Secure Reverse Proxies with OpenResty Manager
Self-hosting reverse proxies can spiral into manual certificate renewal, inconsistent ACLs, and fragmented tooling. OpenResty Manager streamlines the workflow with a browser-based control plane for OpenResty that folds in security automation, host access, and container orchestration.
What Is OpenResty Manager?
OpenResty Manager is an open-source control panel that wraps OpenResty nginx builds with guided wizards for certificates, upstreams, and site publishing. It targets operators who want OpenResty Edge-level features without licensing fees: multi-node management, distributed caching, fine-grained access control, and an integrated app marketplace. Everything runs on your infrastructure, so you keep full control of TLS keys, audit logs, and firewall posture while onboarding new services in minutes.
Key Features
- Web interface for provisioning reverse-proxy sites, upstream pools, and CDN caching rules across multiple nodes.
- Built-in security policies covering access control lists, HTTP flood protection, and per-site identity enforcement.
- Automated certificate lifecycle: request, install, and renew Let’s Encrypt or bring-your-own certificates with zero-downtime swaps.
- Host administration toolbox with web terminal, file browser, and Docker Compose powered app store for one-click WordPress or similar stacks.
- Centralized multi-node orchestration so a single control plane can push proxy changes and WAF policies to fleets.
Installation
Install the host edition on a fresh Linux server; be sure ports 80
, 443
, and 34567
are open:
sudo bash -c "$(curl -fsSL https://om.uusec.com/installer.sh)"
Prefer containers? Deploy the packaged Docker stack in minutes:
sudo bash -c "$(curl -fsSL https://om.uusec.com/docker_installer.sh)"
After installation, manage lifecycle tasks with /opt/om/om.sh
to start, stop, update, or remove the stack. Mainland China users should follow the dedicated mirror instructions from the vendor’s Chinese site to avoid geolocation blocks.
Usage
Once online, navigate to https://<server-ip>:34567
and sign in with the default admin
user (#Passw0rd
). From there:
- Issue or import SSL certificates via the Certificates menu to enforce HTTPS everywhere.
- Deploy baseline apps from the Store (for example WordPress) and OpenResty Manager will scaffold Docker Compose services.
- Define upstream pools for those apps, enabling load balancing and health checks.
- Publish reverse-proxy sites by assigning domains and binding them to upstreams and certificates.
- Flip DNS records toward the new proxy and validate latency, caching, and access policies end to end.
Operational Tips
- Harden defaults: Rotate the admin password immediately and connect OpenResty Manager to your organization’s identity provider for RBAC parity.
- Automate change control: Use the multi-node deployment view to stage configuration changes on a canary node before promoting to the fleet.
- Observe traffic: Pair the built-in CDN caching capabilities with your existing metrics stack so you can alert on cache hit ratios, request spikes, and rate-limit decisions.
- Integrate CI/CD: Wrap
/opt/om/om.sh update
in your pipeline to keep the control plane patched alongside system packages.
Conclusion
OpenResty Manager bridges the gap between raw nginx configs and enterprise reverse-proxy governance. By unifying certificate automation, security policies, and app delivery in one console, it helps SRE teams deploy resilient, SSL-first front doors without bespoke scripts. Explore the project on GitHub and decide whether it belongs in your network edge toolkit.
Reduce firefighting with Akmatori, the AI-powered SRE co-pilot that streamlines incident response and keeps on-call calm.
Build on reliable infrastructure with Gcore, offering high-performance virtual machines and bare metal across the globe.