Portainer is an incredible opensource lightweight management UI which allows you to easily manage your Docker hosts or Swarm clusters.
In this guide, you’ll install Docker and Portainer with HTTPS support.
In my last post about Docker, I tried to give readers a thorough understanding Docker in OpenVZ Containers. The pre-configuration is necessary to use Portainer.
Configure Docker on Linux/CentOS 7: Link to post
Before You Begin
Check local firewall rules to ensure that traffic over the network itself is blocked.
firewall-cmd --list-all
Disable port 80/tcp & dhcpv6-client.
firewall-cmd --zone=public --remove-port=80/tcp
firewall-cmd --zone=public --remove-service=dhcpv6-client
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
Block SSH (optional):
firewall-cmd --zone=public --remove-service=ssh
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
Follow these steps to generate a certificate signing request (CSR):
openssl req -new -newkey rsa:2048 -nodes -keyout portainer.key -out portainer.csr
Once generated, you will need to submit that CSR to your third party provider or CA.
nano portainer.csr
Two files are necessary :
- certificate-from-provider.crt
- portainer.key
Edit the certificate-from-provider.crt with Notepad++ and add the root certificates under each other. All certificates must be merged into one file by editing the files with Notepad++. For ex.:
-----BEGIN CERTIFICATE-----
Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Subordinate
-----END CERTIFICATE-----
Go back to your CentOS 7 terminal and create a folder.
mkdir ~/local-certs
cd ~/local-certs
Copy the portainer.key along with the certificate and paste them in ~/local-certs.
Run Portainer
Open your CentOS 7 terminal and issue the following command:
Note: Replace certificate-from-provider.crt with your certificate name.
docker run -d -p 8443:9000 --name portainer --restart always -v "/var/run/docker.sock:/var/run/docker.sock" -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/certificate-from-provider.crt --sslkey /certs/portainer.key
The command will create the Image & Portainer container.
It's Time To Test!
Open Portainer in your webbrowser: https://IP:8443 or https://portainer.example.com:8443 and create a strong password. Connect Portainer to a 'local' Docker instance.
Mission Complete!