Merge pull request #419 from JustABoringUser/feature/npm-endurain-example-config

Added Nginx Proxy Manager config example for Endurain
2026-01-08 23:38:01 -05:00 · 2025-12-10 22:04:19 +00:00
parent 6a5e54fc16 38e3f295fc
commit 01dcf2cd7a
1 changed files with 107 additions and 20 deletions
--- a/docs/getting-started/getting-started.md
+++ b/docs/getting-started/getting-started.md
@@ -9,26 +9,40 @@ Welcome to the guide for getting started on hosting your own production instance
 * A Linux distro that has `docker compose` cli, and `caddy` in the repositories.


-## Installing docker and Caddy reverse proxy
+## Installing Docker and Caddy reverse proxy

 Note:
-If you have a old-ish distro (Ubuntu 22.04 and older) you need to add the repos for caddy and docker. Read how to do it for [docker](https://docs.docker.com/compose/install/linux/), and [caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Fore newer distroes (Debian 13 and Ubuntu 24.04 you do not have to do this step).
+If you have a old-ish distro (Ubuntu 22.04 and older) you need to add the repo for Docker. Read how to do it on [Docker](https://docs.docker.com/compose/install/linux/) documentation. For newer distroes (Debian 13 and Ubuntu 24.04 it is not expected for you to have to do this step).

-We use apt to do this:
+Install Docker:

-```
+```bash
 sudo apt update -y
-sudo apt install docker.io docker-compose caddy -y
+sudo apt install docker.io docker-compose -y
 ```

 Confirm your user has the id 1000:

-```
+```bash
 id
 ```

 If you are not the user 1000, you need to set the `UID` and `GID` to your id in the .env file. But to keep this guide as easy to follow as possible, we will assume that you are user 1000.

+## Installing Caddy reverse proxy
+
+Note:
+If you have a old-ish distro (Ubuntu 22.04 and older) you need to add the repo for Caddy. Read how to do it on [Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) documentation. For newer distroes (Debian 13 and Ubuntu 24.04 it is not expected for you to have to do this step).
+
+```bash
+sudo apt update -y
+sudo apt install caddy -y
+```
+
+## Installing Nginx Proxy Manager reverse proxy
+
+Nginx Proxy Manager comes as a pre-built Docker image. Please refer to the [docs](https://nginxproxymanager.com/guide/) for details on how to install it.
+
 ## Create directory structure

 Lets use `/opt/endurain/` as the root directory for our project.
@@ -84,7 +98,7 @@ Environment variable  | How to set it |

 **Please note:**

-POSTGRES_DB and POSTGRES_USER is values for the database. If you change it from endurain, you also need to set the environment variables for the app image. Please leave them as `endurain` if you are unsure.
+`POSTGRES_DB` and `POSTGRES_USER` are values for the database. If you change it from endurain, you also need to set the environment variables for the app image. Please leave them as `endurain` if you are unsure.

 ### Start the stack

@@ -97,7 +111,7 @@ sudo docker compose up -d

 Check the log output:

-```
+```bash
 docker compose logs -f
 ```

@@ -105,44 +119,117 @@ If you do not get any errors, continue to next step.

 ### Visit the site

-* Visit the site insecurly on http://`IP-OF-YOUR-SERVER`:8080
+* Visit the site insecurly on `http://<IP-OF-YOUR-SERVER>:8080`
 * We still can not login to the site, because the `ENDURAIN_HOST` doesn't match our local URL.

-##  Configure Caddy as reverse proxy and get SSL cert from letsencrypt
+## Configure a reverse proxy

-* Before we configure caddy you need to set your DNS provider to point your domain to your external IP.
+* Before we configure a reverse proxy you need to set your DNS provider to point your domain to your external IP.
 * You also need to open your firewall on port 443 and 80 to the server.

-We use caddy outside docker. This way Debian handles the updates (you just need to run `sudo apt get update -y` and `sudo apt get upgrade -y`)
+###  Configure Caddy as reverse proxy and get SSL cert from letsencrypt
+
+We use Caddy outside docker. This way Debian handles the updates (you just need to run `sudo apt update -y` and `sudo apt upgrade -y`)

 Caddy is configured in the file `/etc/caddy/Caddyfile`

 Open the file in your favourite editor, delete the default text, and paste in this:

-```
+```conf
 endurain.yourdomain.com {
        reverse_proxy localhost:8080
 }
 ```

-Restart caddy
+Restart Caddy

-```
+```bash
 sudo systemctl restart caddy
 ```

-Check the ouput of caddy with:
+Check the ouput of Caddy with:

-```
+```bash
 sudo journalctl -u caddy
 ```

+###  Configure Nginx Proxy Manager as reverse proxy and get SSL cert from letsencrypt
+
+Bellow is an example config file for Endurain:
+```conf
+------------------------------------------------------------
+endurain.yourdomain.com
+------------------------------------------------------------
+
+map $scheme $hsts_header {
+    https "max-age=63072000; preload";
+}
+
+server {
+    set $forward_scheme http;
+    set $server "your_server_ip";
+    set $port 8884;
+
+    listen 80;
+    listen [::]:80;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name endurain.yourdomain.com;
+
+    http2 on;
+    Let's Encrypt SSL
+
+    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/ssl-cache.conf;
+    include conf.d/include/ssl-ciphers.conf;
+    ssl_certificate /etc/letsencrypt/live/npm-21/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/npm-21/privkey.pem;
+    Asset Caching
+
+    include conf.d/include/assets.conf;
+    Block Exploits
+
+    include conf.d/include/block-exploits.conf;
+    HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+
+    add_header Strict-Transport-Security $hsts_header always;
+    Force SSL
+
+    include conf.d/include/force-ssl.conf;
+
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_http_version 1.1;
+
+    access_log /data/logs/proxy-host-18_access.log proxy;
+    error_log /data/logs/proxy-host-18_error.log warn;
+
+    location / {
+        HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+
+        add_header Strict-Transport-Security $hsts_header always;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_http_version 1.1;
+        Proxy!
+
+        include conf.d/include/proxy.conf;
+    }
+    Custom
+
+    include /data/nginx/custom/server_proxy[.]conf;
+}
+```
+
+## Access your Endurain instance
+
 You should now be able to access your site on endurain.yourdomain.com

 **Log in with username: admin password: admin, and remember to change the password**

-
-
 🎉 **Weee** 🎉 You now have your own instance of Endurain up and running!

 ## How to update
@@ -168,7 +255,7 @@ The same is the case for Postgres. Check for breaking changes in release notes o

 You should implement backup strategy for the following directories:

-```
+```bash
 /opt/endurain/app/data
 /opt/endurain/app/logs
 ```