Proxy Basics

How to Access Nginx Proxy Manager: Default Login, IP, and Dashboard Guide [2026]

How to Access and Configure Nginx Proxy Manager (2025)

Nginx Proxy Manager (NPM) acts as a sophisticated frontend for the Nginx engine, simplifying the management of reverse proxies, SSL termination, and access control lists (ACLs). Unlike the raw Nginx configuration which requires editing text files and restarting the daemon, NPM provides a graphical UI. However, before you can manage traffic, you must successfully access the dashboard.

This guide covers the architecture of access, default credentials, network security, and troubleshooting common connection errors like ERR_TOO_MANY_REDIRECTS and ERR_HTTP2_PROTOCOL_ERROR.

---

1. Understanding NPM Access Ports and Networking

When you deploy NPM (typically via Docker), the application runs inside a container listening on specific internal ports. You must map these internal ports to ports on your host machine to access them from the outside world.

Default Port Mapping

NPM utilizes three primary ports that must be mapped in your Docker Compose or Run configuration:

| Internal Port | Purpose | Host Port Recommendation | | :--- | :--- | :--- | | 80 | HTTP Traffic | 80 or 8080 | | 443 | HTTPS Traffic | 443 | | 81 | Admin UI Interface | 81 (or 81,8181) |

How to Connect: 1. Localhost: If accessing from the machine hosting NPM, go to http://localhost:81. 2. Remote IP: If accessing from another device on the network, use the server's LAN IP: http://192.168.x.x:81. 3. Domain: If you have already set up a DNS A record pointing to your server, you can access it via http://your-domain.com:81.

> Pro Tip: Port 81 is the default for the UI to avoid conflicts with the main Nginx process handling traffic on Port 80/443. You can change this mapping in your docker-compose.yml file.

Docker Compose Configuration

Ensure your ports are exposed correctly. A common docker-compose.yml snippet looks like this:

services:

nginx-proxy-manager: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80'    # Public HTTP - '443:443'  # Public HTTPS - '81:81'    # Admin Web Port # OR use a secure port like 81:8181 if you want to hide it from the public web initially.

---

2. Default Credentials and First Login

NPM enforces a security policy requiring you to update the default administrator password immediately after the first installation.

Default Credentials:

  • Email Address: admin@example.com
  • Password: changeme

    • Step-by-Step Login Process:

    1. Navigate to the IP:Port in your browser (e.g., http://192.168.1.50:81). 2. Enter admin@example.com and changeme. 3. The dashboard will instantly redirect you to a "Change Password" screen. 4. Enter your new strong password (use a password manager) and display name. 5. Click Save. You are now dropped into the main dashboard.

    Resetting Lost Passwords

    If you forget your custom password, you cannot recover it via email unless you have configured SMTP. Instead, you must reset it via the database (SQLite or MySQL).

    The Python Fix (SQLite): If you are using the default SQLite database, you can use a simple Python script to hash a new password and update the database directly. This avoids the complexity of installing npm packages just for a reset.

    import sqlite3

    import bcrypt
    

    Path to your database (usually mounted in docker volume)
    

    db_path = 'data/database.sqlite' new_password = 'YourNewSecurePassword'
    

    Generate bcrypt hash (10 rounds is standard for NPM)
    

    password_bytes = new_password.encode('utf-8') hashed = bcrypt.hashpw(password_bytes, bcrypt.gensalt(rounds=10))
    

    Connect and update
    

    conn = sqlite3.connect(db_path) cursor = conn.cursor() try: # The id 1 is usually the main admin user cursor.execute("UPDATE user SET password=?, email='admin@example.com' WHERE id=1", (hashed.decode('utf-8'),)) conn.commit() print("Password reset successfully. Login with admin@example.com and 'YourNewSecurePassword'") except Exception as e: print(f"Error: {e}") finally: conn.close()

    ---

    3. Exposing the Admin Panel Securely

    Accessing NPM via an IP address and port (e.g., 192.168.1.50:81) is fine for home labs, but for production environments, you should proxy the Admin UI through the domain you are managing.

    How to Proxy the Admin Panel

    1. Prepare NPM: Go to the NPM Dashboard. You must be able to access the existing port 81 interface to do this setup. 2. Add Proxy Host: * Domain Names: npm.yourdomain.com (ensure this DNS A record points to your server IP). * Scheme: http * Forward Hostname/IP: 127.0.0.1 (Localhost). * Forward Port: 81 (The internal port of the NPM UI). 3. SSL: Select "Request a new SSL Certificate" (Let's Encrypt) and enable "Force SSL". 4. Cache Assets: Turn this OFF for the Admin UI to prevent login issues.

    Now, you can access the UI at https://npm.yourdomain.com on the standard port 443.

    > Warning: If you get an ERR_SSL_UNRECOGNIZED_NAME_ALERT, check your SSL provider settings. Sometimes, Cloudflare SSL needs to be set to "Full" or "Full (Strict)" rather than "Flexible".

    ---

    4. Troubleshooting Common Access Issues

    Sometimes, despite correct configuration, you cannot access the dashboard.

    Error: Connection Refused / Timed Out

  • Cause: Firewall (UFW/iptables) is blocking port 81.
  • Fix: Allow traffic on the port.
    •     sudo ufw allow 81/tcp

    sudo ufw reload

    Error: 502 Bad Gateway

  • Cause: The Docker container is not running, or the port mapping is wrong.
  • Fix: Run docker ps. Ensure the container is "Up". Check the logs: docker logs nginx-proxy-manager.

    • Error: ERR_TOO_MANY_REDIRECTS

    This often happens when setting up the Admin Host proxy.

  • Cause: You likely enabled "Cache Assets" on the proxy host for the NPM UI, or you are forwarding to port 443/80 instead of the UI port 81.
  • Fix: Disable caching and ensure the Forward Port matches the internal UI port (81).

    • Error: ERR_HTTP2_PROTOCOL_ERROR

  • Cause: HTTP/2 negotiation failure, often related to large headers or specific SSL cipher mismatches between Nginx and the browser.
  • Fix: In the Advanced tab of the Proxy Host, try disabling HTTP/2 for that specific host:
    http2 off;

---

5. Advanced Access: CrowdSec Integration

As of 2025, security is paramount. Accessing your proxy manager exposes a login endpoint to the internet. To protect against brute-force attacks, many experts integrate CrowdSec.

The keyword "crowsec nginx proxy manager bouncer" is popular because it allows NPM to read CrowdSec decisions and ban malicious IPs.

1. Setup CrowdSec: Install CrowdSec on the host. 2. Install the Nginx Bouncer: This places a ban logic in the Nginx configuration. 3. Benefit: If an IP attempts to brute force admin@example.com, CrowdSec temporarily bans them at the firewall level before they even reach the NPM application logic.

---

Summary Checklist

1. Local Access: http://:81 2. Defaults: admin@example.com / changeme 3. Firewall: Ensure ports 80, 443, and 81 are open. 4. Security: Change password immediately; consider limiting access by IP (Access Lists) or using CrowdSec.

Updated January 5, 2026
Ask me anything!