Nginx Proxy Manager gives you a web dashboard to route traffic to your home services and add free SSL certificates — no Nginx knowledge needed. Runs entirely in Docker.
We need one dedicated folder to hold the config file and all data Nginx Proxy Manager saves. Keeping it separate makes backups and upgrades much easier.
This file tells Docker exactly which image to run, which ports to open, and where to store data. Port 80 and 443 handle real web traffic. Port 81 is the private admin dashboard — never expose port 81 to the public internet.
Port 80 or 443 is already in use by another service (Apache, Caddy, etc.)
Stop the conflicting service first: `sudo systemctl stop apache2` or equivalent. Only one service can own a port at a time.
Docker will pull the image from the internet (about 100 MB) and start it in the background. The `-d` flag means it runs detached — your terminal stays free.
`docker compose` command not found — you may have the older `docker-compose` (with a hyphen) installed
Replace `docker compose` with `docker-compose` in every command, e.g. `docker-compose up -d`.
Open a browser and go to your server's IP address on port 81. If you are on the same machine, use localhost. The first login uses default credentials that you must change immediately after.
The page doesn't load right away
Wait 30–60 seconds after starting the container — it generates encryption keys on first boot. Then refresh.
In the dashboard, click 'Hosts' → 'Proxy Hosts' → 'Add Proxy Host'. Enter your domain name (e.g. app.yourdomain.com), set the Forward Hostname to the local IP of the service you want to proxy (e.g. 192.168.1.50) and its port. Then click the 'SSL' tab, choose 'Request a new SSL Certificate', tick 'Force SSL', and save. Nginx Proxy Manager contacts Let's Encrypt automatically.
SSL certificate request fails with a Let's Encrypt error
Your domain must publicly resolve to this server's IP and port 80 must be reachable from the internet. Check your DNS records and router port forwarding before retrying.
A running web dashboard at port 81 where you can point any domain at any internal service and get a valid HTTPS certificate in a few clicks — no Nginx config files required.
This guide covers the quick-start path only. Nginx Proxy Manager can also handle redirects, stream proxies, access lists, and custom Nginx config — but those require reading the official docs. Free Let's Encrypt SSL only works if your server is publicly reachable on port 80; it will not work on a fully private network without DNS challenge setup. The armv7 architecture (older Raspberry Pi models) is not supported in versions 2.14 and above — use image tag `2.13.7` if that applies to you. Never expose port 81 to the public internet.