This page documents how services in the homelab are securely exposed using Nginx Proxy Manager (NPM). It includes domain routing, SSL via Let’s Encrypt, and upstream configuration.
Nginx Proxy Manager (NPM) is deployed in Docker inside the debian-docker VM.
It handles reverse proxying for all web-accessible services using:
plex.vibehub.one)| Service | Platform | Container | Access |
|---|---|---|---|
| NPM | Docker Compose | nginxproxymanager |
https://nginx.vibehub.one |
Mounted path in Docker:
/home/raven/dockerdata/nginxproxymanager
All services are exposed under:*.vibehub.one
Examples:
| Service | Subdomain | Target Container |
|---|---|---|
| Proxmox | proxmox.vibehub.one |
Proxmox Web UI |
| Plex | plex.vibehub.one |
Plex container (102) |
| Sonarr | sonarr.vibehub.one |
Docker stack |
| Radarr | radarr.vibehub.one |
Docker stack |
| Portainer | portainer.vibehub.one |
Portainer container |
NPM manages SSL via Let’s Encrypt using HTTP challenge.
DNS challenge is not currently used.
Each subdomain has:
💡 Certificates are automatically renewed and stored under the NPM volume.
Sonarr Reverse Proxy Configuration:
| Field | Value |
|---|---|
| Domain Names | sonarr.vibehub.one |
| Scheme | http |
| Forward Hostname/IP | 192.168.1.201 |
| Forward Port | 8989 |
| Websockets Support | Enabled |
| Block Common Exploits | Enabled |
| SSL Certificate | Let’s Encrypt (Auto) |
| Force SSL | Enabled |
Domain vibehub.one must point to your public IP address via A or CNAME records.
Cloudflare used as registrar/DNS:
Restart NPM with:
docker compose restartView logs:
docker compose logs -f
192.168.1.x) rather than container namesPublicly exposed services should have:
nginx.vibehub.one — keep it secured behind login and SSL