Secure Remote Access to Your Homelab with Nginx Proxy Manager + frp
Managing a homelab often means running services you’d like to access from anywhere—without opening your home network to the internet. In this guide, I’ll show you how to securely expose your internal services using Nginx Proxy Manager (NPM) and frp (Fast Reverse Proxy). With this setup, you get the convenience of a web-based UI and the safety of a reverse tunnel, all under your control.
Why This Stack?
- Nginx Proxy Manager gives you a clean UI to manage reverse proxies, subdomains, and SSL certificates—no manual config files required.
- frp securely tunnels traffic from a public VPS to your home, bypassing NATs and ISP firewalls.
- Centralized Access Control: All external traffic is funneled through NPM, giving you instant control over access, SSL, and security settings.
🧩 Architecture Overview
┌───────────────────────────────┐
│ Public Internet │
└──────────────┬────────────────┘
│
[DNS: *.yourdomain.com]
│
┌──────────────▼───────────────┐
│ frps (Server) │
│ (VPS, Public IP, Port 7000+)│
└──────────────┬───────────────┘
│
[FRP Tunnel over 7000]
│
┌──────────────▼───────────────┐
│ frpc (Client) │
│ (Home server, behind NAT) │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ Nginx Proxy Manager (NPM) │
└──────────────┬───────────────┘
│
┌──────────────▼───────────────┐
│ Internal Web Services │
└───────────────────────────────┘
All public traffic hits your VPS, gets tunneled securely via frp, and is reverse proxied by NPM inside your home. No internal service is exposed directly to the internet.
How to Deploy It
1. Clone the Repo
git clone https://github.com/meanii/homelab.git
cd homelab/proxmox/nginxproxymanager
2. Set Up the Tunnel Server (frps) on Your VPS
- Edit
frps/frps.toml- Set a strong dashboard password
- Adjust listening ports if needed
- (Optional) Edit
frps/nginx.confif you want SSL termination on the VPS side - Start the server:
cd frps
docker compose up -d
3. Set Up the Home Stack (NPM + frpc)
- Edit
frpc.tomlwith:- Your VPS IP/domain
- Your wildcard domain (e.g.,
*.yourdomain.com)
- Start the stack:
docker compose up -d
4. Point Your Domain
Set your DNS A record for *.yourdomain.com to the public IP of your VPS.
5. Manage Services via Nginx Proxy Manager
- Access the UI:
http://<home-server-ip>:81
(Default login:admin@example.com / changeme) - Add your internal services as Proxy Hosts
(e.g., Home Assistant, Jellyfin, Nextcloud) - Enable SSL with a single click—Let’s Encrypt certificates are supported out of the box
Centralized Security Control
With this setup:
- Instant Kill Switch: Remove a Proxy Host in NPM to immediately block access.
- Per-Service Security: Apply HTTP auth or IP whitelisting as needed.
- Zero Exposure: Internal services are never directly exposed—access flows only through the NPM reverse proxy.
This means you can fully audit, restrict, and revoke public access anytime, with just a few clicks.
Example Use Cases
- Access your homelab dashboard or media server securely from anywhere
- Host multiple apps on different subdomains with automatic SSL
- Instantly disable access to any service when needed
Final Thoughts
By combining Nginx Proxy Manager and frp, you get:
- A beautiful, centralized UI for managing services and certificates
- Strong network isolation with secure reverse tunneling
- Peace of mind that your homelab isn’t directly exposed
🔗 Check out the full setup and config files on GitHub:
meanii/homelab – proxmox/nginxproxymanager
Try this stack and enjoy secure, hassle-free remote access to all your services—without sacrificing security.
Member discussion