Nginx Proxy GuardNginx Proxy Guard

Key Features

NginxProxyGuard is an enterprise-grade reverse proxy management system that provides powerful security features and an intuitive web UI.

Feature Summary

CategoryKey Features
Proxy ManagementMulti-domain, WebSocket, Host Clone, Docker Container Browser, Custom Config
Stream (L4)TCP/UDP stream proxy, SSL preread (passthrough) / termination
Load BalancingUpstream Servers, Health Check, Round Robin / Least Conn / IP Hash / Random
SecurityWAF (OWASP CRS), ForwardAuth SSO (Authelia/Authentik), Bot Filter, GeoIP Blocking, Rate Limiting, Security Header Presets
CertificatesLet's Encrypt Auto-issue/Renewal, DNS-01, DDNS (Cloudflare/DuckDNS/Dynu), HTTP/2, HTTP/3 (QUIC)
MonitoringReal-time Dashboard, World Map Visualization, Detailed Logs
ManagementBackup/Restore, 2FA, API Tokens, Audit Logs, Filter Subscriptions, Config Rollback

NginxProxyGuard consists of 8 main sections:

1. Dashboard

Monitor real-time system status and traffic.

  • 24-hour request statistics and bandwidth monitoring
  • Security event summary (WAF blocks, Bot filter, IP blocks)
  • Docker container status
  • Hourly statistics charts
  • World map GeoIP traffic visualization

2. Proxy Hosts

Manage reverse proxy configurations.

  • Multi-domain support (multiple domains per host)
  • HTTP/HTTPS forwarding and WebSocket support
  • Host Cloning: Duplicate existing hosts with all security settings
  • Docker Container Browser: Auto-discover Docker containers as proxy targets
  • Upstream Load Balancing: Configure multiple backend servers with health checks
  • TCP/UDP Stream (L4): TCP/UDP stream proxy in addition to HTTP mode (SSL preread / termination)
  • Favorite/Pin: Pin frequently used hosts to the top of the list
  • 7 configuration tabs:
    • Basic: Proxy type (HTTP/Stream), domain, backend server, forwarding settings
    • Upstream: Multiple backend servers, distribution method, health checks
    • SSL: Certificate selection, Let's Encrypt integration
    • Security: WAF, GeoIP restrictions, Bot filter
    • Protection: Fail2ban, Rate Limiting
    • Performance: Caching, compression (gzip, brotli, zstd)
    • Advanced: Custom nginx configuration

3. Redirects

Configure URL redirections.

  • HTTP → HTTPS automatic redirect
  • Path-based redirects
  • Multiple status code support (301, 302, 307, 308)

4. WAF / Blocking

Manage Web Application Firewall and blocking rules. 6 sub-tabs:

  • WAF Policy: OWASP CRS rules, Detection/Blocking mode, Paranoia level (1-4)
  • IP Ban Management: Manual/automatic IP blocking, ban history
  • URI Blocking: Path pattern blocking (wp-login.php, etc.)
  • Exploit Blocking: SQL Injection, XSS, RFI blocking rules
  • Fail2ban: Automatic IP blocking configuration
  • WAF Tester: Test attack patterns and verify rules

5. Access Control

Manage IP-based access control lists.

  • Create IP whitelists / blacklists
  • CIDR notation support
  • Per-host access list assignment

6. Certificates

Manage SSL/TLS certificates and DDNS. 4 sub-tabs:

  • Certificate List: Let's Encrypt auto-issue, custom certificate upload
  • Issue/Renewal History: Certificate event tracking
  • DNS Providers: DNS-01 challenge setup for Cloudflare, Route53, etc.
  • DDNS: Dynamic DNS auto-update (Cloudflare, DuckDNS, Dynu)

7. Logs

View and analyze detailed logs. 7 sub-tabs:

  • Access Logs: Real-time request logs, GeoIP info, advanced filtering
  • WAF Events: ModSecurity block events
  • Bot Filter: Blocked bot requests
  • Exploit Blocks: SQL/XSS/RFI attack attempts
  • System Logs: Docker container and API logs
  • Admin Audit: All admin activity tracking
  • Raw Files: Direct nginx log file access

8. Settings

Manage system-wide settings. 10 sub-tabs:

  • Global Settings: Direct IP access handling, default error pages, security header presets
  • CAPTCHA: reCAPTCHA, hCaptcha, Cloudflare Turnstile
  • GeoIP: MaxMind integration, database updates
  • Bot Filter: 80+ malicious bots, 50+ AI bot blocking rules
  • Security: Auto IP blocking on WAF violations
  • SSL / ACME: Let's Encrypt settings, DNS providers
  • Maintenance: Maintenance mode settings
  • Backups: System backup/restore, scheduled backups
  • System Logs: Docker log collection settings
  • Filter Subscriptions: Subscribe to external bot/IP block lists with auto-update

Detailed Documentation

For detailed information on each feature, see: