starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #481] Admin panel served at port 81 with no SSL at all? #406

New issue
Closed
opened 2026-02-26 06:32:44 +03:00 by kerem · 6 comments
kerem commented 2026-02-26 06:32:44 +03:00
Owner
Copy link

Originally created by @hartwork on GitHub (Jun 27, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/481

Hi!

The docs seem to suggest serving the admin panel with no SSL on port 81 and there is no mention of a threat model or security consequences. That seems like a troublesome choice for security, not just for people hosting at home. I have just seen a publicly accessible setup that has the log-in form send username and password unencrypted through the internet. Am I missing something?

Thanks and best, Sebastian

Originally created by @hartwork on GitHub (Jun 27, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/481 Hi! The docs seem to [suggest serving the admin panel with no SSL on port 81](https://nginxproxymanager.com/setup/#running-the-app) and there is no mention of a threat model or security consequences. That seems like a troublesome choice for security, not just for people hosting at home. I have just seen a publicly accessible setup that has the log-in form send username and password unencrypted through the internet. Am I missing something? Thanks and best, Sebastian
kerem 2026-02-26 06:32:44 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 06:32:44 +03:00
Author
Owner
Copy link

@jc21 commented on GitHub (Jun 27, 2020):

The point of this project is to allow you to create your own SSL encrypted domains for any services, including NPM. So yes you can create your own npm.yourdomain.com pointing to NPM with hostname 127.0.0.1 and port 81. Then if you really want your home-only network to be 120% secure, modify the docker-compose file and remove port 81 from the ports list.

<!-- gh-comment-id:650650705 --> @jc21 commented on GitHub (Jun 27, 2020): The point of this project is to allow you to create your own SSL encrypted domains for any services, including NPM. So yes you can create your own `npm.yourdomain.com` pointing to NPM with hostname `127.0.0.1` and port `81`. Then if you really want your home-only network to be 120% secure, modify the docker-compose file and remove port 81 from the ports list.
kerem commented 2026-02-26 06:32:44 +03:00
Author
Owner
Copy link

@hartwork commented on GitHub (Jun 28, 2020):

Is it possible to serve the admin panel through SSL and is there documentation on that?
(Readme says "Beautiful and Secure Admin Interface".)

<!-- gh-comment-id:650651900 --> @hartwork commented on GitHub (Jun 28, 2020): Is it possible to serve the admin panel through SSL and is there documentation on that? (Readme says "Beautiful and Secure Admin Interface".)
kerem commented 2026-02-26 06:32:44 +03:00
Author
Owner
Copy link

@bradyemerson commented on GitHub (Jul 23, 2020):

Based on the configuration options present today, no. You can modify this file https://github.com/jc21/nginx-proxy-manager/blob/master/docker/rootfs/etc/nginx/conf.d/production.conf and create your own docker image with SSL enabled. You'll also need to modify the curl health check to use https and ignore certificate errors.

It is common practice when using Docker reverse proxies that the SSL offloading is done at the nginx layer. In almost all cases that I have seen, the internal communication between docker containers is done via plain transmission so that certificates don't have to be managed individually within each application.

As the maintainer said, the purpose of this application is to create reverse proxies with SSL support. So it makes sense to leverage npm to create an admin reverse proxy for port 81 rather than creating a separate set of configuration options. This way the configuration and SSL management is done in the same interface and with the same patterns as all of your other vhosts.

<!-- gh-comment-id:662777472 --> @bradyemerson commented on GitHub (Jul 23, 2020): Based on the configuration options present today, no. You can modify this file https://github.com/jc21/nginx-proxy-manager/blob/master/docker/rootfs/etc/nginx/conf.d/production.conf and create your own docker image with SSL enabled. You'll also need to modify the curl health check to use https and ignore certificate errors. It is common practice when using Docker reverse proxies that the SSL offloading is done at the nginx layer. In almost all cases that I have seen, the internal communication between docker containers is done via plain transmission so that certificates don't have to be managed individually within each application. As the maintainer said, the purpose of this application is to create reverse proxies with SSL support. So it makes sense to leverage npm to create an admin reverse proxy for port 81 rather than creating a separate set of configuration options. This way the configuration and SSL management is done in the same interface and with the same patterns as all of your other vhosts.
kerem commented 2026-02-26 06:32:44 +03:00
Author
Owner
Copy link

@Sprbb commented on GitHub (Jul 30, 2020):

How do I create a docker image with SSL enabled ?

<!-- gh-comment-id:666575716 --> @Sprbb commented on GitHub (Jul 30, 2020): How do I create a docker image with SSL enabled ?
kerem commented 2026-02-26 06:32:44 +03:00
Author
Owner
Copy link

@bradyemerson commented on GitHub (Jul 30, 2020):

I'm not clear on the question. This tool only manages vhosts, not the underlying docker applications. If you're asking how to create a vhost with SSL, it's on the SSL tab in the editor.

<!-- gh-comment-id:666702244 --> @bradyemerson commented on GitHub (Jul 30, 2020): I'm not clear on the question. This tool only manages vhosts, not the underlying docker applications. If you're asking how to create a vhost with SSL, it's on the SSL tab in the editor.
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (May 12, 2021):

Closing as a duplicate of https://github.com/jc21/nginx-proxy-manager/issues/182

<!-- gh-comment-id:839813894 --> @chaptergy commented on GitHub (May 12, 2021): Closing as a duplicate of https://github.com/jc21/nginx-proxy-manager/issues/182
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#406
No description provided.