Nginx Proxy GuardNginx Proxy Guard

Settings and Management Features

Configure system-wide settings and manage backups and permissions.

The Settings menu is organized into these tabs: Global Settings, CAPTCHA, GeoIP, Bot Filter, Security (WAF Auto-Ban), SSL / ACME, Maintenance, Backups, System Logs, and Filter Subscriptions. (DDNS has been moved out of Settings to the Certificates → DDNS menu.)

Global Nginx Settings

Global settings are split into the Worker, HTTP, Performance, Compression, SSL, Timeout, and Advanced tabs.

Basic Settings

SettingDescriptionDefault
Worker ProcessesNumber of Nginx worker processesauto
Worker ConnectionsMaximum connections per worker1024
Keepalive TimeoutConnection keep-alive duration65 seconds
Client Max Body SizeMaximum request body size100MB

Compression Settings

  • Gzip: Standard compression method
  • Brotli: Improved compression ratio
  • Zstd: Latest high-performance compression

DDoS Protection

  • Connection limit settings
  • Request rate limiting
  • Burst size settings

The Apply Recommended Settings button at the top of Global Settings applies nginx's recommended tuning values (workers, keepalive, compression, SSL, etc.) in bulk and reloads nginx immediately. The Reset button restores the defaults.

Direct IP Access Control (Advanced tab)

Configure the behavior when access is made directly by IP rather than by domain.

OptionDescription
AllowAllow access
Block 403Respond with 403 Forbidden
Block 444Terminate the connection immediately

The Advanced tab also includes DDoS protection settings such as connection limiting and request rate limiting.

System Settings

GeoIP Settings (GeoIP tab)

For the GeoIP database, you enter your MaxMind Account ID and License Key directly in the UI, and the app downloads and updates the database automatically. (You do NOT set MAXMIND_* environment variables — the values are entered on the GeoIP tab and stored in system_settings.)

  • Enable GeoIP: Turn the feature on/off (geoip_enabled)
  • MaxMind Account ID / License Key: Enter in the UI and save (maxmind_account_id, maxmind_license_key). A free GeoLite2 account can be created at MaxMind.
  • Automatic Updates: When enabled, choose a daily/weekly/monthly interval (1d / 7d / 30d) (geoip_auto_update, geoip_update_interval)
  • Update Now: Runs an immediate download when a license key is present
  • Status Card: Shows whether the Country DB / ASN DB are present and the last update time
  • Update History: View recent auto/manual update records (status, duration, DB size)

ACME (Let's Encrypt) Settings (SSL / ACME tab)

  • Email: Email address for certificate issuance
  • Staging Mode: Issue certificates for testing
  • Automatic Renewal: Automatically renew 30 days in advance
  • Renewal Check Interval: 6 hours

Bot Filter Defaults (Bot Filter tab)

Default bot filter settings applied when creating a new proxy host.

  • Malicious bot blocking default
  • AI bot blocking default
  • Search engine allow default
  • Social media bot allow default

WAF Auto-Block Settings (Security tab)

When WAF events exceed a configured count, the offending IP is automatically blocked.

SettingDescriptionDefault
ThresholdNumber of events that trigger a block10
Time WindowEvent aggregation period300 seconds
Block DurationHow long the IP block is maintained3600 seconds

Other Settings Tabs

  • CAPTCHA: Challenge page (automated verification) settings
  • Maintenance: Maintenance mode settings
  • System Logs: Container/system log collection settings
  • Filter Subscriptions: Manage external IP block list subscriptions

Backup & Restore (Backups tab)

Backup Contents

  • Configuration Files: All proxy host settings
  • SSL Certificates: Let's Encrypt and custom certificates
  • Database: Full PostgreSQL dump
  • Nginx Configuration: Entire conf.d directory

Creating Backups

  • Manual Backup: Create a backup immediately
  • Scheduled Backup: Automatic backups on a schedule
  • Retention Policy: Set the maximum number of backups

Backup Management

  • Backup List: View all backups
  • Backup Download: Download for external storage
  • Backup Deletion: Clean up unnecessary backups
  • Backup Statistics: Storage space usage

Restore

  • One-Click Restore: Restore immediately from a selected backup
  • Upload Restore: Upload an external backup file and restore
  • Restore Test: Verify whether a restore is possible

Authentication and Security

2FA, password changes, API tokens, and language/font preferences are managed in the Account Settings modal (opened from the user menu in the top-right), not in the Settings menu tabs. Account Settings tabs: Info / Password / 2FA / API Tokens / Language & Font.

JWT Authentication

  • Stateless token-based authentication
  • Token expiration settings
  • Refresh token support

Two-Factor Authentication (2FA)

  • TOTP: Time-based one-time password
  • Backup Codes: Generate recovery codes
  • QR Code: Link with an authenticator app

API Token Management

  • Granular Permissions: Read/write permissions per resource
  • IP Restriction: Usable only from specific IPs
  • Expiration Date: Set the token validity period
  • Usage Statistics: API call records per token

Login Security

  • Rate Limiting: Limit the number of login attempts
  • IP Tracking: Record login IPs
  • Session Management: View and terminate active sessions

User Settings (Account Settings modal)

The settings below are changed in the Account Settings modal from the user menu. The theme (light/dark) is toggled from the top bar.

Language Settings

  • Korean (ko): Full Korean support
  • English (en): Full English support
  • Browser Auto-Detection: Follow the browser language setting
  • Per-User Settings: Save individual language preferences

Font Settings

You can select a font to suit your preference.

FontCharacteristics
SystemSystem default font
Gowun BatangKorean serif typeface
Noto Sans KRKorean sans-serif typeface
PretendardModern sans-serif typeface
InterOptimized for English

Theme Settings

  • Light Mode: Light background
  • Dark Mode: Dark background
  • System Setting: Follow the OS setting