Portainer
/
portainer-docs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updates

pull/94/head
keverv 2020-09-29 15:07:31 +13:00
parent d5f3a2e10d
commit 579d720b6d
16 changed files with 560 additions and 476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/assets/logo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 6.7 KiB

151
docs/css/extra.css
View File

@ -1,55 +1,130 @@
/** HEADER **/
.md-header {
position: -webkit-sticky;
position: sticky;
top: 0;
right: 0;
left: 0;
z-index: 2;
height: 2.8rem;
color: var(--md-primary-bg-color);
background-color: var(--md-primary-fg-color);
box-shadow: 0 0 0.2rem rgba(0,0,0,0), 0 0.2rem 0.4rem rgba(0,0,0,0);
transition: color 250ms,background-color 250ms;
padding-top: 5px;
}
.md-header-nav__button.md-logo img, .md-header-nav__button.md-logo svg {
display: block;
width: rem;
height: 1.9rem;
fill: currentColor;
margin-top: -8px;
}
.md-header-nav__button.md-logo {
margin: .2rem;
padding: .4rem;
width: 160px;
}
.md-header-nav__topic {
position: absolute;
width: 100%;
transition: transform 400ms cubic-bezier(0.1, 0.7, 0.1, 1),opacity 150ms;
font-size: 1.2em;
font-weight: 700;
}
.md-nav__item {
margin: .6rem 0 ;
border-top: 1px solid darkgray;
padding: 0 .6rem;
/** CONTENT BOX **/
.md-typeset {
font-size: .78rem;
line-height: 1.5;
-webkit-print-color-adjust: exact;
}
.md-typeset h1 {
margin: .5em 0 1.25em;
color: #323c48;
font-weight: 300;
font-size: 2.6em;
line-height: 1.3;
letter-spacing: -0.01em;
}
.md-typeset h2 {
margin: 1.6em 0 .64em;
color: #323c48;
font-weight: 700;
font-size: 1.6em;
line-height: 1.4;
letter-spacing: -0.01em;
}
.md-typeset h3 {
margin: 1.6em 0 .8em;
font-weight: 700;
font-size: 1.25em;
color: #13bef9;
line-height: 1.5;
letter-spacing: -0.01em;
}
/** SIDE BARS **/
.md-typeset h1[id]::after {
display: block;
width: 100% !important;
max-width: 60px;
content: "";
height: 4px;
background: #13bef9;
margin-top: 20px !important;
}
.md-nav__item .md-nav__link--active {
color: white;
background-color: #13BEF9;
border-radius: 15px;
padding: 5px;
background-color: #e86a25;
border-radius: 0px;
padding: .6rem 0 .6rem .6rem;
margin:0;
}
.md-nav__item .md-nav__link--active:hover {
color: black
color: white;
}
.md-nav__item {
margin-bottom: 0.6rem;
border-top: 1px solid darkgray;
padding: 0 .6rem;
}
.md-sidebar
{
padding-top:55px;
.md-nav__item--active {
margin: 0;
border-top: 1px solid darkgray;
padding: 0 0.6rem;
}
[data-md-color-primary=light-blue] {
--md-primary-fg-color: #13BEF9;
--md-primary-fg-color--light: hsla(199, 92%, 56%, 1);
--md-primary-fg-color--dark: hsla(201, 98%, 41%, 1);
--md-primary-bg-color: hsla(0, 0%, 100%, 1);
--md-primary-bg-color--light: hsla(0, 0%, 100%, 0.7);
}
:root
{
--md-accent-fg-color:#E86A25;
}
.md-footer-copyright
{
display:none;
}
.md-nav__link:hover
{
color: white;
background-color: #13bef95c;
border-radius: 15px;
padding-left:5px;
color: #e86a25;
}
.md-nav__item--nested>.md-nav__link
{
margin-bottom: 0.6rem;
}
.md-header-nav__button.md-logo img, .md-header-nav__button.md-logo svg
{
width:100%;
}

