Contents
- Install docker
- Deploy Portainer
- Nginx Proxy Manager configuration
- Adding a bit of security
- Conclusion
- Set up Docker's apt repository.
sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
- Install Docker packages
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- Manage Docker as a non-root user
We create docker
group and add current user to this group. Execute this command as not root
user!
sudo groupadd docker
sudo usermod -aG docker $USER
Running Docker daemon as a non-root user (Rootless mode) (documentation) can be tricky to overcome some limitations for new users and as we are going to use Portainer to manage our Docker installation it needs the root priviledges anyway.
- Versions for Portainer and Docker
I have tested on docker24.0.7
and it also works.
Portainer Version | Release Date | Docker Version |
---|---|---|
Community 2.19.1 | September 20, 2023 | 23.0.6 24.0.4 |
Community 2.19.0 | August 31, 2023 | 23.0.6 24.0.4 |
Community 2.18.4 | July 7, 2023 | 23.0.6 24.0.4 |
Community 2.18.3 | May 22, 2023 | 20.10.9 20.10.13 20.10.17 |
... | ... | ... |
-
Persistent storage
The installation process provides a basic storage configuration for your platform. -
Default Ports
Server:
9443
/tcp - UI and API
8000
/tcp - tunnel for Edge agents (optional, use only for Edge computing with Edge agents)
Agent:
9001
/tcp - must be accessible on the Agent from the Portainer Server instance
In our installation we will not use Agents or Edge computing so only
9443
TCP port can be open
Aside from official documentation which leads us to run
docker commands directly in terminal which could be fine for testing purposes I prefer to create docker-compose.yaml
file directly.
Also there is a common best-practice to pin specific versions of docker images so you have control over changes. From Docker Hub resource the strict tag has been picked - linux-arm64-2.19.1
for this time.
You can pick other tag as well.
Copy and paste the commands below into your terminal.
mkdir -v ~/portainer && \
cd ~/portainer && \
docker network create cont_network
cat > docker-compose.yaml << "EOF"
version: '3.8'
services:
portainer:
image: 'portainer/portainer-ce:linux-arm64-2.19.1'
restart: unless-stopped
container_name: portainer
ports:
- "9443:9443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
- cont_network
networks:
cont_network:
external: true
volumes:
portainer_data:
EOF
docker compose up -d
We created network cont_network
and specified it in docker-compose.yaml
file. We will specify this network while building other containers so they can communicate via service names. The volume portainer_data
will be created and can be found on /var/lib/docker/volumes/
path by default.
Check your servers firewall (Oracle's network Security groups) for allowing
9443
/tcp port for inbound connection.
Open the link https://<your_server_ip>:9443
, default username is admin, set your new password.
By default portainer will discover local
environment so no additional configuration needed.
- Select it. (your
local
environment) - From left-menu select
Stacks
- Press
+ Add stack
- Give it a name, for example -
npm-uptime-kuma
This field must consist of lower case alphanumeric characters, '' or '-' (e.g. 'my-name', or 'abc-123')._
- Paste in Web editor field the following
version: '3.8'
services:
npm:
image: 'jc21/nginx-proxy-manager:2.10.4'
container_name: npm
restart: unless-stopped
ports:
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
# Uncomment the next line if you uncomment anything in the section
environment:
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
DISABLE_IPV6: 'true'
healthcheck:
test: ["CMD", "/bin/check-health"]
interval: 10s
timeout: 3s
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
- cont_network
uptime-kuma:
image: 'louislam/uptime-kuma:1.23.3'
container_name: uptime-kuma
restart: unless-stopped
ports:
- "3001:3001"
volumes:
- ./uptime-kuma:/app/data
networks:
- cont_network
networks:
cont_network:
external: true
Here we specified cont_network
again so all three containers are in the same network and they can communicate with each other by service names.
From this point it is good time to make sure/to set up your DNS records to your server.
Check your servers firewall (Oracle's network Security groups) for allowing
81
/tcp port for inbound connection.
Open the link http://<your_server_ip>:81
Defauld credentials are:
Email: admin@example.com
Password: changeme
Change them immediately after successful login.
You can skip the next Proxy Host if you don't want the Nginx Proxy Manager administration page to be publicly available.
Navigate to Hosts/Proxy Hosts
, press Add Proxy Host
button.
- In
Domain Names
set your domain name for Nginx Proxy Manager administration page (the one you are in at this moment). For examplenpm.example.com
Scheme
-http
Forward Hostname / IP
-localhost
Forward Port
-81
- Set all checkboxes
- Navigate to
SSL
at the top of this pop-up window SSL Certificate
-Request a new SSL Certificate
- Set all checkboxes but NOT
Use a DNS Challange
! - Press
Save
Replace
example.com
with your domain name!
It will take a little time and if your DNS records are correct and firewall allow connections to 80 port on the server, you should get your first certificate.
After successful certificate issue recheck if all necessary checkboxes are present on SSL
submenu again.
You may find
Test Server Reachability
button and it could return error but no worries, the proxy works fine.
Navigate to Hosts/Proxy Hosts
, press Add Proxy Host
button.
- In
Domain Names
set your domain name for Uptime-Kuma page. For exampleuptime-kuma.example.com
Scheme
-http
Forward Hostname / IP
-uptime-kuma
Forward Port
-3001
- Set all checkboxes
- Navigate to
SSL
at the top of this pop-up window SSL Certificate
-Request a new SSL Certificate
- Set all checkboxes but NOT
Use a DNS Challange
! - Press
Save
Replace
example.com
with your domain name!
Navigate to Hosts/Proxy Hosts
, press Add Proxy Host
button.
- In
Domain Names
set your domain name for Portainer page. For exampleportainer.example.com
Scheme
-https
Forward Hostname / IP
-portainer
Forward Port
-9443
- Set all checkboxes
- Navigate to
SSL
at the top of this pop-up window SSL Certificate
-Request a new SSL Certificate
- Set all checkboxes but NOT
Use a DNS Challange
! - Press
Save
Replace
example.com
with your domain name!
Navigate to Settings
> press on three dots > press Edit
Select other radio-box than Congratulations Page
. Personally I picked No Responce (444)
If proxying with SSL works fine you can remove port forwarding to containers so all will be managed through NPM with SSL.
Comment ports
directive in docker-compose.yaml
file:
cd ~/portainer && \
sed -i '/ports:/,+1 s/^/#/' docker-compose.yaml
docker compose up -d
sed -i
- command will edit in-place thedocker-compose.yaml
file by adding#
to the needed lines.
Docker compose will reconfigure container without destroying data.
In Portainer GUI navigate to Stacks, click on npm-uptime-kuma and click on Editor.
Here we want to comment line 10
with - '81:81' # Admin Web Port
for npm:
...
ports:
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
# - '81:81' # Admin Web Port
...
and 36,37
lines with ports:
and - "3001:3001"
for uptime-kuma
...
restart: unless-stopped
# ports:
# - "3001:3001"
volumes:
...
to comment means to put
#
at the beginning of the line.
Press Update the stack button below the Edit window and your containers should be reconfigured.
Don't forget to adjust Oracle's security list to delete these ports.
We've set up Portainer to streamline the management of our Docker environment. All our containers are now on a shared Docker network. If you wish to integrate additional containers with Nginx Proxy Manager, ensure they are added to this shared network as detailed earlier. Once everything is in place, you can visit https://uptime-kuma.example.com (as an example) and tailor its configuration to your requirements.