Free Docker Course: Portainer, Nginx Proxy Manager, Lets Encrypt SSL
TABLE OF CONTENTS 1. Introduction to Portainer and Docker Compose 2. Installing Portainer Using Docker Compose Step 1: Docker Installation Step 2: Creating Docker-Compose.yml file Step 3: Run the Docker-Compose.yml file to install portainer Step 4: Using the Portainer web GUI to Manager Docker Step 5: Understanding Portainer for docker management 3. Portainer Docker-Compose.yml Explained a) The “version” in Docker Compose file. b) Docker Compose Services i) Portainer Image ii) Container name iii) Portainer Ports . Portainer Port 9443 . Portainer Port 8000 . Using Port 9443 for Security iv) Portainer Volumes . The Data Volume . Host path volume v) Portainer Networks 4: Volumes in Docker Compose file 5. Networks in Docker Docker Compose file
The process of installing Portainer through Docker Compose is relatively simple. However, it cannot be assumed that everyone is well-versed in this field. Therefore, it is essential to introduce the fundamental concepts of Docker, Docker Compose, and Portainer. These tools play a crucial role in software containerization.
Introduction to Portainer and Docker Compose
Docker, Docker Compose, and Portainer are important tools for software containerization. Docker offers the foundational infrastructure, while Docker Compose provides the necessary building blocks. Portainer simplifies Docker management and makes it easier to work with.
As a software developer, you are always looking for ways to improve your workflow and streamline your processes. With the introduction of container technology, you can now create isolated containers for each component of your application, making it easier to manage and maintain the code.
Portainer is a powerful tool for managing your Docker containers. Having portainer is like having a personal assistant for your containers! And what’s best is that setting up Portainer is easy and straightforward.
Installing Portainer Using Docker Compose
Step 1: Check if you have docker Installed
To check if you have docker, type the command.
You get this response if docker is not installed
In this case, you’ll need to ensure you have Docker installed on your system. If you’re running most versions of Linux such as Ubuntu or Debian, you can install Docker by running the following command in your terminal:
sudo apt install docker.io
Step 2: Create a file named Docker-Compose.yml
This step involves creating a new file named ‘docker-compose.yml’ in your preferred directory. After you have created the file, copy the following code and paste it to the docker-compose file.
Portainer Docker Compose.yml File Format
version: "3" services: portainer: image: portainer/portainer-ce:latest container_name: portainer command: --H unix:///var/run/docker.sock ports: - 8000:8000 - 9443:9443 volumes: - portainer_data:/data - /var/run/docker.sock:/var/run/docker.sock networks: - default: ipv4_address: 172.20.0.11 restart: unless-stopped volumes: portainer_data: networks: default: name: portainer_default driver: bridge ipam: config: - subnet: 172.20.0.0/16 ip_range: 172.20.0.1/24 gateway: 172.20.0.1
The code is explained here.
Step 3: Run the Docker-Compose File .
Once you’ve created the ‘docker-compose.yml‘ file, open your terminal and navigate to the directory where the file is located, and run the command :
docker-compose up -d
This will start Portainer in detached mode.
Step 4: Using the Portainer web GUI to Manager Docker
After running the docker-compose file, you can access Portainer’s web interface by visiting the URL below in your web browser. You won’t be able to access portainer on HTTPS URL until you have configured SSL or TLS correctly.
And that’s it! You’ve successfully set up Portainer using a Docker-Compose.yml file. All you need is to configure SSL certificates to be able to access Portainer. If you are not sure how to do this, watch this free course on Software Containerization using Docker and Portainer.
Step 5: Why use Portainer for docker management?
With Portainer, you’ll be able to easily manage your Docker containers, including starting, stopping, and restarting them. You can also view logs and statistics, create and manage networks and volumes, and even create and deploy new containers with just a few clicks. It’s a simple, yet powerful tool that can help you take control of your containers, making it a valuable addition to your professional toolkit.
Portainer Docker-Compose.yml Explained
The Portainer Docker-compose file above has four sections explained below:
1. The “version” Section of the Docker Compose file.
This services line specifies the version of the docker-compose file format being used. In this case, version: “3” indicates that the file is using version 3 of the Docker Compose file format.
Docker Compose version 3 introduces several new features and improvements such as support for version 3 of the Docker Engine API, the ability to define networks and volumes outside of services, and the ability to deploy services to a swarm. It also includes a few changes like the removal of the links option for services, and the depends_on option has been removed and replaced with the deploy option.
2. The “Services” Section of the Docker Compose file
This section defines the services that will be created and run when the docker-compose file is executed.
portainer: image: portainer/portainer-ce:latest container_name: portainer command: --H unix:///var/run/docker.sock
The Image to be used
Let’s start with portainer which is the name of the service used to create a container from the portainer/portainer-ce:latest image. The latest version of portainer/portainer-ce will be downloaded from the docker hub if it is not already available in the local machine. The image will be put in a container named: portainer: which will be created on the fly.
The Container name
The name “portainer” is important because it will be used to reference the container in other parts of the docker-compose file or in docker commands. Finally, the command: –H unix:///var/run/docker.sock, specifies the command that will be run when the container starts. The -H option specifies the hostname or IP address and port number of the Docker daemon. Then we have the ports as shown in the code below:
Portainer Port Numbers
ports: - 8000:8000 - 9443:9443
This section maps the container’s internal ports to ports on the host machine. In this case, ports 8000 and 9443 in the container are mapped to ports 8000 and 9443 on the host machine, respectively.