157
docs/v2.0/ad/nginx/rp-nginx.md Normal file
View File

@ -0,0 +1,157 @@
# Deploy Portainer behind NGINX Reverse Proxy
### Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
<pre><code>
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. You can then run the following:
<pre><code>$ docker-compose up -d</code></pre>
Once complete, you will able to run <code>$ docker ps</code> and you will see an output similar to this:
<pre><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1</code></pre>
Once the deployment is complete you can browse <code>portainer.yourdomain.com</code>.
### Deploying in a Docker Swarm scenario
Deploying Portainer in Docker Swarm behind NGINX has similar steps to the Docker Standalone scenario.
First, you need to create a few networks. One for the agent and the communication with Portainer Server and other to "expose" the Portainer container to the same network that the Reverse Proxy.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 networks for the agent to communicate with Portainer Server and other to "expose" the Portainer container to the same network that as the Reverse Proxy
<pre><code>$ docker network create -d overlay proxy</code></pre>
<pre><code>$ docker network create -d agent_network</code></pre>
2. Then create the volume:
<pre><code>$ docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:</code></pre>
4. To setup and start working with this recipe, you need to change the VIRTUAL_HOST value.
5. You're now ready to deploy Portainer by executing the following:
<pre><code>$ docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code>$ docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md).

357
docs/v2.0/ad/rp.md
View File

@ -1,357 +0,0 @@
# Deploy Portainer trough a Reverse Proxy
Portainer can be deployed trough a Reverse Proxy.
## Deploy Portainer behind Traefik Proxy
[Traefik Proxy](https://traefik.io/traefik/) is a solution of reverse proxy and load balancing focused in micro services. In this section, you will going to see how to deploy Portainer behind this solution.
### Deploying in a Docker Standalone scenario
To deploy Portainer behind Traefik Proxy in a Docker standalone scenario we going to use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
<pre><code>version: "3.3"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --log.level=ERROR
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
- --certificatesresolvers.leresolver.acme.storage=./acme.json
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls.certresolver=leresolver"
volumes:
portainer_data:</code></pre>
Before to run this file in Docker. You will need to create the <code>acme.json</code> file that where saved the SSL certificates. After the creation, you need to define the path of that file in the following sections of the file:
In the volume and command section of the Traefik Proxy container
<pre><code>- "./acme.json:/acme.json"</code></pre>
<pre><code>- --certificatesresolvers.leresolver.acme.storage=./acme.json</code></pre>
Also, you need to setup your email address for the registration to Let's Encrypt.
<pre><code>- --certificatesresolvers.leresolver.acme.email=your-email</code></pre>
After enter this information. We need to customize some labels in the Traefik container. The following labels need to be modified with the url that you want use to access to Portainer.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this setup, you're ready to deploy Portainer. Execute the following:
<pre><code>docker-compose up -d</code></pre>
And after a moment (Download the images of Traefik and Portainer depends of your Internet speed) you will able to enter to Portainer in the URL you defined earlier. Ex: <code>https://portainer.yourdomain.com</code>
You can get access to this file, directly from [our repository on Github](https://github.com/portainer/portainer-compose/tree/master/traefik).
### Deploying in a Docker Swarm scenario
To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario we going to use a Docker Compose file. In the following recipe you will find the configuration of the Portainer Traefik, and Portainer Server almost ready to deploy in a Docker Swarm scenario.
Before deploy, you need to create a few docker elements. Networks and volumes.
You need to create two overlay networks:
<pre><code>$ docker network create -d overlay agent_network</code></pre>
<pre><code>$ docker network create -d overlay public</code></pre>
Let's create the volume:
<pre><code>$ docker volume create portainer_data</code></pre>
<pre><code>version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:</code></pre>
Before to deploy, you need to customize this labels to match with the URL that you want.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this set up, you're ready to deploy Portainer. Execute the following:
<pre><code>$ docker stack deploy portainer -c portainer.yml</code></pre>
After the deploy, you can run <code>$ docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0
tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp</code></pre>
Once the services are running, you can enter to Portainer directly with the URL specified in the configuration.
### Deploying in a Kubernetes scenario
WIP
## Deploy Portainer behind NGINX Reverse Proxy
### Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we going to use a Docker Compose file. In the
following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
<pre><code>
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. Once it's done. You can run the following:
<pre><code>$ docker-compose up -d</code></pre>
After a few seconds, you will able to run <code>$ docker ps</code> and you will see an output like this:
<pre><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1</code></pre>
After the deploy, you can point your browser to <code>portainer.yourdomain.com0</code>.
### Deploying in a Docker Swarm scenario
Deploy Portainer in Docker Swarm behind NGINX is similar to run in Docker Standalone.
First, you need to create a few networks. One for the agent and the communication with Portainer Server and other to "expose" the Portainer container to the same network that the Reverse Proxy.
<pre><code>$ docker network create -d overlay proxy</code></pre>
<pre><code>$ docker network create -d agent_network</code></pre>
Also, you need create a volume:
<pre><code>$ docker volume create portainer_data</code></pre>
The recipe that you need to deploy is the following:
<pre><code>version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. Once it's done. You can run the following:
<pre><code>$ docker stack deploy portainer -c portainer.yml</code></pre>
After the deploy, you can run <code>$ docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcp</code></pre>
After the deploy, you can point your browser to <code>portainer.yourdomain.com</code>.
### Deploying in a Kubernetes scenario
WIP
## Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md).

