Skip to content

Portainer

Portainer is a Docker frontend providing easy-to-use container management via the web browser.

Installation

The relevant installation steps comprise setting environment variables in a .env file. Thus, you need to create a hidden file with the name .env (including the '.') containing the following environment variable:

ADMIN_PASSWD
# optional, only if you want to access Portainer from the internet
PORTAINER_DOMAIN

This environment variable contains the logon password for logging into Portainer. Additionally, the docker-compose file configures a volume for the Portainer data. This content is kept even when throwing away the Docker image. The path on the host system is

/var/docker/portainer

Configuration

The docker-compose file defines the Portainer application and connects it to the corresponding network configuration.

Application

The Portainer application configuration is pretty straightforward as it:

  • defines the docker image to be downloaded from docker hub
  • provides a name for our service (for easier recognition of the container and navigation e.g. in Portainer)
  • creates a volume to map the Portainer content into the container keeping its content also when throwing away the Docker image
  • sets the admin password corresponding to the .env file as mentioned above
---
version: '3.3'

services:
  portainer:
    image: portainer/portainer
    container_name: portainer
    ports:
      - "9000:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/docker/portainer:/data
    command: --admin-password="${ADMIN_PASSWD}"
    restart: always

# Comment in, if you wanna proxy portainer via traefik
# (.env file with PORTAINER_DOMAIN as environment variable required)

#    labels:
#      - "traefik.enable=true"
#      - "traefik.http.routers.portainer.entrypoints=web-secure"
#      - "traefik.http.routers.portainer.rule=Host(`${PORTAINER_DOMAIN}`)"
#      - "traefik.http.routers.portainer.tls=true"
#      - "traefik.http.routers.portainer.tls.certresolver=default"

If you want to make Portainer accessible via the internet (without e.g. a VPN connection), then we need to do a proper Traefik configuration done via labels. First, we enable Traefik to act as a proxy for this respective service by setting the label traefik.enable to true.

Then we define the web-secure entrypoint for encrypted traffic (there is no need to do that for the unencrypted web entrypoint on port 80, since our Traefik configuration catches and redirects all unencrypted traffic to web-secure on port 443).

Most important is the router configuration which domains Traefik shall route to the container for Piwigo to serve the content: here all requests directed to the domain as configured in the environment variable PORTAINER_DOMAIN (e.g. portainer.example.org).

The encryption via Let's Encrypt is enabled via the corresponding labels with the default resolver. This is being handled via Traefik as defined in the configuration of the Traefik container (via ACME).

Network

Last, but not least, we refer to the existing external networks... they need to exist as outlined here.

networks:
  traefik_proxy:
    external:
      name: traefik_proxy
  backend:
    external:
      name: backend