Comment on page

Setup exbuilder deployer

Great! Now that you've got your server and its domain name, you can setup exbuilder deployer. If you haven't already, check out the Overview video, which explains what exbuilder deployer is doing (and why!). Then, follow the steps below to set exbuilder deployer up on your server. There is another video tutorial to walk you through this part if that's helpful to you.
Setup exbuilder deployer: getting started with exbuilder deployer

Getting started

To get started using exbuilder deployer, clone the exbuilder/deployer repository. From your server's root direcory, run:
git clone https://github.com/exbuilder/deployer.git

Initial configuration

To configure exbuilder deployer, you need to create a .env file to set some passwords for the deployer's database. From the deployer directory, run
cp .env.sample .env
Then, use nano to edit the two passwords in your .env file. You can make these anything you like. Use control x to exit nano and save your changes.
nano .env

Start exbuilder deployer

Now you are ready to start the deployer's containers. From the deployer directory, run
docker-compose up -d
Then, check to make sure the exbuilder_deployer network has been created with
docker network list
The first build can take a few minutes. Once everything is built, you should have two containers with the following names:
  • nginxproxymanager
  • nginxproxymanager_db
You can check that the containers were stared with
docker ps
Now you can visit yourwebsite.com:81 - provided you have already created a domain name with * and @ A records - to access deployer's nginx proxy manager! The first time you login, use the credientials:
password: changeme
When you do, you'll be prompted to change your login and password. You can also access your ngnix proxy manager from your server's IP address on port 81.

Secure your nginx proxy mangager

You are now hosting your very own nginx proxy manager inside a container on your server called nginxproxymanager - hooray! Self-hosting means you are holding all of your own data, including any login credentials you use to access your nginx proxy manager (this database is in your nginxproxymanager_db container).

Add proxy host with SSL cert

To access your nginx proxy mangager, you'll need to visit your website at port 81: yourwebsite.com:81. We can demonstrate the utility of the proxy manager by creating a subdomain -for example, manage.yourwebsite.com - that points visitors directly to the nginxproxymanager container for this purpose. Because you are running your nginx proxy manager on the exbuilder_deployer docker network, it has access to all of the containers on that network.
This means you can select Add proxy host, and add a subdomain of your choice (e.g. manage.yourwebsite.com). Then, select http as the Scheme and use nginxproxymanager (the name of the docker container on the exbuilder_deployer network) as the Forward Hostname . You'll also need to choose 81 as the Forwarding Port (the port that container is listenting on) and toggle on Block Common Exploits.
Add proxy host
Before you save, you can secure things a bit more by navigating to the SSL tab to obtain an SSL cert for this subdomain. Select Request a new SSL Certificate and then toggle on: Force SSL, HTTP/2 Support, and HSTS Enabled. Enter your email address and toggle on I Agree to the Let's Encrypt Terms of Service. Then save your new proxy host!
Request SSL certificate
Check that it works by visiting the subdomain manage.yourwebsite.com.

Add access list

Wonderful! Now you can manage all of your proxy hosts at manage.yourwebsite.com. At the moment, anyone on the internet can visit this site. Visitors need login credentials to do anything, but you may wish to secure things a bit more to ensure only authorized users can access this site in the first place.
Your nginx proxy manager provides a way to do this with Access Lists. From the Access List menu, click Add Access List. Give your list a name so you can identify what it is for (e.g. managers). There are two ways to restrict access:
  1. 1.
    Authorization: You add usernames and passwords that visitors will have to enter to access your subdomain.
  2. 2.
    Access: You deny access to all IP addresses, except those you explicitly allow in the list.
On the details menu, you can toggle on Satisfy Any if visitors can satisfy either the Authorization or Access methods. Once you've selected your methods, edit the proxy host's Access List to select your newly created access list.