Skip to content

Instantly share code, notes, and snippets.

@JfrAziz

JfrAziz/docker-compose.yml

Last active March 29, 2024 06:24
Show Gist options
  • Save JfrAziz/ecee87be513f074fce676c78b2997fbe to your computer and use it in GitHub Desktop.
Save JfrAziz/ecee87be513f074fce676c78b2997fbe to your computer and use it in GitHub Desktop.
Download ZIP
Install Nginx Proxy Manager and disable port 81 from outside
Raw
readme.md

To run nginx proxy manager you must install docker and docker-compose and then you can run it using docker compose docker-compose up -d. now you can access NPM from <IP>:81, in this case, i don't want to expose any port except ssh, 80, and 443 so what I can do disable other port. check firewall, if you use ubuntu / debian, check ufw rule and make sure open port for ssh, 80,and 443. if you still can access NPM on <IP>:80 you can disable by add a new rule in iptables. here mine

sudo iptables -I DOCKER-USER -i eth0 ! -s 127.0.0.1 -p tcp --dport 81 -j DROP

it drop any request to 81 except from 127.0.0.1 or localhost. So, now how we access the NPM?, you can use ssh tunnelling. I usually access it by using ssh tunnelling like

 ssh -L 8081:127.0.0.1:81 -N -f -p 22 <user>@<ip>

it will forward port 81 on your server to port 8081 on your local machine in background. now open localhost:8081 and now you can access it from your browser. and don't forget to close connection after use, you can use who command to see who login to your server and pstree -p | grep sshd to see PID of ssh that running and kill <pid>.

To make NPM work for your other docker apps, add external proxy_manager_default netwrok

networks:
  proxy_manager_default:
    external: true

and add to apps like this, just example

services:
  yourapp:
    image: yourapp:latert
    # ports:
      # - 8080:2368
    networks:
      - proxy_manager_default

in your NPM dashboard, add a new host and fill hostname by yourapp and port is default app port, you don't need to expose the port because your container inside the same network with NPM.

Raw
docker-compose.yml
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '443:443'
- '81:81'
environment:
DB_SQLITE_FILE: "/data/database.sqlite"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
@ghaberek
Copy link

You can specify localhost in the ports section to have port 81 only listening locally:

version: "3"
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
      - 'localhost:81:81'
    environment:
      DB_SQLITE_FILE: "/data/database.sqlite"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

@alatalo
Copy link

alatalo commented Mar 29, 2024

Use 127.0.0.1 instead of localhost:

services:
  app:
    ports:
      - '127.0.0.1:81:81'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment