Deploy Portainer behind NGINX Reverse Proxy
Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. You can then run the following:
docker-compose up -dOnce complete, you will able to run docker ps and you will see an output similar to this:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1Once the deployment is complete you can browse portainer.yourdomain.com.
Deploying in a Docker Swarm scenario
Deploying Portainer in Docker Swarm behind NGINX has similar steps to the Docker Standalone scenario.
First, you need to create a few networks. One for the agent and the communication with Portainer Server, and other to "expose" the Portainer container to the same network that the Reverse Proxy.
Before deploying, you need to create 2 elements: Networks and volumes.
- First, create 2 networks for the agent to communicate with Portainer Server and other to "expose" the Portainer container to the same network that as the Reverse Proxy
docker network create -d overlay proxy docker network create -d agent_network- Then create the volume:
docker volume create portainer_data- Save the below recipe as portainer.yml
version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:-
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value.
-
You're now ready to deploy Portainer by executing the following:
docker stack deploy portainer -c portainer.yml- To check the deployment you can run
docker service lsand you will see an output similar to the following:
ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcpOnce the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
Deploying in a Kubernetes scenario
WIP