206
docs/v2.0/ad/traefik/rp-traefik.md Normal file
View File

@ -0,0 +1,206 @@
# Deploy Portainer behind Traefik Proxy
[Traefik Proxy](https://traefik.io/traefik/) is a reverse proxy and load balancing solution focused on micro services.
### Deploying in a Docker Standalone scenario
To deploy Portainer behind Traefik Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
<pre><code>version: "3.3"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --log.level=ERROR
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
- --certificatesresolvers.leresolver.acme.storage=./acme.json
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls.certresolver=leresolver"
volumes:
portainer_data:</code></pre>
Before you run this file in Docker you will need to create the <code>acme.json</code> file that will store the SSL certificates. Once it has been created you need to define the path of that file in the following sections:
In the volume and command section of the Traefik Proxy container
<pre><code>- "./acme.json:/acme.json"</code></pre>
<pre><code>- --certificatesresolvers.leresolver.acme.storage=./acme.json</code></pre>
You need to setup your email address for the registration with Let's Encrypt.
<pre><code>- --certificatesresolvers.leresolver.acme.email=your-email</code></pre>
Next, need to customize some labels in the Traefik container. The following labels need to be modified with the url that you want use to access Portainer.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this setup, you're ready to deploy Portainer:
<pre><code>docker-compose up -d</code></pre>
After the images have been downloaded and deployed you will able to access Portainer in the URL you defined earlier. Eg: <code>https://portainer.yourdomain.com</code>
This file also exists in [our repository on Github](https://github.com/portainer/portainer-compose/tree/master/traefik).
### Deploying in a Docker Swarm scenario
To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 overlay networks:
<pre><code>$ docker network create -d overlay agent_network</code></pre>
<pre><code>$ docker network create -d overlay public</code></pre>
2. Then create the volume:
<pre><code>$ docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:</code></pre>
4. Before you can deploy, you need to customize this labels to match with the URL that you want.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
5. You're now ready to deploy Portainer by executing the following:
<pre><code>$ docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code>$ docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0
tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md).

