# Nginx Proxy Manager Configuration Notes

## Architecture Overview

```
Internet → Nginx Proxy Manager (Docker/Host) → Native Nginx → PHP-FPM → Laravel
                    ↓
              SSL Termination
              (Let's Encrypt)
```

## Nginx Proxy Manager Setup

### Option 1: NPM on Same Server
If running NPM on the same Ubuntu 24.04 server:

1. **NPM listens on ports 80/443** (public)
2. **Native Nginx listens on port 8080** (internal only)
3. NPM forwards traffic to `localhost:8080`

Modify `laravel-site.conf`:
```nginx
server {
    listen 127.0.0.1:8080;  # Only accept local connections
    ...
}
```

### Option 2: NPM on Separate Server
If running NPM on a separate server:

1. Configure firewall to allow NPM server IP
2. NPM forwards to `http://your-laravel-server-ip:80`

## NPM Proxy Host Configuration

In Nginx Proxy Manager web UI:

1. **Domain Names**: your-domain.com
2. **Scheme**: http
3. **Forward Hostname/IP**: 127.0.0.1 (or server IP)
4. **Forward Port**: 8080 (or 80)
5. **Enable**: Block Common Exploits
6. **SSL Tab**: 
   - Request new SSL Certificate
   - Force SSL
   - HTTP/2 Support

## Custom NPM Configuration

Add to "Advanced" tab if needed:

```nginx
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;

# WebSocket support (if using Laravel Echo/Reverb)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
```

## Laravel Trusted Proxies

Update `app/Http/Middleware/TrustProxies.php` or configure in Laravel 11+:

```php
// In bootstrap/app.php or config
->withMiddleware(function (Middleware $middleware) {
    $middleware->trustProxies(at: '*');
})
```

Or set in `.env`:
```
TRUSTED_PROXIES=*
```