Nginx Proxy Manager
Reverse proxy with SSL management.
Overview
| Property | Value |
|---|---|
| Host | 192.168.1.10 (LXC 103) |
| Type | Docker on LXC (Proxmox) |
| Admin Port | 81 |
| HTTP | 80 |
| HTTPS | 443 |
| Primary Domain | shdwnet.cloud |
Access
- Admin UI: http://192.168.1.10:81
- Credentials: See vault
β Active Proxy Hosts (2026-02-03)
All services migrated to shdwnet.cloud domain with Letβs Encrypt SSL.
| Domain | Target | Port | Scheme | SSL | Notes |
|---|---|---|---|---|---|
| notes.shdwnet.cloud | 192.168.1.156 | 3030 | http | β | Quartz notes (PM2) |
| plex.shdwnet.cloud | 192.168.1.156 | 32400 | http | β | Plex Media Server |
| paperless.shdwnet.cloud | 192.168.1.156 | 8000 | http | β | Paperless-ngx |
| vault.shdwnet.cloud | 192.168.1.20 | 443 | https | β | Vaultwarden |
| uptime.shdwnet.cloud | 192.168.1.20 | 3001 | http | β | Uptime Kuma |
| pulse.shdwnet.cloud | 192.168.1.20 | 3001 | http | β | Alias β Uptime Kuma |
| portainer.shdwnet.cloud | 192.168.1.20 | 9443 | https | β | Portainer |
| netdata.shdwnet.cloud | 76.13.115.76 | 19998 | http | β | VPS monitoring (basic auth) |
SSL Certificates
All certs via Letβs Encrypt, auto-renewal enabled.
| Certificate | Domains | Expires |
|---|---|---|
| notes.shdwnet.cloud | notes.shdwnet.cloud | 2026-05-04 |
| plex.shdwnet.cloud | plex.shdwnet.cloud | 2026-05-04 |
| paperless.shdwnet.cloud | paperless.shdwnet.cloud | 2026-05-04 |
| vault.shdwnet.cloud | vault.shdwnet.cloud | 2026-05-04 |
| uptime.shdwnet.cloud | uptime.shdwnet.cloud, pulse.shdwnet.cloud | 2026-05-04 |
| portainer.shdwnet.cloud | portainer.shdwnet.cloud | 2026-05-04 |
| netdata.shdwnet.cloud | netdata.shdwnet.cloud | 2026-05-04 |
Architecture
Internet (Cloudflare DNS)
β
β *.shdwnet.cloud β WAN IP (wildcard A record)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Router (Port Forward) β
β 80/443 β 192.168.1.10 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β NPM (192.168.1.10) - LXC 103 β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β SSL Termination (Let's Encrypt) β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β ββββββββββββββββββββΌβββββββββββββββββββ β
β βΌ βΌ βΌ β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β pop-os β β docker1 β β VPS β β
β β .156 β β .20 β β 76.13... β β
β β β β β β β β
β β β’ notes:3030β β β’ vault:443 β β β’ netdata β β
β β β’ plex:32400β β β’ uptime:3001 β :19998 β β
β β β’ paper:8000β β β’ port:9443 β β β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Adding New Proxy Host
- Login to NPM admin: http://192.168.1.10:81
- Proxy Hosts β Add Proxy Host
- Details Tab:
- Domain Names:
service.shdwnet.cloud - Scheme:
http(orhttpsif backend uses SSL) - Forward Hostname/IP: target IP
- Forward Port: target port
- β Block Common Exploits
- β Websockets Support (if needed)
- Domain Names:
- SSL Tab:
- Request new SSL Certificate
- β Force SSL
- β HTTP/2 Support
- Email: your@email.com
API Access
NPM has a REST API for automation:
# Get token
curl -X POST "http://192.168.1.10:81/api/tokens" \
-H "Content-Type: application/json" \
-d '{"identity":"email","secret":"password"}'
# List proxy hosts
curl "http://192.168.1.10:81/api/nginx/proxy-hosts" \
-H "Authorization: Bearer $TOKEN"