proxmox/docs/04-configuration/NGINX_PROXY_MANAGER_COMPLETE_SETUP.md

Nginx Proxy Manager Complete Setup Guide

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

---

Date: 2026-01-09
Status: Complete Setup Instructions
NPM URL: http://192.168.11.26:81

---

Overview

This guide provides complete instructions for setting up SSL certificates for all 19 domains in Nginx Proxy Manager, including password reset, automation, and manual configuration options.

---

Step 1: NPM Credentials

Current NPM Credentials:

• Email: nsatoshi2007@hotmail.com
• Password: L@ker$2010

If you need to reset the password:

Option A: Reset Password Script

cd /home/intlc/projects/proxmox
bash scripts/nginx-proxy-manager/reset-npm-password.sh L@ker$2010

This will reset the admin password to L@ker$2010.

Option B: Manual Password Reset

# Access container
ssh root@192.168.11.11 "pct enter 105"

# Inside container, generate password hash
cd /app
node -e "const bcrypt = require('bcryptjs'); console.log(bcrypt.hashSync('L@kers2010', 10));"

# Update database (replace HASH with output above)
sqlite3 /data/database.sqlite "UPDATE user SET password = 'HASH' WHERE email = 'admin@example.com';"

---

Step 2: Configure SSL Certificates

Option A: Automated Configuration (Recommended)

Once password is reset:

cd /home/intlc/projects/proxmox
export NPM_EMAIL='nsatoshi2007@hotmail.com'
export NPM_PASSWORD='L@ker$2010'
export HEADLESS='false'  # Set to 'true' for headless mode
export PAUSE_MODE='false'  # Set to 'true' to pause at each step

node scripts/nginx-proxy-manager/configure-ssl-all-domains.js

The script will:

• Log in to NPM
• Configure all 19 domains
• Request Let's Encrypt certificates
• Enable Force SSL, HTTP/2, and HSTS

Option B: Manual Configuration

1. Access NPM: Open http://192.168.11.26:81 in browser
2. Log in: Use nsatoshi2007@hotmail.com / L@ker$2010
3. For each domain (see list below):
   • Click Proxy Hosts → Add Proxy Host
   • Details Tab:
     • Domain Names: Enter domain
     • Scheme: http or https (based on target)
     • Forward Hostname/IP: Enter target IP
     • Forward Port: Enter target port
     • Block Common Exploits: ✅ Enable
     • Websockets Support: ✅ Enable (for RPC domains)
   • SSL Tab:
     • Click Request a new SSL Certificate
     • Email: Your email for Let's Encrypt
     • I Agree to Terms: ✅ Check
     • Force SSL: ✅ Enable
     • HTTP/2 Support: ✅ Enable
     • HSTS Enabled: ✅ Enable
   • Click Save

---

Step 3: Domain Configuration List

sankofa.nexus Zone (5 domains)

Domain	Target	Port	WebSocket
sankofa.nexus	192.168.11.140	80	No
www.sankofa.nexus	192.168.11.140	80	No
phoenix.sankofa.nexus	192.168.11.140	80	No
www.phoenix.sankofa.nexus	192.168.11.140	80	No
the-order.sankofa.nexus	192.168.11.140	80	No

d-bis.org Zone (9 domains)

Domain	Target	Port	WebSocket	Notes
explorer.d-bis.org	192.168.11.140	80	No	Blockscout
rpc-http-pub.d-bis.org	192.168.11.252	443	✅ Yes	HTTPS target
rpc-ws-pub.d-bis.org	192.168.11.252	443	✅ Yes	HTTPS target
rpc-http-prv.d-bis.org	192.168.11.251	443	✅ Yes	HTTPS target
rpc-ws-prv.d-bis.org	192.168.11.251	443	✅ Yes	HTTPS target
dbis-admin.d-bis.org	192.168.11.130	80	No
dbis-api.d-bis.org	192.168.11.155	3000	No
dbis-api-2.d-bis.org	192.168.11.156	3000	No
secure.d-bis.org	192.168.11.130	80	No

mim4u.org Zone (4 domains)

Domain	Target	Port	WebSocket
mim4u.org	192.168.11.19	80	No
www.mim4u.org	192.168.11.19	80	No
secure.mim4u.org	192.168.11.19	80	No
training.mim4u.org	192.168.11.19	80	No

defi-oracle.io Zone (1 domain)

Domain	Target	Port	WebSocket
rpc.public-0138.defi-oracle.io	192.168.11.252	443	✅ Yes

Total: 19 domains

---

Step 4: Verify Configuration

After configuration, verify SSL certificates:

cd /home/intlc/projects/proxmox
bash scripts/nginx-proxy-manager/verify-ssl-config.sh

This will test HTTPS connectivity for all 19 domains.

Manual Verification

Test individual domains:

# Test HTTPS
curl -I https://explorer.d-bis.org
curl -I https://sankofa.nexus

# Check SSL certificate
openssl s_client -connect explorer.d-bis.org:443 -servername explorer.d-bis.org < /dev/null 2>/dev/null | openssl x509 -noout -subject -issuer -dates

---

Troubleshooting

Password Reset Fails

If password reset script fails:

1. Check container status:

   ssh root@192.168.11.11 "pct status 105"
   

2. Access container directly:

   ssh root@192.168.11.11 "pct enter 105"
   

3. Check database:

   sqlite3 /data/database.sqlite "SELECT email FROM user;"
   

SSL Certificate Request Fails

Common Issues:

1. DNS not propagated: Domain must resolve to 76.53.10.36
2. Port 80 not accessible: Required for HTTP-01 challenge
3. Rate limiting: Wait 1 hour if too many requests

Solutions:

• Verify DNS: dig +short domain.com
• Test HTTP: curl -I http://domain.com
• Check NPM logs for specific errors

Automation Script Fails

If browser automation fails:

1. Check screenshots: Look in /tmp/npm-*.png for debugging
2. Run with pause mode: export PAUSE_MODE='true'
3. Use manual configuration: Follow Option B above

---

Scripts Reference

Password Reset

bash scripts/nginx-proxy-manager/reset-npm-password.sh [password]

SSL Configuration (Automated)

export NPM_EMAIL='admin@example.com'
export NPM_PASSWORD='L@kers2010'
node scripts/nginx-proxy-manager/configure-ssl-all-domains.js

Manual Configuration Guide

bash scripts/nginx-proxy-manager/manual-ssl-config-guide.sh

Verification

bash scripts/nginx-proxy-manager/verify-ssl-config.sh

---

Related Documentation

• NGINX_PROXY_MANAGER_SSL_CONFIGURATION.md - Detailed SSL configuration
• NGINX_PUBLIC_IP_CONFIGURATION.md - Public IP setup
• NGINX_PUBLIC_IP_VERIFICATION_REPORT.md - Verification report

---

Last Updated: 2026-01-09
Status: Complete setup guide ready