How to install Portainer on CentOS 7 (HTTPS)

Portainer is an incredible opensource lightweight management UI which allows you to easily manage your Docker hosts or Swarm clusters.

In this guide, you’ll install Docker and Portainer with HTTPS support.

In my last post about Docker, I tried to give readers a thorough understanding Docker in OpenVZ Containers. The pre-configuration is necessary to use Portainer.

Configure Docker on Linux/CentOS 7: Link to post

Before You Begin

Check local firewall rules to ensure that traffic over the network itself is blocked.

firewall-cmd --list-all

Disable port 80/tcp & dhcpv6-client.

firewall-cmd --zone=public --remove-port=80/tcp
firewall-cmd --zone=public --remove-service=dhcpv6-client
firewall-cmd --runtime-to-permanent 
firewall-cmd --reload 

Block SSH (optional):

firewall-cmd --zone=public --remove-service=ssh
firewall-cmd --runtime-to-permanent 
firewall-cmd --reload 

Follow these steps to generate a certificate signing request (CSR):

openssl req -new -newkey rsa:2048 -nodes -keyout portainer.key -out portainer.csr

Once generated, you will need to submit that CSR to your third party provider or CA.

nano portainer.csr

Two files are necessary :
- certificate-from-provider.crt
- portainer.key

Edit the certificate-from-provider.crt with Notepad++ and add the root certificates under each other. All certificates must be merged into one file by editing the files with Notepad++. For ex.:

-----BEGIN CERTIFICATE-----
        Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
           Root
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
        Subordinate
-----END CERTIFICATE-----

Go back to your CentOS 7 terminal and create a folder.

mkdir ~/local-certs
cd ~/local-certs

Copy the portainer.key along with the certificate and paste them in ~/local-certs.

Run Portainer

Open your CentOS 7 terminal and issue the following command:
Note: Replace certificate-from-provider.crt with your certificate name.

docker run -d -p 8443:9000 --name portainer --restart always -v "/var/run/docker.sock:/var/run/docker.sock" -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/certificate-from-provider.crt --sslkey /certs/portainer.key

The command will create the Image & Portainer container.

It's Time To Test!

Open Portainer in your webbrowser: https://IP:8443 or https://portainer.example.com:8443 and create a strong password. Connect Portainer to a 'local' Docker instance.

Mission Complete!

Leave a Reply

Your email address will not be published. Required fields are marked *