I’ve recently started using Nginx Proxy Manager to act as a reverse proxy for the various web services that I have running on my Raspberry Pi. It’s a frontend to the nginx web server and makes setting up reverse proxies and SSL access really easy.
You may remember that I’ve used SWAG for this before, to enable HTTPS access to my Home Assistant installation. SWAG is find if you’re using Home Assistant Core or Container, but having switched to Home Assistant Supervised recently, I needed a new solution. Like SWAG, Nginx Proxy Manager can be run in Docker, but it’s also available as a Home Assistant addon.
The main benefit of Nginx Proxy Manager over SWAG is that it has a web-based UI, shown in the screenshot above. This makes setting up new proxy hosts really easy, as it has a nice and simple interface. Whilst SWAG includes pre-built configuration files for many services, there’s no interface available other than editing text files.
Nginx Proxy Manager will also manage SSL certificates. You can either import ones that you purchase yourself, or it will manage the process of acquiring and renewing Let’s Encrypt certificates.
As well as managing Home Assistant, I have Nginx Proxy Manager looking after Calibre-web and Nextcloud.
A brief explanation of reverse proxies
Apparently, you’re supposed to ensure that blog posts are at least 300 words nowadays, otherwise Google ignores it. So, here’s an explanation of why you should set up a reverse proxy server if you’re hosting services like Home Assistant at home:
- No port numbers. When you set up something like Home Assistant, you’ll end up with an address like
http://192.168.0.1:8123. A reverse proxy will allow web browsers to connect on the standard web ports (80 for HTTP, 443 for HTTPS), which looks nicer and is more predictable. It also means you don’t have to forward lots of arbitrary ports on your router. - SSL certificates. If you’re running a device on your home network, then ideally you only want to allow secure connections to reduce the risk of your personal data being intercepted. Self-signed SSL certificates are not ideal, as most web browsers issue dire warnings for web sites that use them. As not all web applications support SSL certificates natively, a reverse proxy can handle this for you.
- Web application firewall. By making all requests go via a proxy, the proxy server can filter out malicious traffic. Nginx Proxy Manager includes a ‘block common exploits’ mode, and you can also filter IP addresses. For example, you may wish to only allow access to certain IP addresses.
Installing in Home Assistant
If you’re running Home Assistant Supervised or Operating System, then you’ll need to install the Nginx Proxy Manager addon. It’s available from the Community Addons repository, which should already be available to you – you won’t need to add it separately. It’s not to be confused with the official ‘NGINX Home Assistant SSL proxy’ addon; this doesn’t include an interface and only enables a proxy for Home Assistant, and not for any other services. Indeed, if you’re already using this official addon, you’ll need to stop it from running first, as otherwise you’ll have a port conflict.
Once set up, you can access the web interface at http://[your IP]:81 . I suppose I could probably set up a reverse proxy host to get rid of the port number, but I don’t see a good reason to enable remote access to it.
One final thing to add is that the user guide for Nginx Proxy Manager isn’t great. It covers setup, but there’s very little help for configuring proxy hosts. The web interface is pretty straightforward so arguably detailed instructions aren’t necessary, but a little more help would be good.