13
docs/v2.0/registries/connect.md
View File

@ -1,26 +1,27 @@
# Add / Connect a new registry
Portainer is capable to connect to the main registries. From Portainer you will able to connect to Quay.io, Azure Container Registry, Gitlab Container Registry, and a Custom Registry. In this help article, you will learn how to add a new registry.
Portainer can connect to many of the well known registries including Quay.io, Azure Container Registry, Gitlab Container Registry, and a Custom Registry.
## Adding a new registry
Once you logged into Portainer, do a Click in Registries and then <b>Add Registry</b>.
Click <b>Registries</b> and then <b>Add Registry</b>.
![registries](assets/registry1.png)
The following screen, you can add your credentials details for connecting to Quay.io, Azure and Gitlab. Once the details were entered, click in <b>Add Registry</b>.
Select the desired registry and then add your appropriate credentials details. Once complete click <b>Add Registry</b>.
![registries](assets/registry2.png)
## How to add a Custom Registry
Portainer is able to connect to your own or 3rd party registries. You need to select <b>Custom Registry</b> and enter the details there.
Portainer can connect to custom or 3rd party registries. First select <b>Custom Registry</b> and enter the details there.
The required details are the <b>name</b> of the registry and <b>address</b>, if any authentication is required, you must enable the <b>toggle</b> and add your login details.
The required fields are <b>name</b> of the registry and <b>address</b>, if any authentication is required, you must enable the <b>authentication</b> toggle and add your login details.
![registries](assets/registry3.png)
Once all the details were entered, do a click in <b>Add Registry</b>. If everything goes well you will able to see your custom registry listed.
Once all the details are entered, click <b>Add Registry</b>. If successful you will.
![registries](assets/registry4.png)

50
docs/v2.0/settings/edge.md
View File

@ -6,78 +6,82 @@ Remote devices may be distributed across multiple sites and/or across many diffe
## Enabling Edge Compute Features
To start to use this features, you need to enable from the Portainer Settings.
First you must enable Edge Compute in the Portainer Settings.
Once you logged into Portainer, click in <b>Settings</b> and scroll down to <b>Edge Compute</b> section.
Enable the toogle and click in <b>Save Settings</b>
1. Click <b>Settings</b> and scroll down to <b>Edge Compute</b> section.
2. Enable the toggle and 3. click <b>Save Settings</b>
![edge](assets/edge_1.png)
After that, you will see that a few options appears in the left column.
After that, you will see that a few options appear in the side menu.
![edge](assets/edge_2.png)
Now, let's going to walktrough for that options in the following sections.
## Edge Groups
Edge Groups is a option that enable you to create groups of Edge endpoints based in a manual selection or in a dynamic way trough <b>tags</b>. This feature is very useful when you manage multiple Edge Endpoints in multiple zones.
Edge Groups allows you to create groups of Edge endpoints based on a manual selection or synamically through <b>tags</b>. This feature is very useful when you manage multiple Edge Endpoints in multiple zones.
To create a group, go to <b>Edge Groups</b> and then a clic in <b>Add Edge Group</b>.
To create a group, 1. go to <b>Edge Groups</b> and then 2. click <b>Add Edge Group</b>.
![edge](assets/edge_3.png)
Name the group and pick if you want to make a <b>Static</b> group type selecting Edge endpoints manually or choose Dynamic that automatically associate endpoints to that group trough determined tags.
1. Enter a <b>Name</b> and then 2. select either <b>Static</b> or <b>Dynamic</b>.
If you choose <b>Static</b>. Select the Endpoints you want to add to that group and do a click in <b>Add edge group</b>.
### Static
3. Select the Endpoints you want to add to that group 4. These should then appear in the table on the right and finally 5. Click <b>Add edge group</b>
![edge](assets/edge_4.png)
If you choose <b>Dynamic</b> you can choose two options to match via <b>Tags</b> your Edge endpoints.
### Dynamic
3. If you choose <b>Dynamic</b> you must choose between two options to match via <b>Tags</b> your Edge endpoints:
* Partial Match: Associate any endpoint matching at least one of the selected tags. (Each endpoint can have multiple tags).
* Full Match: Associate any endpoint matching all of the selected tags.
Type the tag and endpoints with that tag will appear in the screen. After that do a click in <b>Add edge group</b>
4. Type the tag and endpoints with that tag will appear in the screen. Finally, click <b>Add edge group</b>
![edge](assets/edge_5.png)
## Edge Stacks
This feature is very powerful because can help you to deploy multiple applications to a multiple endpoints from a single screen and multiple sources.
This feature allows the deployment of multiple application to multiple endpoints from a single screen and multiple sources.
To start using it. Click in <b>Edge Stacks</b> and then in <b>Add stack</b>.
1. Select <b>Edge Stacks</b> and then 2. Click <b>Add stack</b>.
![edge](assets/edge_6.png)
The following step is name your stack and select an or several <b>Edge Groups</b>.
Next 1. <b>Name</b> your stack and 2. select one or more <b>Edge Groups</b>.
In the <b>Build Methond</b> you need to define how to deploy your app. Several options are available:
3. In the <b>Build Methond</b> you need to define how to deploy your app from one of these options:
* Web Editor: You can use our web editor to write or paste a docker-compose file.
* Upload: Upload a docker-compose.yml file from your computer
* Repository: Use a git repository where the compose file is.
* Template: Use an Edge stack template.
Once this set, do a click in <b>Deploy stack</b>
4. Once complete, click <b>Deploy stack</b>
![edge](assets/edge_7.png)
## Edge Jobs
This feature is useful to define task to run of multiple Edge endpoints, fox example, backup.
This feature is useful to define a task to run on multiple Edge endpoints, for example, backup.
Go to <b>Edge Jobs</b>, name your job and choose between the following two options:
Go to <b>Edge Jobs</b>.
Then 1. Name your job and 2. Choose between the following two options:
* Basic Configuration: Select a date from a calendar
* Advanced Configuration: Write your own cron rule.
Select if this job is a recurring one and select the job time.
3. Select if this job is a recurring job and enter the job time.
After that you can use our web editor to write or paste your script directly or upload from your computer.
You can then use the web editor to write or paste the script.
After that selecte in what endpoints you need to run this job and clic in <b>Create edge job</b>
4. Select the target endpoints
5. To create and run the job click <b>Create edge job</b>
![edge](assets/edge_8.png)

