Key Features
NginxProxyGuard is an enterprise-grade reverse proxy management system that provides powerful security features and an intuitive web UI.
Feature Summary
| Category | Key Features |
|---|---|
| Proxy Management | Multi-domain, WebSocket, Host Clone, Docker Container Browser, Custom Config |
| Load Balancing | Upstream Servers, Health Check, Round Robin / Least Conn / IP Hash |
| Security | WAF (OWASP CRS), Bot Filter, GeoIP Blocking, Rate Limiting, Security Header Presets |
| Certificates | Let's Encrypt Auto-issue/Renewal, HTTP/2, HTTP/3 (QUIC) |
| Monitoring | Real-time Dashboard, World Map Visualization, Detailed Logs |
| Management | Backup/Restore, 2FA, API Tokens, Audit Logs, Config Rollback |
Main Menu Structure
NginxProxyGuard consists of 8 main sections:
1. Dashboard
Monitor real-time system status and traffic.
- 24-hour request statistics and bandwidth monitoring
- Security event summary (WAF blocks, Bot filter, IP blocks)
- Docker container status
- Hourly statistics charts
- World map GeoIP traffic visualization
2. Proxy Hosts
Manage reverse proxy configurations.
- Multi-domain support (multiple domains per host)
- HTTP/HTTPS forwarding and WebSocket support
- Host Cloning: Duplicate existing hosts with all security settings
- Docker Container Browser: Auto-discover Docker containers as proxy targets
- Upstream Load Balancing: Configure multiple backend servers with health checks
- Favorite/Pin: Pin frequently used hosts to the top of the list
- 6 configuration tabs:
- Basic: Domain, backend server, forwarding settings
- SSL: Certificate selection, Let's Encrypt integration
- Security: WAF, GeoIP restrictions, Bot filter
- Protection: Fail2ban, Rate Limiting
- Performance: Caching, compression (gzip, brotli, zstd)
- Advanced: Custom nginx configuration
3. Redirects
Configure URL redirections.
- HTTP → HTTPS automatic redirect
- Path-based redirects
- Multiple status code support (301, 302, 307, 308)
4. WAF / Blocking
Manage Web Application Firewall and blocking rules. 6 sub-tabs:
- WAF Policy: OWASP CRS rules, Detection/Blocking mode, Paranoia level (1-4)
- IP Ban Management: Manual/automatic IP blocking, ban history
- URI Blocking: Path pattern blocking (wp-login.php, etc.)
- Exploit Blocking: SQL Injection, XSS, RFI blocking rules
- Fail2ban: Automatic IP blocking configuration
- WAF Tester: Test attack patterns and verify rules
5. Access Control
Manage IP-based access control lists.
- Create IP whitelists / blacklists
- CIDR notation support
- Per-host access list assignment
6. Certificates
Manage SSL/TLS certificates. 3 sub-tabs:
- Certificate List: Let's Encrypt auto-issue, custom certificate upload
- Issue/Renewal History: Certificate event tracking
- DNS Providers: DNS-01 challenge setup for Cloudflare, Route53, etc.
7. Logs
View and analyze detailed logs. 7 sub-tabs:
- Access Logs: Real-time request logs, GeoIP info, advanced filtering
- WAF Events: ModSecurity block events
- Bot Filter: Blocked bot requests
- Exploit Blocks: SQL/XSS/RFI attack attempts
- System Logs: Docker container and API logs
- Admin Audit: All admin activity tracking
- Raw Files: Direct nginx log file access
8. Settings
Manage system-wide settings. 9 sub-tabs:
- Global Settings: Direct IP access handling, default error pages, security header presets
- CAPTCHA: reCAPTCHA, hCaptcha, Cloudflare Turnstile
- GeoIP: MaxMind integration, database updates
- Bot Filter: 80+ malicious bots, 50+ AI bot blocking rules
- WAF Auto-Ban: Auto IP blocking on WAF violations
- SSL / ACME: Let's Encrypt settings, DNS providers
- Maintenance: Maintenance mode settings
- Backups: System backup/restore, scheduled backups
- System Logs: Docker log collection settings
Detailed Documentation
For detailed information on each feature, see:
- Proxy Host Management - Reverse proxy configuration
- System & UI/UX - Interface and user experience
- SSL/TLS Certificate Management - Certificate automation
- Redirect Hosts - URL redirection
- Web Application Firewall (WAF) - Security rules
- Security Hardening - Advanced security settings
- Bot Protection & Access Control - Bot filter and access control
- Monitoring & Analytics - Logs and analytics
- Settings & Management - System settings