Nginx Proxy GuardNginx Proxy Guard

Introducing Nginx Proxy Guard

A modern reverse proxy management system with a powerful WAF, bot protection, GeoIP blocking, and rate limiting.

Nginx Proxy Guard is a next-generation reverse proxy management system built on Nginx. It delivers enterprise-grade security alongside an intuitive web UI, protecting your web applications through comprehensive security layers including the ModSecurity WAF, bot protection, GeoIP blocking, and rate limiting.

Documentation Image

Why Nginx Proxy Guard?

Nginx Proxy Guard is designed to meet modern security requirements.

FeatureNginx Proxy GuardNginx Proxy Manager
WAFModSecurity v3.0.15 + OWASP CRS v4.26.0Limited / none
ForwardAuthAuthelia/Authentik/Custom SSO, reusable auth providersNone
Bot Protection80+ malicious bots, 50+ AI bots, 40+ search engine whitelistBasic blocking only
GeoIPMaxMind integration, per-country blocking/challengeLimited
HTTP/3Full QUIC supportMostly unsupported
Challenge SystemreCAPTCHA v2/v3, hCaptcha, TurnstileNone / basic
Log AnalyticsGeoIP, visualization, advanced filtering, autocompleteBasic logs only
MultilingualFull Korean/English supportEnglish only
Cloud BlockingBlock cloud IPs from AWS, Azure, GCP, and moreNone
2FA AuthenticationTOTP + backup codesLimited
Load BalancingUpstream servers, health checks, 4 distribution methodsNone
TCP/UDP StreamsL4 stream proxy (TCP/UDP), SSL preread/terminationNone
DDNSCloudflare, DuckDNS, Dynu dynamic DNS auto-updateNone
Filter SubscriptionsSubscribe to external bot/IP block lists with auto-updateNone
Host CloningOne-click cloning (including security settings)None
Config RollbackAutomatic rollback on nginx -t failureNone
Security Header PresetsOne-click Strict/Moderate/Relaxed presetsNone / limited

Key Features

Proxy Management

  • Multiple Domains: Attach multiple domains per host (SNI support)
  • WebSocket: Full WebSocket upgrade support for real-time communication
  • Host Cloning: Quickly clone all settings from an existing host to a new domain
  • Docker Container Discovery: Automatically discover and select proxy targets in Docker environments
  • Upstream Load Balancing: Multiple backend servers, health checks, 4 distribution methods (Round Robin / Least Conn / IP Hash / Random)
  • TCP/UDP Streams: L4 stream proxy with SSL preread (passthrough) and termination support
  • Custom Configuration: Directly edit location blocks and advanced Nginx settings

WAF & Security

  • ModSecurity v3.0.15: Integration with the latest WAF engine
  • OWASP CRS v4.26.0: Powered by the latest Core Rule Set
  • Paranoia Level: Tune security strength with levels 1-4
  • WAF Testing: A pattern testing interface to prevent false positives upfront
  • Auto Blocking: Automatically block IPs that exceed thresholds (Fail2ban-style)

Bot Protection & Access Control

  • 80+ Malicious Bot Signatures: Block SEO scrapers, content crawlers, and security scanners
  • 50+ AI Bot Detection: GPTBot, ClaudeBot, Bytespider, Perplexity, and more
  • 40+ Search Engine Whitelist: Allow Google, Bing, Yandex, Naver, and more
  • Social Link Previews: Allow Facebook, Twitter, Discord, Slack, and Telegram bots
  • Challenge Mode: Option to show a CAPTCHA instead of blocking

GeoIP Access Control

  • Per-Country Block/Allow: Whitelist/blacklist modes
  • Priority Allow IPs: Configure IPs that bypass regional blocking
  • Challenge Mode: Request verification with a CAPTCHA instead of blocking
  • Automatic Updates: Automatically refresh the MaxMind GeoIP database

Certificates & DDNS

  • Let's Encrypt Automation: Auto-issue and renew certificates via HTTP-01 / DNS-01 challenges
  • DNS Providers: DNS-01 challenge integration for Cloudflare, Route53, and more
  • DDNS Auto-Update: Automatically update Cloudflare, DuckDNS, and Dynu dynamic DNS records
  • Custom Certificates: Upload your own certificates

Filter Subscriptions

  • External Block Lists: Subscribe to bot/IP block lists from external sources
  • Automatic Updates: Periodically refresh subscribed filter lists

Monitoring & Analytics

  • Real-Time Dashboard: 24-hour request statistics, bandwidth, and security events
  • Interactive World Map: Visualize traffic based on GeoIP
  • Advanced Log Analytics: Filtering, search, autocomplete, and visualization charts
  • Audit Logs: History of admin activity, API token usage, and configuration changes

User Experience

  • Dark Mode: Automatically detect system settings or switch manually
  • Multilingual Support: Full Korean/English support with automatic browser detection
  • Font Settings: Choose from Pretendard, Noto Sans KR, Inter, and more
  • Responsive Design: Full support for mobile, tablet, and desktop

Tech Stack

CategoryTechnology
Web ServerNginx 1.30.2 (HTTP/3 QUIC)
WAFModSecurity v3.0.15 + OWASP CRS v4.26.0
BackendGo 1.26 (Echo v4)
FrontendReact 19 + TypeScript 6 + Vite 8 + TailwindCSS 4
DatabaseTimescaleDB (PostgreSQL 17)
CacheValkey 9 (Redis-compatible)
GeoIPMaxMind GeoLite2
AuthenticationJWT + TOTP (2FA)