16
docs/v2.0/settings/security.md
View File

@ -1,25 +1,23 @@
# Security Options
Portainer is capable to manage some options to help you to make your environment more secure. In this help article, we going to review the security options that you can find in <b>Settings</b>.
Portainer allows various configuration options to add secuirty to your environment. In this help article, we going to review the security options that you can find under <b>Settings</b>.
## Docker Endpoint Security Options
Since this section, you can set the following settings:
![security](assets/security1.png)
* <b>Disable bind mounts for non-administrators</b>: This security setting has been around for a while, and blocks the ability for non-admin users within Portainer to use bind mounts when creating containers and/or services/stacks. When this is enabled, the option to attach to a host file system path is removed.
* <b>Disable bind mounts for non-administrators</b>: This security setting blocks the ability for non-admin users within Portainer to use bind mounts when creating containers and/or services/stacks. When this is enabled, the option to attach to a host file system path is removed.
* <b>Disable privileged mode for non-administrators</b>: This security setting has been around for a while, and blocks the ability for non-admin users within Portainer to elevate the privilege of a container to bypass SELinux/AppArmour. When this is enabled, the option to select "Privileged" mode when creating a container is removed.
* <b>Disable privileged mode for non-administrators</b>: This security setting blocks the ability for non-admin users within Portainer to elevate the privilege of a container to bypass SELinux/AppArmour. When this is enabled, the option to select "Privileged" mode when creating a container is removed.
* <b>Disable the use of host PID 1 for non-administrators</b>: This is a NEW feature, and blocks the ability for non-admin users within Portainer to request that a deployed container operates AS the host PID. This is a security risk if used by a non-trustworthy authorized user as when they operate as PID1, they are in effect able to run any command in the container console as root on the host.
* <b>Disable the use of host PID 1 for non-administrators</b>: This blocks the ability for non-admin users within Portainer to request that a deployed container operates AS the host PID. This is a security risk if used by a non-trustworthy authorized user as when they operate as PID1, they are in effect able to run any command in the container console as root on the host.
* <b>Disable the use of Stacks for non-administrators</b>: This is a NEW feature, and is a "sledgehammer" method to remove any possibility for non-admin users within Portainer to find and use weaknesses in the Docker architecture. Whilst Portainer have provided the ability to disable some of the more common exploits, we cannot possibly block them all as there are any number of capabilities that could be added to a container to attempt to gain access to the host. This feature simply allows an admin to disable all possible entry-points.
* <b>Disable the use of Stacks for non-administrators</b>: This is a "sledgehammer" method to remove any possibility for non-admin users within Portainer to find and use weaknesses in the Docker architecture. Whilst Portainer have provided the ability to disable some of the more common exploits, we cannot possibly block them all as there are any number of capabilities that could be added to a container to attempt to gain access to the host. This feature simply allows an admin to disable all possible entry-points.
* <b>Disable device mappings for non-administrators</b>: This is a NEW feature, and blocks the ability for users to map host devices into containers. Whilst the ability to map devices is generally used for good (eg mapping a GPU into a container), it can equally be used by non-trustworthy authorized users to map a physical storage device into a container. It is possible to mount /dev/sda1 into a container, and then from a console of that container, the user would have complete access to the sda1 device without restriction. By enabling this feature, Portainer blocks the ability for non-admins to map ANY devices into containers.
