nginx-proxy-manager

Manage Nginx Proxy Manager (NPM) for reverse proxy and SSL termination to internal services like staging/prod apps. Use when creating/updating proxy hosts, requesting or renewing Let's Encrypt certificates, enforcing HTTPS redirects, setting websocket support, or routing domains/subdomains to target servers.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "nginx-proxy-manager" with this command: npx skills add mw-slc/nginx-proxy-manager

Nginx Proxy Manager Workflow

Use this skill to terminate SSL at NPM and route traffic to backend services (staging/prod).

Required inputs

  • Domain/subdomain (e.g. staging.example.com)
  • Public DNS already pointing to NPM public IP
  • Upstream target host/IP + port (e.g. 10.10.10.227:3000)
  • Whether Cloudflare proxy is enabled (if used)

Authentication (do not hardcode secrets)

Store credentials outside this skill (local secret file or environment variables).

Recommended env vars:

  • NPM_BASE_URL (e.g. http://<npm-host>:81)
  • NPM_IDENTITY
  • NPM_SECRET

Example token request:

curl -sS -X POST "$NPM_BASE_URL/api/tokens" \
  -H 'Content-Type: application/json; charset=UTF-8' \
  --data "{\"identity\":\"$NPM_IDENTITY\",\"secret\":\"$NPM_SECRET\"}"

Standard setup flow

  1. Confirm DNS resolves to NPM public IP.
  2. Create or update Proxy Host in NPM:
    • Domain Names: requested host(s)
    • Scheme: http (or https if upstream is TLS)
    • Forward Hostname/IP: upstream IP/hostname
    • Forward Port: app port
    • Enable:
      • Block Common Exploits
      • Websockets Support
  3. SSL tab:
    • Request new SSL certificate (Let's Encrypt)
    • Enable Force SSL
    • Enable HTTP/2 Support
    • Enable HSTS only after validation
  4. Save and verify:
    • curl -I https://<domain> returns 200/301
    • Browser check for valid certificate and app reachability

Recommended defaults

  • Keep upstream as private IP where possible.
  • Use separate hostnames per environment:
    • app.example.com → production
    • staging.example.com → staging
  • Avoid wildcard certificates unless explicitly needed.

Troubleshooting

  • Certificate issuance fails:
    • Check DNS A/AAAA records
    • Ensure ports 80/443 reach NPM
    • Disable conflicting CDN TLS mode or set to Full/Strict appropriately
  • 502 Bad Gateway:
    • Verify upstream container/service is running
    • Verify correct target port and local firewall rules
  • Redirect loops:
    • Don’t double-force HTTPS (app + proxy misconfiguration)

Publication hygiene checklist

Before sharing/publishing this skill:

  • Remove all real IPs, domains, emails, and tokens.
  • Keep only placeholders like example.com and <npm-host>.
  • Ensure no local credential file paths or secret values are included.

Safety rules

  • Never remove existing production proxy hosts unless explicitly requested.
  • For changes on production domains, snapshot/export config or document previous values first.
  • Apply changes to staging first when possible.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Huo15 Xiaohongshu

Use when the user wants to write, analyze, or improve Xiaohongshu (小红书) content — drafting notes, coaching writing skills, diagnosing AI-speak or Jarvis-trap...

Registry SourceRecently Updated
3300zhaobod1
General

Openclaw Nextcloud

Manage Notes, Tasks, Calendar, Files, and Contacts in your Nextcloud instance via CalDAV, WebDAV, and Notes API. Use for creating notes, managing todos and c...

Registry SourceRecently Updated
3.9K7keithvassallomt
General

Twenty CRM

Twenty CRM API integration with managed authentication. Manage companies, people, opportunities, notes, and tasks. Use this skill when users want to interact...

Registry SourceRecently Updated
1870byungkyu
General

Vercel

Vercel API integration with managed OAuth. Manage projects, deployments, domains, teams, and environment variables. Use this skill when users want to interac...

Registry SourceRecently Updated
1770byungkyu