This project is a Docker-based web gateway and Nginx reverse proxy manager. It functions as a containerized network edge designed to route incoming HTTP and HTTPS traffic to backend services using subdomains and subfolders.
The system automates the procurement and renewal of Let's Encrypt SSL certificates via the ACME protocol and various DNS plugins. It includes a mechanism to export and share these certificates through persistent volumes so other containers can utilize the same encryption keys.
Security is handled through a combination of server intrusion prevention, using Fail2Ban to monitor logs and ban malicious IP addresses, and layered authentication middleware. Access to resources can be restricted using local password files, LDAP, or external identity providers, while HTTP traffic is automatically redirected to HTTPS.
The deployment is managed via container orchestration, supporting read-only filesystem modes and template-based proxy routing for internal network addresses.
