Update reverse proxy setup in getting started guide

Expanded the documentation to include installation and configuration steps for both Caddy and Nginx Proxy Manager as reverse proxies. The guide now provides clearer separation of Docker, Caddy, and Nginx Proxy Manager installation steps, and includes an example Nginx Proxy Manager config inline. Removed the standalone npm_endurain.conf file, as its contents are now integrated into the documentation.
2026-01-08 23:38:01 -05:00 · 2025-12-09 22:22:29 +00:00
parent a4e8b0e760
commit 38e3f295fc
2 changed files with 107 additions and 85 deletions
--- a/docs/getting-started/getting-started.md
+++ b/docs/getting-started/getting-started.md
@@ -11,26 +11,40 @@ Welcome to the guide for getting started on hosting your own production instance
 * A Linux distro that has `docker compose` cli, and `caddy` in the repositories.


-## Installing docker and Caddy reverse proxy
+## Installing Docker and Caddy reverse proxy

 Note:
-If you have a old-ish distro (Ubuntu 22.04 and older) you need to add the repos for caddy and docker. Read how to do it for [docker](https://docs.docker.com/compose/install/linux/), and [caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Fore newer distroes (Debian 13 and Ubuntu 24.04 you do not have to do this step).
+If you have a old-ish distro (Ubuntu 22.04 and older) you need to add the repo for Docker. Read how to do it on [Docker](https://docs.docker.com/compose/install/linux/) documentation. For newer distroes (Debian 13 and Ubuntu 24.04 it is not expected for you to have to do this step).

-We use apt to do this:
+Install Docker:

-```
+```bash
 sudo apt update -y
-sudo apt install docker.io docker-compose caddy -y
+sudo apt install docker.io docker-compose -y
 ```

 Confirm your user has the id 1000:

-```
+```bash
 id
 ```

 If you are not the user 1000, you need to set the `UID` and `GID` to your id in the .env file. But to keep this guide as easy to follow as possible, we will assume that you are user 1000.

+## Installing Caddy reverse proxy
+
+Note:
+If you have a old-ish distro (Ubuntu 22.04 and older) you need to add the repo for Caddy. Read how to do it on [Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) documentation. For newer distroes (Debian 13 and Ubuntu 24.04 it is not expected for you to have to do this step).
+
+```bash
+sudo apt update -y
+sudo apt install caddy -y
+```
+
+## Installing Nginx Proxy Manager reverse proxy
+
+Nginx Proxy Manager comes as a pre-built Docker image. Please refer to the [docs](https://nginxproxymanager.com/guide/) for details on how to install it.
+
 ## Create directory structure

 Lets use `/opt/endurain/` as the root directory for our project.
@@ -86,7 +100,7 @@ Environment variable  | How to set it |

 **Please note:**

-POSTGRES_DB and POSTGRES_USER is values for the database. If you change it from endurain, you also need to set the environment variables for the app image. Please leave them as `endurain` if you are unsure.
+`POSTGRES_DB` and `POSTGRES_USER` are values for the database. If you change it from endurain, you also need to set the environment variables for the app image. Please leave them as `endurain` if you are unsure.

 ### Start the stack

@@ -99,7 +113,7 @@ sudo docker compose up -d

 Check the log output:

-```
+```bash
 docker compose logs -f
 ```

@@ -107,44 +121,117 @@ If you do not get any errors, continue to next step.

 ### Visit the site

-* Visit the site insecurly on http://`IP-OF-YOUR-SERVER`:8080
+* Visit the site insecurly on `http://<IP-OF-YOUR-SERVER>:8080`
 * We still can not login to the site, because the `ENDURAIN_HOST` doesn't match our local URL.

-##  Configure Caddy as reverse proxy and get SSL cert from letsencrypt
+## Configure a reverse proxy

-* Before we configure caddy you need to set your DNS provider to point your domain to your external IP.
+* Before we configure a reverse proxy you need to set your DNS provider to point your domain to your external IP.
 * You also need to open your firewall on port 443 and 80 to the server.

-We use caddy outside docker. This way Debian handles the updates (you just need to run `sudo apt get update -y` and `sudo apt get upgrade -y`)
+###  Configure Caddy as reverse proxy and get SSL cert from letsencrypt
+
+We use Caddy outside docker. This way Debian handles the updates (you just need to run `sudo apt update -y` and `sudo apt upgrade -y`)

 Caddy is configured in the file `/etc/caddy/Caddyfile`

 Open the file in your favourite editor, delete the default text, and paste in this:

-```
+```conf
 endurain.yourdomain.com {
        reverse_proxy localhost:8080
 }
 ```

-Restart caddy
+Restart Caddy

-```
+```bash
 sudo systemctl restart caddy
 ```

-Check the ouput of caddy with:
+Check the ouput of Caddy with:

-```
+```bash
 sudo journalctl -u caddy
 ```

+###  Configure Nginx Proxy Manager as reverse proxy and get SSL cert from letsencrypt
+
+Bellow is an example config file for Endurain:
+```conf
+------------------------------------------------------------
+endurain.yourdomain.com
+------------------------------------------------------------
+
+map $scheme $hsts_header {
+    https "max-age=63072000; preload";
+}
+
+server {
+    set $forward_scheme http;
+    set $server "your_server_ip";
+    set $port 8884;
+
+    listen 80;
+    listen [::]:80;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name endurain.yourdomain.com;
+
+    http2 on;
+    Let's Encrypt SSL
+
+    include conf.d/include/letsencrypt-acme-challenge.conf;
+    include conf.d/include/ssl-cache.conf;
+    include conf.d/include/ssl-ciphers.conf;
+    ssl_certificate /etc/letsencrypt/live/npm-21/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/npm-21/privkey.pem;
+    Asset Caching
+
+    include conf.d/include/assets.conf;
+    Block Exploits
+
+    include conf.d/include/block-exploits.conf;
+    HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+
+    add_header Strict-Transport-Security $hsts_header always;
+    Force SSL
+
+    include conf.d/include/force-ssl.conf;
+
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_http_version 1.1;
+
+    access_log /data/logs/proxy-host-18_access.log proxy;
+    error_log /data/logs/proxy-host-18_error.log warn;
+
+    location / {
+        HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+
+        add_header Strict-Transport-Security $hsts_header always;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+        proxy_http_version 1.1;
+        Proxy!
+
+        include conf.d/include/proxy.conf;
+    }
+    Custom
+
+    include /data/nginx/custom/server_proxy[.]conf;
+}
+```
+
+## Access your Endurain instance
+
 You should now be able to access your site on endurain.yourdomain.com

 **Log in with username: admin password: admin, and remember to change the password**

-
-
 🎉 **Weee** 🎉 You now have your own instance of Endurain up and running!

 ## How to update
@@ -170,7 +257,7 @@ The same is the case for Postgres. Check for breaking changes in release notes o

 You should implement backup strategy for the following directories:

-```
+```bash
 /opt/endurain/app/data
 /opt/endurain/app/logs
 ```