NGINX Proxy Manager

Just another WordPress site

NGINX Proxy Manager

It was brought to our attention that this nice solution was a good thing to try out. And of course we did, finding out that it is indeed a very welcome upgrade from the nginx/letsencrypt solution we were running since the beginning of our server. It has everything you basically need under the hood and all packaged in a nice simple gui.

It was also a nice opportunity for us to re-arrange our networks in an effort to make it even more secure. So basically we have one network which is exposed to the outside world, which is used by this proxy manager, and all dockers that are exposed. The little tweak we found on the internet is that for example WordPress, where you have a docker for the application and a docker for the database, we now have only the application in the exposed network. The application and database use a separate network which has no exposure at all. This is an isolated network with no inbound or outbound communications. We did this for all dockers where this was possible.

Below the docker-compose, as you can find on this website (https://nginxproxymanager.com)

version: '3'

services:
  app:
    image: ${CONTAINER_IMAGE_NPM}
    container_name: ${CONTAINER_NAME_NPM}
    restart: ${CONTAINER_RESTART}

    environment:
      DISABLE_IPV6: 'true'

    volumes:
      - vol-npm:/data
      - vol-npm:/etc/letsencrypt

    networks:
      - net-npm

    ports:
      - '80:80'
      - '81:81'
      - '443:443'

volumes:
  vol-npm:
    external:
      name: ${CONTAINER_VOLUME_NPM}

networks:
  net-npm:
    external:
      name: ${CONTAINER_NETWORK}

We also did a complete overhaul of our docker-compose files, implementing the .env file. There is only one step we forgot in our enthusiasm, and that is that we did not use the database in a separate docker. At some point we will do this to also add there some extra security.

Hits: 9

Leave a Reply

Your email address will not be published.