I've set up Nginx Proxy Manager on my server and configured a reverse proxy for my domain with SSL (Let's Encrypt). Everything works fine and i can access my web service through my domain securely via HTTPS, but I have a problem: Anyone can access my service via http://IP:PORT, which I want to completely block.
I want to restrict access to my server so that it can only be accessed through https://DOMAIN and not through the server's public IP address.
I've already tried the following things:
- Redirecting HTTP to HTTPS and restricting access to only the domain. -> not able to write the IP address into the domain field in NPM
- Using Custom Nginx Code to block direct IP access completely. -> then the Proxy Host gets the status 'offline'
- enable HSTS -> still allows access over IP
Has anyone faced a similar issue or can suggest the best way to configure this in Nginx Proxy Manager? I’d really appreciate any kind of help or suggestion.
Thanks in advance!
Delete port 81 from the public ports, and have Nginx Proxy Manager proxy to its own admin interface.
A different example shows better how to describe a network. We don't need the 81 port public, so deleting it leaves:
Additional configuration like external database not included, refer to the setup docs for the env vars.
Create a proxy to its own admin interface. Name such as proxymanager.example.com, forward host of the container name (
nginxproxymanagerper above) and forward port 81. TLS as usual with the SSL options, if public you can Let's Encrypt.Admittedly this might be difficult to set up the first time. If you need the admin UI to do it, maybe leave port 81 exposed temporarily. Until you save the proxy host, then remove it.
Now both the admin interface and proxied hosts are using name based virtual hosts. Test that port 81 is not accessible, and that unknown host names get the configured default site.
Additional Docker services can be proxied without public ports. Add them to the same network and refer to them by name in NPM.