nginx-proxy-manager

Manage Nginx Proxy Manager (NPM) for reverse proxy and SSL termination to internal services like staging/prod apps. Use when creating/updating proxy hosts, requesting or renewing Let's Encrypt certificates, enforcing HTTPS redirects, setting websocket support, or routing domains/subdomains to target servers.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "nginx-proxy-manager" with this command: npx skills add mw-slc/nginx-proxy-manager

Nginx Proxy Manager Workflow

Use this skill to terminate SSL at NPM and route traffic to backend services (staging/prod).

Required inputs

  • Domain/subdomain (e.g. staging.example.com)
  • Public DNS already pointing to NPM public IP
  • Upstream target host/IP + port (e.g. 10.10.10.227:3000)
  • Whether Cloudflare proxy is enabled (if used)

Authentication (do not hardcode secrets)

Store credentials outside this skill (local secret file or environment variables).

Recommended env vars:

  • NPM_BASE_URL (e.g. http://<npm-host>:81)
  • NPM_IDENTITY
  • NPM_SECRET

Example token request:

curl -sS -X POST "$NPM_BASE_URL/api/tokens" \
  -H 'Content-Type: application/json; charset=UTF-8' \
  --data "{\"identity\":\"$NPM_IDENTITY\",\"secret\":\"$NPM_SECRET\"}"

Standard setup flow

  1. Confirm DNS resolves to NPM public IP.
  2. Create or update Proxy Host in NPM:
    • Domain Names: requested host(s)
    • Scheme: http (or https if upstream is TLS)
    • Forward Hostname/IP: upstream IP/hostname
    • Forward Port: app port
    • Enable:
      • Block Common Exploits
      • Websockets Support
  3. SSL tab:
    • Request new SSL certificate (Let's Encrypt)
    • Enable Force SSL
    • Enable HTTP/2 Support
    • Enable HSTS only after validation
  4. Save and verify:
    • curl -I https://<domain> returns 200/301
    • Browser check for valid certificate and app reachability

Recommended defaults

  • Keep upstream as private IP where possible.
  • Use separate hostnames per environment:
    • app.example.com → production
    • staging.example.com → staging
  • Avoid wildcard certificates unless explicitly needed.

Troubleshooting

  • Certificate issuance fails:
    • Check DNS A/AAAA records
    • Ensure ports 80/443 reach NPM
    • Disable conflicting CDN TLS mode or set to Full/Strict appropriately
  • 502 Bad Gateway:
    • Verify upstream container/service is running
    • Verify correct target port and local firewall rules
  • Redirect loops:
    • Don’t double-force HTTPS (app + proxy misconfiguration)

Publication hygiene checklist

Before sharing/publishing this skill:

  • Remove all real IPs, domains, emails, and tokens.
  • Keep only placeholders like example.com and <npm-host>.
  • Ensure no local credential file paths or secret values are included.

Safety rules

  • Never remove existing production proxy hosts unless explicitly requested.
  • For changes on production domains, snapshot/export config or document previous values first.
  • Apply changes to staging first when possible.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Partycraft

Provides customized event planning for weddings, birthdays, and corporate events, including budgets, checklists, invitations, timelines, and vendor lists.

Registry SourceRecently Updated
1020bytesagain1
General

Logbook

Logbook - command-line tool for everyday use

Registry SourceRecently Updated
910ckchzh
General

task-plan-generator_cn

为复杂任务生成多方案任务计划,并在执行过程中持续优化。适用于:1) 用户提出需要多步骤完成的任务;2) 需要协调多个工具或skill的复杂工作流;3) 需要评估不同执行策略的场景。此skill会在每次任务完成后生成简报归档,分析任务复杂度并提供效率/成功率/资源消耗等多种方案供选择。

Registry SourceRecently Updated
00louisding9527
General

Vision

Vision - command-line tool for everyday use

Registry SourceRecently Updated
3740xueyetianya