# Configuring Nginx Proxy Manager with Wildcard SSL Certs > Deploy Nginx Proxy Manager with Docker Compose to manage containers via FQDN and wildcard sub-domains. By Zsolt Bizderi · Published 2024-07-30 Canonical: https://ambientnode.uk/configuring-nginx-proxy-manager-with-wildcard-ssl-certs This guide will focus on deploying [Nginx Proxy Manager](https://nginxproxymanager.com/) (NPM), a popular reverse proxy service, to access containers through an FQDN and wildcard sub-domains. This guide will use Docker Compose to deploy the stack, configure SSL certificates, and configure DNS to point all DNS for integration. ### Why use a reverse proxy? * **Load Balancing**: Distributes incoming traffic across multiple servers to improve performance and reliability. * **SSL Termination**: Simplifies SSL management by handling SSL/TLS encryption and decryption. * **Security**: Protects backend servers from direct exposure to the internet and filters malicious traffic. * **Caching**: Reduces load on backend servers and speeds up response times by serving cached content. * **Centralized Management**: Allows for easy management of multiple servers, updates, and monitoring. Plus, you get to reach your services through an actual domain rather than IP:Port. ### Requirements This configuration requires the following components: * A server with Docker and Docker Compose installed. * Access to a domain name (Cloudflare) * Cloudflare account for managing the domain and SSL certificates * A DNS ([Pi-hole](/dns-sinkhole-with-pihole/)) to point to the NPM server * Basic understanding of Docker, Docker Compose, and DNS configurations. ### Docker Compose * Deploy the stack with the following compose YAML: ``` version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' - '443:443' - '81:81' environment: DB_MYSQL_HOST: "db" DB_MYSQL_PORT: 3306 DB_MYSQL_USER: "username" DB_MYSQL_PASSWORD: "password" DB_MYSQL_NAME: "npm" volumes: - data:/data - letsencrypt:/etc/letsencrypt depends_on: - db db: image: 'jc21/mariadb-aria:latest' restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: 'npm' MYSQL_DATABASE: 'npm' MYSQL_USER: 'username' MYSQL_PASSWORD: 'password' volumes: - mysql:/var/lib/mysql volumes: data: letsencrypt: mysql: ``` docker-compose.yml ### **Accessing Nginx Proxy Manager** Once deployed, the Nginx Proxy Manager can be accessed through `http://{Host-IP}:81`. Sign in and change the default credentials: * Email: admin@example.com * Password: changeme ### **Setting Up Wildcard SSL Certificates with NPM and Cloudflare** **Navigate to SSL Certificates in NPM:** * Click Add SSL Certificate and enter your wildcard FQDN (e.g., `*.example.com`). **Configure LetsEncrypt:** * Select LetsEncrypt, enter the wildcard domain, enable **Use a DNS challenge**, and agree to the T&Cs. * **Set Up DNS Provider:** + Under DNS provider, select Cloudflare. + Generate a new Cloudflare token by creating a new API token: - Use the Edit Zone template. - Include All Zones. - Rename the token for future reference. - Copy the API token. + Enter the API token in NPM, replacing the existing key value `0123456789abcdef0123456789abcdef01234567`. + Click Save. ### **Update the DNS Resolver** To leverage domain names, configure your A record wildcard FQDN in the DNS resolver to point to the NPM host as the source IP. This example uses Pi-hole as the DNS resolver. Access your Pi-hole server and perform the following actions: * Create a custom DNS config: + `sudo nano /etc/dnsmasq.d/99-wildcard-dns.conf` * Add the following line: + `host-record=*.mydomain.com,192.168.1.2` + Save and exit. + Reboot the Pi-hole server to apply the changes. You must repeat this on every Pi-hole instance manually, as Gravity will not automatically sync it. ### Add the First NPM Host Finally, add your first host on your Docker Swarm NPM server as follows: * **Navigate to Hosts > Add Proxy Host:** + Domain name: npm.mydomain.com + Scheme: http + Forward Hostname/IP: {Manager-1-IP} + Forward Port: 81 * **Enable Additional Settings:** + Enable Block Common Exploits and Websockets Support. * **Assign SSL Certificate:** + Click the SSL tab and assign the wildcard certificate, then enforce HTTPS. By following these steps, you’ll have a fully functional Nginx Proxy Manager setup with wildcard SSL certificates and configured DNS.