How to Configure NGINX Proxy Manager on Both DMZ and Internal Networks?

By
Naveen Kumar
-
0
1
Asked By TechieFrog88 On

Hey everyone! I've just started diving into Docker over the past couple of weeks, and it's been a blast. I've transitioned some of my homelab services to Docker using old Sophos devices. Currently, I'm trying to set up NGINX Proxy Manager (NPM) on one of these hosts to allow external access to my services. However, I'm hitting a wall with routing traffic between my DMZ VLAN and the VLAN where my containers are hosted.

I have a DMZ network that's separated from the others via firewall rules. I've successfully assigned my NPM container (jc21/nginx-proxy-manager) an address on the DMZ using a macvlan, and web requests are port-forwarded correctly to that address, so that part is functioning well. I've got NPM set up as a proxy for a few containers, like IT Tools and CyberChef, which are on a different internal network.

The issue I'm facing is getting the NPM container to handle requests coming in at its DMZ address and forward them to the internal network. I might be misconfiguring things since I'm still learning, so rather than list out all my failed attempts, could anyone provide guidance on how to properly configure NPM for this setup? In summary, what's the best way to set up an NPM container so it operates on both an isolated DMZ and the internal network, allowing port-forwarding only from the firewall to the DMZ?

2 Answers

Answered By ContainerWhisperer77 On

It sounds like you're making good progress! To get your NPM container connected to both the DMZ and the internal network, you need to attach it to multiple Docker networks. When you set up your Docker Compose file, you can specify both networks for the NPM container. Just ensure that your NPM container is configured to communicate with the other internal services as well. It's common practice to have your proxy container connected to both the network that exposes it to the internet and the internal network on which your services run.

Answered By DockerDabbler12 On

I can see why this would be confusing! To connect to both networks, you'll need to create the shared internal network and add your NPM container to it along with the DMZ network. Each network will need its own subnet, and then you can do this in your Docker Compose configuration like `networks: { dmz: {}, internal: {} }`. Just make sure that your NPM has an appropriate IP address on the internal network as well. You’re right, the NPM needs to be able to reach those internal services!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.