I’m running into a similiar issue trying to get this set-up in nginx proxy manager.
My docker compose file below:
docker-compose.yml
services:
penpot-frontend:
container_name: penpot-app
image: "penpotapp/frontend:${PENPOT_VERSION:-latest}"
volumes:
- design_assets:/opt/data/assets
depends_on:
- penpot-backend
- penpot-exporter
networks:
- penpot-net
- nginx-proxy-manager
environment:
PENPOT_FLAGS: enable-prepl-server disable-email-verification disable-secure-session-cookies disable-csrf
PENPOT_HTTP_SERVER_MAX_BODY_SIZE: 31457280
PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE: 367001600
PENPOT_PUBLIC_URI: https://domain.com
PENPOT_BACKEND_URI: http://penpot-backend:6060
PENPOT_EXPORTER_URI: http://penpot-exporter:6061
PENPOT_HTTP_INSECURE: true
restart: always
penpot-backend:
image: "penpotapp/backend:${PENPOT_VERSION:-latest}"
container_name: penpot-backend
volumes:
- design_assets:/opt/data/assets
depends_on:
penpot-postgres:
condition: service_healthy
penpot-valkey:
condition: service_healthy
networks:
- penpot-net
environment:
PENPOT_FLAGS: enable-prepl-server disable-email-verification disable-secure-session-cookies disable-csrf
PENPOT_PUBLIC_URI: https://domain.com
PENPOT_HTTP_SERVER_MAX_BODY_SIZE: 31457280
PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE: 367001600
PENPOT_SECRET_KEY: <redacted>
PENPOT_DATABASE_URI: postgresql://penpot-postgres/penpot
PENPOT_DATABASE_USERNAME: penpot
PENPOT_DATABASE_PASSWORD: <redacted>
PENPOT_REDIS_URI: redis://penpot-valkey/0
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
PENPOT_TELEMETRY_ENABLED: true
PENPOT_TELEMETRY_REFERER: compose
PENPOT_HTTP_INSECURE: true
restart: always
penpot-exporter:
image: "penpotapp/exporter:${PENPOT_VERSION:-latest}"
container_name: penpot-exporter
depends_on:
penpot-valkey:
condition: service_healthy
networks:
- penpot-net
environment:
PENPOT_PUBLIC_URI: https://domain.com
PENPOT_REDIS_URI: redis://penpot-valkey/0
restart: always
penpot-postgres:
image: postgres:15
restart: always
stop_signal: SIGINT
healthcheck:
test: ["CMD-SHELL", "pg_isready -U penpot"]
interval: 2s
timeout: 10s
retries: 5
start_period: 2s
volumes:
- design_db:/var/lib/postgresql/data
networks:
- penpot-net
environment:
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_DB=penpot
- POSTGRES_USER=penpot
- POSTGRES_PASSWORD=<redacted
penpot-valkey:
image: valkey/valkey:8.1
container_name: penpot-valkey
restart: always
healthcheck:
test: ["CMD-SHELL", "valkey-cli ping | grep PONG"]
interval: 1s
timeout: 3s
retries: 5
start_period: 3s
networks:
- penpot-net
volumes:
design_assets:
design_db:
networks:
penpot-net:
driver: bridge
name: penpot-net
nginx-proxy-manager:
external: true
Proxy Host config in Nginx Proxy Manager:
In NPM Proxy Host → Details:
Setting |
Value |
Domain Names |
domain.com |
Scheme |
http |
Forward Hostname/IP |
penpot-app |
Forward Port |
8080 |
Block Common Exploits |
checked |
Websockets Support |
checked |
In Custom locations:
No Changes
In SSL:
- Valid cert (via Let’s Encrypt)
- Force SSL

- HTTP/2

In Advanced → Custom Nginx Cinfiguration:
client_max_body_size 31457280;
With this set-up I can reach pentpot at https://domain.com
but anything that tries to reach the api fails, i.e creating new user, trying to login. Main page does not redirect to login page instead I get:
I have to manually go to
https://domain.com/#/auth/login
login with manually created user from cli fails
Contents from report.txt:
Hint: repository request error
Prof ID: --
Team ID: --
Data:
{:type :internal,
:hint "repository request error",
:headers
{"content-length" "54958",
"content-type" "text/html",
"date" "Mon, 14 Jul 2025 09:17:50 GMT",
"etag" "\"66c44d65-d6ae\"",
"server" "openresty"},
:status 401,
:code :repository-access-error,
:uri "https://domain/api/rpc/command/get-teams",
:data "(...)"}
Trace:
Error: repository request error
at new PENPOT.eh (https://domain/js/shared.accd5226d-1752136353.js:306:97)
at PENPOT.fh (https://domain/js/shared.accd5226d-1752136353.js:306:419)
at PENPOT.gh (https://domain/js/shared.accd5226d-1752136353.js:306:372)
at PENPOT.z_a (https://domain/js/shared.accd5226d-1752136353.js:1496:461)
at https://domain/js/shared.accd5226d-1752136353.js:1254:242
at _ (https://domain/js/libs.js?ts=1752136907700:757:16436)
at e.f [as _nextOverride] (https://domain/js/libs.js?ts=1752136907700:757:16386)
at e.htr [as _next] (https://domain/js/libs.js?ts=1752136907700:757:1873)
at e.next (https://domain/js/libs.js?ts=1752136907700:757:1370)
at e.next [as _nextOverride] (https://domain/js/libs.js?ts=1752136907700:757:13985)
at e.htr [as _next] (https://domain/js/libs.js?ts=1752136907700:757:1873)
at e.next (https://domain.com/js/libs.js?ts=1752136907700:757:1370)
at e.next [as _nextOverride] (https://domain.com/js/libs.js?ts=1752136907700:757:13985)
at e.htr [as _next] (https://domain.com/js/libs.js?ts=1752136907700:757:1873)
at e.next (https://domain.com/js/libs.js?ts=1752136907700:757:1370)
at https://domain.com/js/libs.js?ts=1752136907700:757:4469
Last events:
[":app.plugins/initialize"
":app.main.data.profile/fetch-profile"
":app.main.data.profile/refresh-profile"
":app.main/initialize"
":app.main.data.profile/profile-fetched"
":app.main.router/initialize-router"
":app.main.router/initialize-history"
":app.main.ui.routes/init-routes"
":app.main.data.event/event"
":app.main.router/navigated"]
Trying to reach https://domain.com/api/rpc/command/get-teams
gives 401: Unauthorized
Adding external port to my docker-compose.yml file allows me to:
ports:
- 9999:8080
- Reach penpot at
http://ip-address:9999
(Also forwarding to login page works).
- Reach api at
http://ip-address:9999/api/rpc/command/get-teams
- Login at
http://ip-address:9999/#/auth/login
I’ve tried copying some common template nginx configs into Nginx Proxy Manager without luck. Hopefully someone has an example out there I can use as a reference?