Portainer Docker Installation

Aus Laub-Home.de Wiki
Zur Navigation springen Zur Suche springen

Portainer ist eine Webapplikation um Docker Container/Images/Volumes und Co zu verwalten. Hier eine kurze Anleitung wie ich es als "tools" Compose Projekt deployt habe:

mkdir /opt/tools
cd /opt/tools

/opt/tools/.env

# Config File for Portainer Application
TZ=Europe/Berlin

/opt/tools/docker-compose.yml

version: '3.7'
services:
  portainer:
      image: portainer/portainer
      environment:
        - TZ=${TZ}
      ports:
        - 127.0.0.1:8082:9000
      volumes:
        - data_portainer:/data
        - /var/run/docker.sock:/var/run/docker.sock
      restart: always
      networks:
        frontend-nw:

networks:
  frontend-nw:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-toolsfe
    #ipam:
     # driver: default
      #config:
       # - subnet: ${IPV4_NETWORK:-172.25.1}.0/24
       # - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f7f::/64}
volumes:
  data_portainer:

hat man beide Dateien angelegt, kann das Projekt deployt werden:

docker-compose up -d

nun sollte auf localhost port 8082 die Webapplikation lauschen und kann nun mit unserem NGINX Reverse Proxy nach außen freigegeben werden. Folgende vhost Konfiguration kann hier zum Einsatz kommen:
/opt/nginxproxy/data/nginx/conf/tools.example.tld.conf

server {
  listen 80;
  listen [::]:80;
  server_name tools.example.tld;

  return 301 https://$host$request_uri;
}
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name tools.example.tld;

  ssl_certificate /etc/letsencrypt/live/tools.example.tld/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/tools.example.tld/privkey.pem;

  include /etc/nginx/conf.d/includes/site-defaults.conf;
  include /etc/nginx/conf.d/includes/cert_bot.conf;
  expires $expires;

  location / {
      proxy_pass http://127.0.0.1:8082/;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /api/websocket/ {
      proxy_pass http://127.0.0.1:8082/api/websocket/;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
  }
  location /api/websocket/exec {
      auth_basic off;
      proxy_pass http://127.0.0.1:8082/api/websocket/exec;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
  }
}

Nicht vergessen die domains.txt zu erweitern und das generate-certs.sh auszuführen.

Möchte man das ganze unter einer Short URL /portainer verfügbar machen, da man eine Domain für mehrere Applikationen nutzt, so kann man dies wie folgt machen:

  location /portainer/ {
      auth_basic off;
      proxy_pass http://127.0.0.1:8082/;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
  location /portainer/api/websocket/ {
      auth_basic off;
      proxy_pass http://127.0.0.1:8082/api/websocket/;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
  }
  location /portainer/api/websocket/exec {
      auth_basic off;
      proxy_pass http://127.0.0.1:8082/api/websocket/exec;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_http_version 1.1;
  }

solltet ihr folgende Fehlermeldung beim starten der Console in Portainer bekommen, so hilft euch oben stehende Konfiguration weiter, damit konnte ich es lösen! NGINX Proxy Fehlermeldung:

"GET /portainer/api/websocket/exec?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTU4MjgyNjgzOH0.Pjx5EzsAJqjr9eBfwd1PFfWNQXxF3muqK2EudfQ4ciM&endpointId=1&id=d44eb7bc32bbcd90e042d8845ba2fcad674acd57e352c8d4074f73bc96fb4468 HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "-"

Safari Entwickler Tools Fehlermeldung:

[Error] WebSocket connection to 'ws://docker.mydomain.com/api/websocket/exec?id=66497ad3afddd527d98c55afdc302047627194fc2f6aae5daf283024f1b80c50' failed: Unexpected response code: 301

Updaten

Zum Updaten des Containers einfach wie gewohnt:

cd /opt/tools/
docker-compose pull
docker-compose restart

oder Automatisch via Watchtower:

Quellen