Erugo
Star on GitHub
About Docs Get Started

Reverse Proxy Setup

A reverse proxy sits in front of Erugo and handles SSL/TLS encryption, allowing you to access your instance securely over HTTPS with a custom domain.

Why use a reverse proxy?

A reverse proxy provides HTTPS encryption, custom domain support, and can handle multiple services on the same server. It's essential for any public-facing deployment.

Before You Begin

You'll need:

  • A domain name — Pointed to your server's IP address
  • Erugo running — Following the Quick Start guide
  • Ports 80 and 443 available — For HTTP and HTTPS traffic

Option 1: Nginx Proxy Manager

Nginx Proxy Manager (NPM) provides a web interface for managing reverse proxies with automatic SSL certificate generation. It's the easiest option for most users.

Install Nginx Proxy Manager

Create a new directory and docker-compose file for NPM:

Terminal 
mkdir nginx-proxy-manager && cd nginx-proxy-manager
docker-compose.yml 
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '443:443'
      - '81:81'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - nginx_internal_network

networks:
  nginx_internal_network:
    name: nginx_internal_network
    driver: bridge

Start Nginx Proxy Manager:

Terminal 
docker compose up -d

Access NPM Admin Panel

Open your browser and go to http://YOUR_SERVER_IP:81

Default login credentials:

Change credentials immediately

You'll be prompted to change these on first login. Use a strong password.

Update Erugo Configuration

Modify your Erugo docker-compose.yml to connect to the NPM network and remove the port mapping:

erugo/docker-compose.yml 
services:
  app:
    image: wardy784/erugo:latest
    restart: unless-stopped
    container_name: erugo
    volumes:
      - ./erugo-storage:/var/www/html/storage
    networks:
      - nginx_internal_network

networks:
  nginx_internal_network:
    external: true

Restart Erugo with the new configuration:

Terminal 
docker compose down && docker compose up -d

Add Proxy Host

In the NPM admin panel:

  1. Click HostsProxy Hosts
  2. Click Add Proxy Host
  3. Configure the Details tab:
Setting Value
Domain Names Your domain (e.g., files.example.com)
Scheme http
Forward Hostname / IP erugo
Forward Port 80
Websockets Support Enabled
Block Common Exploits Enabled
Nginx Proxy Manager proxy host configuration dialog showing domain, scheme, forward hostname, and port settings
Configure the proxy host details in the NPM admin panel

Configure SSL

  1. Click the SSL tab
  2. Select Request a new SSL Certificate
  3. Enable Force SSL
  4. Enable HTTP/2 Support
  5. Enter your email for Let's Encrypt notifications
  6. Agree to the Terms of Service
  7. Click Save
Nginx Proxy Manager SSL configuration dialog showing certificate request options and Let's Encrypt settings
Configure SSL certificate settings in the SSL tab
Done!

Your Erugo instance is now accessible at https://files.example.com (your domain). SSL certificates will renew automatically.

Option 2: Caddy

Caddy is a modern web server with automatic HTTPS. It's simpler to configure than Nginx but doesn't have a web interface.

Caddyfile 
files.example.com { 
    reverse_proxy erugo:80
}
docker-compose.yml 
services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./caddy_data:/data
      - ./caddy_config:/config
    networks:
      - erugo_network

networks:
  erugo_network:
    external: true

Caddy automatically obtains and renews SSL certificates from Let's Encrypt.

Option 3: Traefik

Traefik is a powerful reverse proxy designed for containerized environments. It automatically discovers services and configures routing.

docker-compose.yml (Traefik) 
services:
  traefik:
    image: traefik:v3.0
    restart: unless-stopped
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "[email protected]"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./letsencrypt:/letsencrypt
    networks:
      - erugo_network

networks:
  erugo_network:
    external: true

Add labels to your Erugo service to enable Traefik routing:

Erugo labels for Traefik 
services:
  app:
    image: wardy784/erugo:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.erugo.rule=Host(`files.example.com`)"
      - "traefik.http.routers.erugo.entrypoints=websecure"
      - "traefik.http.routers.erugo.tls.certresolver=letsencrypt"
    networks:
      - erugo_network

Update Erugo Settings

After setting up your reverse proxy, update the Application URL in Erugo's settings:

  1. Log in to Erugo as an administrator
  2. Go to SettingsGeneral
  3. Set Application URL to your domain (e.g., https://files.example.com)
  4. Save changes
Important

The Application URL is used for generating share links in emails. Make sure it's set correctly or recipients won't be able to access shared files.

Related Guides