Nginx Proxy Manager VS acme-dns

Compare Nginx Proxy Manager vs acme-dns and see what are their differences.

Nginx Proxy Manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface (by NginxProxyManager)

acme-dns

Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. (by joohoi)
Our great sponsors
  • OPS - Build and Run Open Source Unikernels
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
Nginx Proxy Manager acme-dns
230 17
5,601 1,281
14.2% -
9.2 0.0
7 days ago 10 days ago
JavaScript Go
MIT License MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Nginx Proxy Manager

Posts with mentions or reviews of Nginx Proxy Manager. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-11.

acme-dns

Posts with mentions or reviews of acme-dns. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-11-23.
  • My ISP blocks port 80?
    3 projects | reddit.com/r/homelab | 23 Nov 2021
    I also have domains on google domains and I use https://github.com/joohoi/acme-dns api to renew all the certificates using the api including wildcard certificates. Just register a new account at https://auth.acme-dns.io/register and start using DNS api. https://github.com/acme-dns/acme-dns-client
  • SSL Certificate for Homelab use
    2 projects | reddit.com/r/homelab | 15 Nov 2021
    I use https://github.com/joohoi/acme-dns and my domain provider does not have an API either. use acme.sh script and use the acme-dns api to get the certificate. Once you get a certificate download the ~/.acme.sh/account.conf file and re-use it on all the new servers you create. All you have to do is point your _acme-challenge subdomain CNAME record to the one you get from the API.
  • Strategies for reliable automatic renewals with minimal disruption
    1 project | reddit.com/r/letsencrypt | 23 Oct 2021
    Not necessarily; LE follows CNAMEs, so you can use it with a DNS server without scriptable record creation capability. Just add a CNAME that points to a service such as https://github.com/joohoi/acme-dns
  • Let's Encrypt for internal sites/apps
    5 projects | reddit.com/r/sysadmin | 4 Oct 2021
    I have done it with https://github.com/joohoi/acme-dns It's a DNS server you deploy just for the DNS challenge. The doc is good, does take some time getting your head around how it's work but once set it's easy.
  • LetsEncrypt-compatible dynamic DNS provider?
    1 project | reddit.com/r/homelab | 3 Sep 2021
    If you use a ddns client to create a record for you and keep it updated you can use https://github.com/joohoi/acme-dns (hosted locally) for the txt records that let us encrypt needs. Only part that is a pain is each sub domain you do needs a manual cname record pointing to the acme-dns one.
  • Let's Encrypt ACME DNS alias mode
    5 projects | news.ycombinator.com | 21 Aug 2021
    Yes. You can have a CNAME _acme-challenge.example.com point to _acme-challenge.example.ORG or a sub-domain like _acme-challenge.DNSAUTH.example.com.

    At work we use the sub-domain method and just have a small non-HA VM with some scripts that allow ACME clients to update particular TXT records. Each ACME client is given an individual key and allowed to only update a particular record.

    Folks have specifically written DNS servers to do just this:

    * https://github.com/joohoi/acme-dns

    However we used BIND with some custom scripting.

    5 projects | news.ycombinator.com | 21 Aug 2021
    You can use sub-domains as well: _acme-challenge.example.com -> _acme-challenge.DNSAUTH.example.com, _acme-challenge.foo.example.com -> _acme-challenge.foo.dnsauth.example.com.

    You can then have a small VM handle answering DNS queries just for dnsauth.example.com. Folks have written servers to do just this:

    * https://github.com/joohoi/acme-dns

  • Another free CA as an alternative to Let's Encrypt
    15 projects | news.ycombinator.com | 20 Aug 2021
    > If you want to use the www auth you need to allow outbound connections to any IP

    Only for the time period when you're requesting the cert though: it does not have to be open to the entire Internet 24/7. While this not satisfy your personal / particular level of security concern, it is something. Using the dehydrated client as an example, the web server could be started and stopped (or the host's firewall rules altered) in the startup_hook() / exit_hook() functions, or the deploy_challenge() / clean_challenge() functions:

    * https://github.com/dehydrated-io/dehydrated/blob/master/docs...

    > otherwise you have the DNS option which means giving the server access to modify the DNS records which is also unsafe should the box get compromised.

    Are you aware of LE/ACME's "DNS alias" mode?

    * https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...

    * https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...

    Let us say you with to get a cert for foo.example.com. Letting an ACME client change the value of that could be a risk as you state. So what you can do is create a CNAME _acme-challenge.foo.example.com, and point that elsewhere, like _acme-challenge.foo.dnsauth.example.com. You then allow the ACME client to alter (just) the TXT records of _acme-challenge.foo.dnsauth.

    People have ever written simple DNS server that allow for updating of records via a RESTful API, so you can server just the (e.g.) dnsauth sub-domain from it:

    * https://github.com/joohoi/acme-dns

    There's also a CLI utility that can handle access the APIs of several dozen DNS companies so you don't have to roll your own:

    * https://github.com/AnalogJ/lexicon

    15 projects | news.ycombinator.com | 20 Aug 2021
    I'm doing the same for my personal/home lab stuff. I've been using https://github.com/joohoi/acme-dns for the dns server running on a small vps for all my internal certificates and I haven't had any issues with it.
  • Announce: easy setup of a modern XMPP server
    7 projects | reddit.com/r/selfhosted | 9 May 2021
    Yeah, I'm planning to add support for DNS challenges. But rather than depending on the user using a supported DNS provider, instead I'm planning to bundle acme-dns. That should be a much simpler setup... the only downside is that it only works if nothing else is also using DNS challenges for that domain. But I think that's a safe bet for most deployments.

What are some alternatives?

When comparing Nginx Proxy Manager and acme-dns you can also consider the following projects:

traefik - The Cloud Native Application Proxy

docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.

docker-pi-hole - Pi-hole in a docker container

caddy-docker - Source for the official Caddy v2 Docker Image

bunkerized-nginx - 🛡️ Make your web services secure by default !

homer - A very simple static homepage for your server.

authelia - The Single Sign-On Multi-Factor portal for web apps

Bitwarden - The core infrastructure backend (API, database, Docker, etc).

Squid - Squid Web Proxy Cache

Redbird - A modern reverse proxy for node

acme.sh - A pure Unix shell script implementing ACME client protocol

filemanager - 📂 Web File Browser