Debian 12 – Docker + Nginx Proxy Manager + 4 GB Swap – Installationsanleitung

20. September 2025

Das nachfolgende Bash-Script ist dafür gedacht auf einem frisch installierten Debian 12 den Nginx Proxy Manager in einem Docker Container zu installieren. Im Script muss der Standardbenutzer und das Passwort angepasst werden. Das Admin-Panel ist später auf Port 81 verfügbar. Zusätzlich erstellt das Script ein Swap File mit einer Größe von 4 GB.

Ich empfehle den Zugang zu Port 81, wie auch SSH mit einer Firewall zu beschränken.

Datei anlegen, Rechte setzen und bearbeiten:

touch install.sh
chmod +x install.sh
nano install.sh

Inhalt einfügen (Benutzer und Passwort vorher anpassen, ggf. Größe des Swapfiles anpassen):

#!/bin/bash
set -euo pipefail

# ------------------------------------------------------------
# Docker Engine + Nginx Proxy Manager (via Docker Compose)
# Tested on Debian (bookworm). Run this script with sudo.
# ------------------------------------------------------------

echo "=== Updating package list ==="
apt-get update -y

echo "=== Installing required dependencies ==="
apt-get install -y ca-certificates curl gnupg lsb-release

echo "=== Setting up keyrings directory ==="
install -m 0755 -d /etc/apt/keyrings

echo "=== Downloading Docker GPG key ==="
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

echo "=== Adding Docker repository to Apt sources ==="
ARCH="$(dpkg --print-architecture)"
CODENAME="$(. /etc/os-release && echo "$VERSION_CODENAME")"
echo "deb [arch=${ARCH} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian ${CODENAME} stable" \
  | tee /etc/apt/sources.list.d/docker.list > /dev/null

echo "=== Updating package list ==="
apt-get update -y

echo "=== Installing Docker Engine and related packages ==="
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

echo "=== Ensuring Docker is running ==="
systemctl enable --now docker
if systemctl is-active --quiet docker; then
  echo "✅ Docker is active."
else
  echo "⚠️ Docker is not active. Attempting to start..."
  systemctl start docker
fi

# ------------------------------------------------------------
# Nginx Proxy Manager setup (Docker Compose)
# ------------------------------------------------------------
NPM_DIR="/opt/nginx-proxy-manager"
echo "=== Creating Nginx Proxy Manager directory at ${NPM_DIR} ==="
mkdir -p "${NPM_DIR}"
cd "${NPM_DIR}"

echo "=== Writing docker-compose.yml ==="
cat > docker-compose.yml <<'YAML'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80'   # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81'   # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'

      # Initial admin account (as requested)
      INITIAL_ADMIN_EMAIL: "[email protected]"
      INITIAL_ADMIN_PASSWORD: "CHANGEthisPASSWORDbeforeINSTALLATION"

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
      MARIADB_AUTO_UPGRADE: '1'
    volumes:
      - ./mysql:/var/lib/mysql
YAML

echo "=== Creating data directories (if not present) ==="
mkdir -p data letsencrypt mysql

echo "=== Bringing up Nginx Proxy Manager stack ==="
docker compose pull
docker compose up -d

echo "=== Done! ==="
IP_ADDR=$(hostname -I 2>/dev/null | awk '{print $1}')
echo
echo "Nginx Proxy Manager should now be starting."
echo "Admin UI: http://${IP_ADDR:-<your-server-ip>}:81"
echo "Initial admin email: [email protected]"
echo "Initial admin password: CHANGEthisPASSWORDbeforeINSTALLATION"
echo
echo "Useful commands:"
echo "  cd ${NPM_DIR}"
echo "  docker compose logs -f             # follow logs"
echo "  docker compose ps                  # container status"
echo "  docker compose restart app db      # restart services"

#create swapfile

SWAPFILE="/swapfile"
SIZE="4G"

echo "[+] Creating ${SIZE} swap file at ${SWAPFILE}..."

# Create swap file
if command -v fallocate >/dev/null 2>&1; then
    sudo fallocate -l $SIZE $SWAPFILE
else
    echo "[!] fallocate not found, using dd instead..."
    sudo dd if=/dev/zero of=$SWAPFILE bs=1M count=4096 status=progress
fi

# Set permissions
sudo chmod 600 $SWAPFILE

# Make swap
sudo mkswap $SWAPFILE

# Enable swap
sudo swapon $SWAPFILE

# Add to /etc/fstab if not already present
if ! grep -q "$SWAPFILE" /etc/fstab; then
    echo "[+] Adding swap entry to /etc/fstab..."
    echo "$SWAPFILE none swap sw 0 0" | sudo tee -a /etc/fstab
fi

echo "[+] Swap file created and enabled successfully."
swapon --show
free -h

Nach dem Speichern kann die automatische Installation mit

./install.sh

gestartet werden.

Damit auf dem Zielsystem die richtige IP-Adresse der Clients angezeigt wird muss die nginx Konfiguration entsprechend angepasst werden (Proxy vertrauen, IP des Proxy-Servers angeben):

set_real_ip_from 1.1.1.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

In machen Fällen kann es sinnvoll sein, einen Cache auszuschließen, daher anbei optionale Proxy Zusatzkonfigurationen:

proxy_no_cache        $http_authorization;
proxy_cache_bypass    $http_authorization;
proxy_no_cache        $cookie_session;
proxy_cache_bypass    $cookie_session;

nginx Cache nutzbar machen

Um einen echten Cache zu aktivieren und für Proxy Hosts nutzbar zu machen, müssen einige Änderungen vorgenommen werden:

Allgemein

nginx Cache nutzbar machen

Schreibe einen Kommentar Antwort abbrechen