* <b>Disable device mappings for non-administrators</b>: This blocks the ability for users to map host devices into containers. Whilst the ability to map devices is generally used for good (eg mapping a GPU into a container), it can equally be used by non-trustworthy authorized users to map a physical storage device into a container. It is possible to mount /dev/sda1 into a container, and then from a console of that container, the user would have complete access to the sda1 device without restriction. By enabling this feature, Portainer blocks the ability for non-admins to map ANY devices into containers.
* <b>Disable container capabilities for non-administrators</b>: Enabling the setting will hide the container capabilities tab for non-administrators when they are creating a container.
![security](assets/security1.png)
## Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md).

24
docs/v2.0/troubleshooting/troubleshooting.md
View File

@ -2,25 +2,31 @@
If you are still experiencing issues after reading this FAQ, feel free to contact us via any one of the following channels:
Email: [info@portainer.io](mailto:info@portainer.io)
[Slack](https://portainer.slack.com/join/shared_invite/enQtNDk3ODQ5MjI2MjI4LTcwNGYxMWQ5OGViYWZkNDY2ZjY4YTMwMTgzYmU4YmNiOTU0MDcxYmJjNTIyYmQ0MTM5Y2QwNTg3NzNkMTk5MDg#/)
[Twitter](https://twitter.com/portainerio)
[GitHub](https://github.com/portainer)
[The Portainer Website](https://www.portainer.io)
* [Slack](https://portainer.slack.com/join/shared_invite/enQtNDk3ODQ5MjI2MjI4LTcwNGYxMWQ5OGViYWZkNDY2ZjY4YTMwMTgzYmU4YmNiOTU0MDcxYmJjNTIyYmQ0MTM5Y2QwNTg3NzNkMTk5MDg#/) for community support
* [GitHub](https://github.com/portainer) to log an issue if you've found a bug
* [Youtube] (https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg) for guided tutorials and updates
* [Portainer.io](https://www.portainer.io) or the contact us tool at the bottom right of screen
* email [support@portainer.io](mailto:support@portainer.io)
## How do I reset my Portainer password?
You can however ask another Portainer admin to reset the password for you, or alternatively if it is for the default admin account (from when Portainer was initialized), you can try our [password reset helper tool](https://github.com/portainer/helper-reset-password).
You can ask another Portainer admin to reset the password for you, or alternatively if it is for the default admin account (from when Portainer was initialized), you can try our [password reset helper tool](https://github.com/portainer/helper-reset-password).
There is an open feature request to bring this functionality inside Portainer, which can be tracked on our [GitHub repository here](https://github.com/portainer/portainer/issues/512).
## Why is my version number not matching the latest version?
## Why does my version number not match the latest version?
If you have recently updated your version of Portainer, this is an indication that your browser is holding onto the previous version number of Portainer in its cache. To properly clear your cache, you will need to go into the browser settings and empty the cache.
If you have recently updated your version of Portainer, this usually indicates your browser has cached the page. To properly clear your cache, you will need to go into the browser settings and empty the cache.
Note: You can use Ctrl + shift + R on most browsers to load the specific page without cache, however you will need to repeat this on each page of Portainer to load the changes.
## Users have access to an endpoint, but they cannot see anything. Why?
Please also check you have pulled from the latest repo url.
## Users have access to an endpoint, but they cannot see anything.
By default all resources inside an endpoint are assigned to administrator only for security reasons. To give non-admin users access you can use the access control widget within each resource to assign users ownership, or you can make the resource public to give all users access.