Portainer Port 9443
In this specific configuration, Portainer ports 8000 and 9443 are being exposed by the container running the Portainer service. Port 9443 is the default port for accessing the Portainer Web UI, which provides a web-based interface for managing and monitoring Docker containers, images, networks, and volumes. This port is typically used to access Portainer in a web browser.
Portainer Port 8000
Portainer’s Port 8000 is the default port for accessing the Portainer API, which allows for programmatic access to the Portainer functionality. This can be used for automating tasks or integrating Portainer with other tools and systems. This port is used for communication between client apps and the server. Both ports are exposed on the host machine, allowing them to be accessed from outside the container. This means that you can access the Portainer Web UI and API by visiting https://host_ip:9443 and via an edge agent through port 8000.
Using Port 9443 for Security
Port 9443 is typically used for HTTPS traffic, which is a secure version of HTTP. This means that any communication to and from port 9443 is encrypted using SSL or TLS, providing an additional layer of security. By default, when you access the Portainer web UI via port 9443, you will be using a secure connection (HTTPS) instead of an insecure one (HTTP). This is a best practice for security reasons, as it prevents sensitive information such as login credentials and other sensitive data from being intercepted and read by malicious actors.
So, when you access Portainer on port 9443, the communication between your browser and the Portainer service is encrypted, providing an additional layer of security.
Then we have volumes as shown in the code below:
volumes: - portainer_data:/data - /var/run/docker.sock:/var/run/docker.sock
The volumes field in the docker-compose.yml file is used to configure data volumes for the container.
The Data Volume
In this case, the code is mounting two volumes to the container: portainer_data: This is a named volume that is created and managed by Docker Compose. Named volumes are a feature of Docker Compose that allows you to manage data volumes separately from the containers that use them. In this case, the portainer_data volume is created and attached to the container and will be used to store data for the Portainer service.
The host path volume
/var/run/docker.sock: is a host path, which is the location of the Docker socket on the host machine. The Docker socket provides access to the Docker daemon, which is the background service that manages containers, images, networks, and volumes. By mounting the Docker socket from the host machine to the container, the Portainer service is able to interact with the Docker daemon running on the host. It can therefore manage and monitor containers, images, networks, and volumes on the host.
Portainer Default Network
networks: - default: ipv4_address: 172.20.0.11
This section specifies the network(s) to which the container will be connected. In this case, the container is connected to a network named default, and it has a static IP address of 172.20.0.11.
When a container is connected to a network, it can communicate with other containers on the same network and also with the host machine. The network is created by the user and it is an external network, which means it is created outside of the docker-compose file.
The static IP (172.20.0.11) address means that the IP address is assigned to the container and will not change, even if the container is recreated or moved to a different host. This allows you to configure the container with a known IP address, which can be useful for things like service discovery, load balancing, and firewall configuration. The IP address 172.20.0.11 is in the range of private IP addresses. It is not accessible from the Internet, but it can be used for communication between the containers and the host machine.
Then we have the restart: unless-stopped: line which specifies the restart policy for the container. In this case, it specifies that the container should be restarted unless it is manually stopped.
3. The “Volumes” Section of the Docker Compose file
The volumes field at the bottom of the docker-compose.yml file is used to define named volumes that are used by the container. In this case, it defines a volume named portainer_data. Named volumes are a feature of Docker Compose that allows you to manage data volumes separately from the containers that use them.
When a named volume is defined in the volumes field, it is created by Docker Compose and can be referenced by containers throughout the docker-compose.yml file. In this case, the portainer_data volume is used in the services section, to mount a volume to the container. This volume is used to store data for the Portainer service.
It is important to note that the portainer_data volume is different from the /var/run/docker.sock volume. The latter volume is used to give the Portainer service access to the Docker daemon running on the host machine, while the first volume is used to store the data for the Portainer service.
4. The “networks” Section of the Docker Compose file
networks: default: name: portainer_default driver: bridge ipam: config: - subnet: 172.20.0.0/16 ip_range: 172.20.0.1/24 gateway: 172.20.0.1
The networks of the docker-compose.yml file specify the network(s) that will be created or connected to. In this case, it creates a new network named portainer_default and connects the Portainer container to it.
portainer_default: line specifies the name of the network, it is used to reference the network in other parts of the docker-compose file or in docker commands.
driver: bridge: line specifies the network driver that will be used for the network. In this case, it is using the default bridge driver, which creates a private bridge network for the containers.
spam: line section configures the IP Address Management (IPAM) for the network to allow specification of a static IP address for the container.
config:: line specifies the IP range and default gateway for the network, allowing to specify the IP address for the container. The last three lines specify the gateway, the range of valid IP addresses, and the subnet to which the IP addresses belong.
Software Containerization with Docker and Portainer (Free Course)
This is a free introductory course that guides you through the process of installing Portainer, configuring a Reverse Proxy using Nginx Proxy Manager, deploying a WordPress website, establishing a MySQL database, obtaining a Let’s Encrypt SSL certificate, and configuring a custom domain. This course provides a comprehensive introduction to these tools to help new users navigate the setup process with ease. Start your Docker journey with Portainer today and experience the power of simplified container management! Learn More