Implementation Methods for NGINX Reverse Proxy: Nginx Proxy Manager and Manual Configuration

Thu, 28 May 2026 17:04:17 +0900

This document details the procedures for constructing an NGINX reverse proxy environment to route external traffic from a public IP address to a backend application (Apache Tomcat) on a private network. Two implementation approaches are explained: the introduction of Nginx Proxy Manager (NPM), a Docker-based GUI management tool, and manual configuration via the command line.

1. Implementation via Nginx Proxy Manager (NPM)

Nginx Proxy Manager is a solution that allows centralized management of reverse proxies, SSL certificate management, and access list control from a web interface.

1.1 Avoiding Conflicts with Existing Services

Since NPM occupies ports 80 and 443, if an NGINX service is running natively on the host OS, it must be stopped and disabled.

# Stop service
systemctl stop nginx

# Disable auto-start
systemctl disable nginx

1.2 Preparing the Docker Environment

As NPM runs as a container, the installation of Docker Engine and Docker Compose is mandatory.

Repository Configuration: Install yum-utils and add the official Docker repository.

dnf install -y yum-utils

Enabling the Service: Start the Docker daemon and configure it to run automatically on system reboot.

systemctl start docker
systemctl enable docker

1.3 Container Orchestration

Create a dedicated directory to manage NPM configuration files and define docker-compose.yml.

mkdir ~/npm
cd ~/npm
vi docker-compose.yml

In docker-compose.yml, specify the official image, database parameters, and volume mappings for persistence. After the definition is complete, start the container in the background using the following command.

docker compose up -d

1.4 Proxy Configuration via Web UI

After the container starts, access the management dashboard (default port: 81) to perform settings.

Initial Authentication: Access http://[Public_IP]:81 and log in with the initial credentials (admin@example.com / changeme). A password change is required upon the first login.
Adding a Proxy Host: Select “Add Proxy Host” and enter the following parameters.

Domain Names: The domain or IP address to be published
Scheme: http
Forward Hostname / IP: 10.101.0.28 (Private IP of the backend Tomcat)
Forward Port: 8080

Connectivity Verification: Access the public IP from a browser and confirm that the response from Tomcat is returned.

2. Implementation via Manual NGINX Configuration

In environments where a GUI is not required or where a more lightweight configuration is desired, perform pass-through settings by directly operating the NGINX package.

2.1 NGINX Installation and Initialization

Install NGINX using the DNF package manager. After installation, execute curl -I http://localhost to verify that the web server responds normally.

dnf install nginx -y
systemctl start nginx
systemctl enable nginx

2.2 Network Security Settings

To allow external traffic, open port 80 in the OS firewall (iptables).

iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

2.3 Configuring the proxy_pass Directive

Define the core logic of the reverse proxy in nginx.conf. Open /etc/nginx/nginx.conf and modify the location / block within the server context.

location / {
 # Forward traffic to backend Tomcat server (port 8080)
 proxy_pass http://127.0.0.1:8080;
 
 # Add header information as needed (optional)
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

2.4 Validation and Application of Settings

Perform a syntax check on the configuration file, and after confirming there are no errors, reload the service. By using reload, settings can be applied while maintaining existing connections.

# Syntax check
nginx -t

# Reload configuration
systemctl reload nginx

3. Operational Considerations

Port Conflict Management: When running multiple web services on the same host, it is necessary to clarify which process is assigned the binding rights for ports 80/443.

Security: When using NPM, it is recommended to restrict access to the management port (81) at the network layer so that it is only allowed from specific IP addresses.

Persistence: When configuring Docker, ensure that volume mappings are correctly set to guarantee that configuration data is not lost if the container is destroyed.

Summary

This document presented two methods for constructing a reverse proxy using NGINX. Nginx Proxy Manager enables intuitive operation, while manual configuration provides system transparency and customizability. Select the appropriate method based on requirements to achieve secure and efficient traffic routing to the backend server.

Nginx-Proxy-Manager on K-Life Hack | Systems Architecture & DevOps