption.
- User-Friendly Interface: Provides an intuitive web interface that helps users easily manage reverse proxies, SSL certificates, and other Nginx configurations.
- Access Control: Basic access authentication can be set for different services or domains.
- Logging and Monitoring: Offers basic access logs and error logs to assist users in monitoring and troubleshooting.
- Deploy multiple web services and use reverse proxying to access different services via various domain names or paths.
- Provide HTTPS protection for self-hosted services such as Home Assistant, NextCloud, Jellyfin, etc.
- Centralize SSL certificate management, simplifying the update process for multiple sites.
OpenWRT is an open-source Linux operating system designed for embedded devices, such as routers. It provides powerful functionality extensions for ordinary routers, transforming them into flexible network devices that support various networking features including routing, device management, VPN, and ad-blocking.
- Flexible Routing: Supports multiple advanced routing protocols (like OSPF, BGP) and offers complex network configuration capabilities.
- Rich Package Management System: Users can install a wide range of extensions like VPNs, AdBlock, DNS servers, etc., via OpenWRT's package management system (opkg).
- Network Management: Manage multiple wireless and wired network interfaces, supporting flexible configuration of VLAN, WAN, and LAN interfaces.
- Firewall: Built-in firewall functionality supports state monitoring, firewall rules, NAT forwarding, port mapping, etc.
- Security: The OpenWRT community continuously releases updates with the latest security patches and supports various security features such as encryption protocols, VPNs, and intrusion detection.
- Home Network Optimization: Enhance the functionality of ordinary home routers to achieve more efficient network management, such as QoS (Quality of Service), traffic control, dual WAN, load balancing, etc.
- Enterprise Network Management: In small to medium-sized business environments, OpenWRT can be used for complex network topology configurations like multiple WAN access, VLAN, VPN, and remote office access.
- Gateway for Self-Hosted Services: Users can turn their routers into gateways to manage multiple home or internal services using tools like Nginx Proxy Manager.
Combining Nginx Proxy Manager with OpenWRT can provide reverse proxy functionality and SSL encryption for multiple web services in a network environment. After deploying Docker containers on an OpenWRT router, users can easily manage these services through Nginx Proxy Manager. OpenWRT handles external network traffic and forwards it to Nginx Proxy Manager, which then routes requests to different internal services.
- Centralized Management: Nginx Proxy Manager offers a visual management tool that allows users to manage multiple sites and services’ reverse proxies and SSL certificates from a single interface.
- Enhanced Network Security: The firewall features of OpenWRT combined with the SSL encryption capabilities of Nginx Proxy Manager improve overall network security.
- Flexible Network Access: Nginx Proxy Manager can expose multiple internal services to the external network while OpenWRT manages traffic control and bandwidth optimization.
To configure Nginx Proxy Manager on OpenWRT, follow these steps. You can install Nginx Proxy Manager (NPM) using Docker and set up the necessary forwarding rules on OpenWRT.
Since OpenWRT does not directly support Docker, ensure your router has adequate performance and supports Docker installation. If OpenWRT supports Docker, proceed with the following steps.
- 1.1 Install Docker:
1opkg update
2opkg install docker dockerd docker-compose
3
4- 1.2 Start and Enable Docker:
1/etc/init.d/dockerd start
2/etc/init.d/dockerd enable
3First, prepare Docker on OpenWRT and deploy Nginx Proxy Manager via Docker.
- 2.1 Create NPM Container: Create a docker-compose.yml file to simplify Nginx Proxy Manager configuration.
1mkdir -p /opt/nginx-proxy-manager
2cd /opt/nginx-proxy-manager
3Create the docker-compose.yml file in the /opt/nginx-proxy-manager directory with the following content:
1version: '3'
2services:
3 app:
4 image: 'jc21/nginx-proxy-manager:latest'
5 restart: unless-stopped
6 ports:
7 - '80:80' # HTTP
8 - '81:81' # Nginx Proxy Manager UI
9 - '443:443' # HTTPS
10 environment:
11 DB_SQLITE_FILE: "/data/database.sqlite"
12 volumes:
13 - ./data:/data
14 - ./letsencrypt:/etc/letsencrypt
15- 2.2 Start Nginx Proxy Manager: Run the following command to start Nginx Proxy Manager:
1docker-compose up -d
2At this point, Nginx Proxy Manager will run in a Docker container and can be accessed through the following ports:
- Web UI Access: http://router-IP:81
- Initial Login Credentials:
- Username: [email protected]
- Password: changeme
To allow OpenWRT to forward external traffic to Nginx Proxy Manager, configure firewall rules and port forwarding.
-
3.1 Configure Port Forwarding In the OpenWRT web interface:
-
Go to Network > Firewall > Port Forwards.
-
Add a new port forwarding rule:
- Name: Nginx Proxy Manager
- Protocol: TCP
- External Ports: 80 (HTTP) and 443 (HTTPS)
- Internal IP Address: Internal IP of the NPM container on OpenWRT (e.g., 192.168.1.x).
- Internal Ports: 80 (HTTP) and 443 (HTTPS)
-
3.2 Update Firewall Rules Ensure that the relevant firewall rules in Network > Firewall are enabled to allow external traffic to access NPM on ports 80 and 443.
You can now configure the reverse proxy through the Nginx Proxy Manager web interface.
- Log in to Nginx Proxy Manager (http://(router-IP):81).
- Click on Proxy Hosts, then click on Add Proxy Host to add a reverse proxy entry.
- Fill in the following information:
- Domain Names: The domain or IP address you want to proxy.
- Forward Hostname/IP: The internal IP of the target service (e.g., your web server on the network).
- Forward Port: The port number of the target service (e.g., 80 or 443).
- Enable SSL as needed, and choose to obtain a free Let's Encrypt SSL certificate if applicable.
Ensure you have correctly configured Nginx Proxy Manager and the OpenWRT firewall. If all steps were performed correctly, external traffic should be successfully proxied to the internal server.
By running Docker and Nginx Proxy Manager on OpenWRT, along with the firewall and port forwarding features of OpenWRT, you can provide a powerful reverse proxy solution for your network services. This not only simplifies access to multiple internal services but also offers SSL encryption for external access.
Recommended Article: 403 Forbidden Error Nginx Proxy Manager
