Nginx Proxy Manager + ZeroTier: Reverse Proxy and SSL Automation Solution
I previously wrote a tutorial on deploying a reverse proxy and SSL certification using frp + Docker. While it was feature-complete, there were many configuration details to handle, especially the complex environment variable settings for frp intranet penetration.
I've found that using Vultr VPS + ZeroTier + Nginx Proxy Manager is actually a much simpler way to achieve the same goal. In this post, I'll share my new approach.
Vultr VPS Specs and Cost
I chose Vultr for this setup with the following specifications:
- 1 Core CPU
- 1GB RAM
- 25GB SSD
- Automatic Backups
At only about $6 per month, it's half the price of a similar spec VPS from GCP or AWS. It offers great value for self-hosting small services.
Architecture Diagram
- External clients request the VPS via a domain name.
- Nginx Proxy Manager on the VPS handles the reverse proxying.
- The VPS and local server connect securely via a ZeroTier virtual network.
- The local server provides the actual services.
Implementation Steps
1. Vultr VPS Setup and Docker Installation
Once the Vultr VPS is up and running, ensure that Docker and docker-compose are installed.
2. Deploy Nginx Proxy Manager
Create a docker-compose.yml file:
version: '3'
services:
npm:
image: jc21/nginx-proxy-manager:latest
ports:
- "80:80"
- "443:443"
- "81:81"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
Start the service:
docker-compose up -d
3. Install ZeroTier and Connect the Local Server
Install ZeroTier on both the VPS and the local server:
curl -s https://install.zerotier.com | sudo bash
sudo zerotier-cli join <Your Network ID>
Approve the two hosts in the ZeroTier console to allow them to communicate, and note the ZeroTier IP of the local server.
4. Configure Reverse Proxy in Nginx Proxy Manager
- Go to Proxy Hosts → Add Proxy Host and enter your external domain name.
- In Forward Hostname / IP, enter the virtual IP assigned to your local server by ZeroTier. Set the Forward Port to your service's port (e.g., 80 or 443).
- Switch to the SSL tab and check Request a new SSL Certificate. Enter your management email and agree to the Let's Encrypt Terms of Service. Once issued, the certificate will renew automatically.
- Adjust other advanced options as needed and click Save to apply the settings.
Advantages Comparison
- Much simpler configuration than the frp solution, with almost no environment variables to worry about.
- ZeroTier virtual networks are secure and stable, ideal for connecting remote sites.
- Vultr VPS is affordable and easy to backup.
- Nginx Proxy Manager provides a friendly UI and automated SSL.
Thoughts
Even though Nginx Proxy Manager only uses a UI for reverse proxy configuration, it makes the setup incredibly simple.
Every time I add a new service, I just need to set the domain in my DNS provider and add a new proxy host in Nginx Proxy Manager.