Nginx Proxy Manager, a popular web-based and user-friendly reverse proxy management interface for Nginx, has just released version 2.13.6. Although this is only a patch release to a minor version, it actually delivers some fairly significant improvements.
The most notable change is the addition of TOTP-based two-factor authentication, allowing administrators to protect access to the web interface with time-based one-time passwords, bringing a long-requested security feature to Nginx Proxy Manager.
Certificate management has also been expanded. When creating new certificates, users can now explicitly choose between RSA and ECDSA key types, offering greater flexibility depending on compatibility or performance requirements.
Well this is great. NPM is often the most exposed element of a homelab (even if the management portal itself typically isn’t), it’s a critical security element that an attacker would be able to do all sorts of bad things with access to it.