6
docs/v2.0/users/create-team.md
View File

@ -4,15 +4,15 @@ The Team Management feature means that you can now assign users into teams, auth
## Creating a Team
To create a team in Portainer, you need to click in <b>Users</b> and then click in <b>Teams</b>.
To create a team in Portainer, select <b>Users</b>.
![team](assets/team1.png)
Type the name of Team and do a click in <b>Create Team</b>.
Then 1. select <b>Teams</b> 2.Type the name of Team and 3. click <b>Create Team</b>.
![team](assets/team2.webp)
List all the teams created.
All teams created are listed
![team](assets/team3.png)

12
docs/v2.0/users/promoting.md
View File

@ -1,21 +1,19 @@
# How to promote a regular user to administrator
In this help article, you going to see, how to promote a regular user in the administrator of Portainer.
## Promoting a User to Administrator
Go and click in <b>Users</b> and choose what user you want to promote.
First click <b>Users</b> and select the user you want to promote.
![promote](assets/promote1.png)
Enable the toggle <b>Administrator</b> in the following image and click in <b>Save</b>.
Enable the toggle <b>Administrator</b> in the next screen and click <b>Save</b>.
![promote](assets/promote2.png)
If everything goes well, you must see a confirmation pop up and also the user listed as Admnistrator.
Confirmation appears at the top right of screen.
![promote](assets/promote3.png)
The user list now shows the selected user with the administrator role.
![promote](assets/promote4.png)
#Notes

8
docs/v2.0/users/reset-admin.md
View File

@ -1,12 +1,12 @@
# Reset password for the Admin user
Yep, we know, life can be challenging because you forgot or lost your Admin password to access to Portainer. In this help article, you will learn how to do a password reset to the Admin user of Portainer.
It can happen to anyone, admin passwords get forgoteen and lost all the time. If this ever happens to your Portainer admin, you can follow these steps to reset it.
## Resetting Admin password in Portainer running as container
Reset the password for the Admin user can be accomplished using our reset [password container helper](https://github.com/portainer/helper-reset-password).
First, we need to stop our Portainer container. We can do this running:
First, stop the Portainer container by running:
<pre><code>$ docker stop "id-portainer-container"</code></pre>
@ -14,7 +14,7 @@ Run the helper with the following command. Be advised that you need to mount the
<pre><code>$ docker run --rm -v portainer_data:/data portainer/helper-reset-password</code></pre>
If everything works as expected, you will see an output like this:
If successful, your output should look like this:
<pre><code>2020/06/04 00:13:58 Password successfully updated for user: admin
2020/06/04 00:13:58 Use the following password to login: &_4#\3^5V8vLTd)E"NWiJBs26G*9HPl1</code></pre>
@ -33,7 +33,7 @@ Run the helper using the same bind-mount/volume for the data volume:
<pre><code>docker run --rm -v portainer_portainer_data:/data portainer/helper-reset-password</code></pre>
If everything works as expected, you will see an output like this:
If successful, your output should look like this:
<pre><code>2020/06/04 00:13:58 Password successfully updated for user: admin
2020/06/04 00:13:58 Use the following password to login: &_4#\3^5V8vLTd)E"NWiJBs26G*9HPl1</code></pre>

