Skip to content

Instantly share code, notes, and snippets.

@andresjesse
Last active May 21, 2024 14:41
Show Gist options
  • Save andresjesse/e7c0478e0813bbc95e7952638613df57 to your computer and use it in GitHub Desktop.
Save andresjesse/e7c0478e0813bbc95e7952638613df57 to your computer and use it in GitHub Desktop.
Portainer on CapRover OneClick Apps

Important: for docker 24+ use latest portainer image (2.20.3+)

To connect shell into containers, portainer nginx config must be updated on location block:

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

Full nginx config:

<%
if (s.forceSsl) {
%>
    server {

        listen       80;

        server_name  <%-s.publicDomain%>;

        # Used by Lets Encrypt
        location /.well-known/acme-challenge/ {
            root <%-s.staticWebRoot%>;
        }

        # Used by CapRover for health check
        location /.well-known/captain-identifier {
            root <%-s.staticWebRoot%>;
        }

        location / {
            return 302 https://$http_host$request_uri;
        }
    }
<%
}
%>


server {

    <%
    if (!s.forceSsl) {
    %>
        listen       80;
    <%
    }
    if (s.hasSsl) {
    %>
        listen              443 ssl http2;
        ssl_certificate     <%-s.crtPath%>;
        ssl_certificate_key <%-s.keyPath%>;
    <%
    }
    %>

        client_max_body_size 500m;

        server_name  <%-s.publicDomain%>;

        # 127.0.0.11 is DNS set up by Docker, see:
        # https://docs.docker.com/engine/userguide/networking/configure-dns/
        # https://github.com/moby/moby/issues/20026
        resolver 127.0.0.11 valid=10s;
        # IMPORTANT!! If you are here from an old thread to set a custom port, you do not need to modify this port manually here!!
        # Simply change the Container HTTP Port from the dashboard HTTP panel
        set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;

        location / {

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

	<%
	if (s.redirectToPath) {
	%>
	    return 302 <%-s.redirectToPath%>;
	<%
	} else {
	%>

		    <%
		    if (s.httpBasicAuthPath) {
		    %>
			    auth_basic           "Restricted Access";
			    auth_basic_user_file <%-s.httpBasicAuthPath%>; 
		    <%
		    }
		    %>

			    proxy_pass $upstream;
			    proxy_set_header Host $host;
			    proxy_set_header X-Real-IP $remote_addr;
			    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			    proxy_set_header X-Forwarded-Proto $scheme;

		    <%
		    if (s.websocketSupport) {
		    %>
			    proxy_set_header Upgrade $http_upgrade;
			    proxy_set_header Connection "upgrade";
			    proxy_http_version 1.1;
		    <%
		    }
		    %>
    
    
	<%
	}
	%>
	
        }

        # Used by Lets Encrypt
        location /.well-known/acme-challenge/ {
            root <%-s.staticWebRoot%>;
        }
        
        # Used by CapRover for health check
        location /.well-known/captain-identifier {
            root <%-s.staticWebRoot%>;
        }

        error_page 502 /captain_502_custom_error_page.html;
        location = /captain_502_custom_error_page.html {
                root <%-s.customErrorPagesDirectory%>;
                internal;
        }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment