Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)


  • Access to a SaaS tenant on (WebUI for SaaS management) Follow the instructions available here:

pageSign-Up and Login to Portal
  • Agent profile created for open-appsec Docker deployment in SaaS tenant Follow the instructions available here. Once done, don't forget to copy the profile token after policy installation as this is needed in the installation steps further below:

pageCreate a Profile
  • Linux machine with:

    • Docker and Docker Compose installed

    • Root Permissions

If you want to migrate from an existing NGINX Proxy Manager deployment to use this integration with open-appsec, please check out specific the FAQ further below on this page for specific instructions and further information.

To deploy NGINX Proxy Manager with open-appsec integration follow the steps below:

  1. Create a docker-compose.yaml file with the content below, it can be downloaded as follows:


docker-compose.yaml content:

version: '3.3'
# docker compose for nginx proxy manager open-appsec integration
# open-appsec managed and monitored from central web ui (

    container_name: npm-attachment
    image: ''
    ipc: host
    restart: unless-stopped
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

    container_name: appsec-agent
    image: ''
    ipc: host
    restart: unless-stopped
      # adjust with your own email below
      - nginxproxymanager=true
      - ./appsec-config:/etc/cp/conf
      - ./appsec-data:/etc/cp/data
      - ./appsec-logs:/var/log/nano_agent
    command: /cp-nano-agent --token <TOKEN>
  1. Replace the <TOKEN> parameter in the docker-compose.yaml file with the token you copied from the profile in the WebUI before (see Prerequisites section above).

  2. Start the deployment of all relevant containers using docker-compose:

docker-compose up -d
  1. Check if the appsec-npm and the appsec-agent containers are up and running:

docker ps

Congratulations, you successfully deployed NGINX Proxy Manager with open-appsec integration!

For Production usage you might want to switch from using the Basic to the more accurate Advanced Machine Learning model, as described here:

Using the Advanced Machine Learning Model

Now you can login with your web browser to the WebUI of NGINX Proxy Manager with open-appsec integration as follows:

http://[hostname or IP of your host]:81

At first login please use the following default administrator user credentials: E-mail address: Password: changeme

You will then be prompted to provide your own user details and asked to change the password, before being presented with the NGINX Proxy Manager Dashboard view:


To learn how to use NGINX Proxy Manager (NPM) see project documentation: (NPM usage and configuration will not be explained here).

Once you created a new Proxy Host within NGINX Proxy Manager WebUI you can now configure open-appsec protection for it in the open-appsec WebUI (

  1. In the open-appsec Web UI: Navigate to the Agents tab and ensure the new agent is successfully connected.

  2. In the open-appsec Web UI: Create one or more assets defining the specific resources that open-appsec should protect and don't forget to install the policy afterwards. One typical approach would be to create one asset in the open-appsec WebUI per each "Proxy Host" you configured in the NGINX Proxy Manager WebUI. This would allow you to have individual open-appsec security settings per each Proxy Host configured in NPM. All required steps are explained here:

pageProtect Additional Assets

Last updated