11
docs/v2.0/users/reset-user.md
View File

@ -1,19 +1,14 @@
# How to change/reset user password
In this help article, you will learn how to change/reset a user password.
## Resetting / Changing User Password
Once you logged in Portainer, you need to do click in <b>Users</b> and then, click in the User that you want to reset their password.
Select <b>Users</b> and then select the User who's password you would like to reset.
![reset-user](assets/user-reset1.png)
Set the new password (a strong one)
Set the new password (a strong one) and click <b>update password</b>.
You will see confirmation at the top right of screen if successful.
![reset-user](assets/user-reset3.png)
If everything goes well, you will set a confirmation pop up.
# Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md).

10
docs/v2.0/users/user-team.md
View File

@ -1,18 +1,14 @@
# Add a user to a team
In this help article, you will learn how to add a user to a team.
## Adding a User to a Team
The first step is to do a click in <b>Users</b> settings, do a click in <b>Teams</b> and choose the team that you want to add users.
First select <b>Users</b> under <b>settings</b>, then select <b>Teams</b> and choose the team that you want to add users to.
![user-team](assets/userteam1.png)
Click in <b>Add</b> to add that user to the team.
Click <b>Add</b> next to the user you want to add to the team.
![user-team](assets/userteam2.png)
It's done. The user is part of the team. You can confirm seeing in the list of Team Members.
You should now see the user under team members
# Notes

2
docs/v2.0/volumes/create.md
View File

@ -1,6 +1,6 @@
# How to create a new volume
Volumes are used to make persistent storage and you will able to manage them from Portainer. Note: Create a standalone volume is supported in a Docker Swarm and Docker Standalone endpoints.
Volumes are used to make persistent storage that you can manage from Portainer. Note: Create a standalone volume is supported in a Docker Swarm and Docker Standalone endpoints.
In this help article, you will learn how to add/create a new volume.

13
mkdocs.yml
View File

@ -1,4 +1,4 @@
site_name: Portainer Documentation
site_name: Documentation
nav:
- Home: index.md
- Portainer CE 2.0 Admin Guide:
@ -39,10 +39,12 @@ nav:
- 'Edge Computing' : 'v2.0/settings/edge.md'
- 'App Templates' : 'v2.0/settings/apps.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies' : 'v2.0/ad/rp.md'
- Portainer Deployment Troubleshooting : 'v2.0/troubleshooting/troubleshooting.md'
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0/ad/nginx/rp-nginx.md'
- FAQs : 'v2.0/troubleshooting/troubleshooting.md'
- Deprecated and removed features : 'v2.0/troubleshooting/deprecated.md'
- Portainer CE 2.0 User Guide (WIP):
- Portainer CE 2.0 User Guide:
- Managing Containers:
- 'Create new container' : 'v2.0/containers/create.md'
- Managing Services:
@ -56,11 +58,14 @@ nav:
- 'Browse a volume' : 'v2.0/volumes/browse.md'
- 'Create a volume' : 'v2.0/volumes/create.md'
- 'Attach existent volume' : 'v2.0/volumes/attaching.md'
- FAQs : 'v2.0/troubleshooting/troubleshooting.md'
extra_css:
- css/extra.css
extra_javascript:
- js/extrajs.js
theme:
font:
text: raleway
features:
- instant
logo: assets/logo.png