Deploying Portainer with Traefik Labels and Accessing via DNS Entry
Lewin Grunenberg 3 Minuten Lesezeit

Deploying Portainer with Traefik Labels and Accessing via DNS Entry

Learn how to deploy Portainer using Docker Compose and Traefik, and access it via a DNS entry.
portainer traefik docker on-premise self-hosted

Portainer and Traefik - Network Management and Configuration

Introduction: Deploying Portainer with Traefik Labels and Accessing via DNS Entry

In this post, we’ll show you how to deploy Portainer using Docker Compose and Traefik, and access it via a DNS entry like https://portainer.your-domain.org. This configuration allows for easy and secure management of your Docker environment through a user-friendly interface.

Introducing Traefik

Traefik is a dynamic reverse proxy and load balancer specifically designed for microservices and modern cloud-native applications. It enables automatic service discovery and management of SSL/TLS certificates. For more details and a comprehensive tutorial, visit our Traefik Tutorial.

Introducing Portainer

Portainer is a powerful and user-friendly tool for managing Docker environments. With Portainer, you can manage containers, networks, and volumes, create and monitor images, and control the entire Docker infrastructure through an intuitive web interface. It is particularly useful for administrators and developers seeking a centralized management solution for their container environment.

Setting the DNS Entry

Before proceeding with the setup, ensure that the DNS entry for portainer.your-domain.org is correctly set. This entry should point to the IP address of the server where Traefik is running. If you use Cloudflare or another DNS management service, you can add the corresponding entry there.

Introducing Docker and Docker Compose

Docker is a platform that allows applications to run in isolated containers, significantly simplifying their deployment and scaling. Docker Compose is a tool that lets you define and start multi-container applications. It helps manage complex application environments with a few commands.

Presenting Docker Compose for Portainer

Portainer

The Portainer service provides the web interface for managing your Docker environment and is made accessible via Traefik:


services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.your-domain.org`)"  # Replace 'your-domain.org' with your actual domain
      - "traefik.http.routers.portainer.entrypoints=websecure"
      - "traefik.http.routers.portainer.tls.certresolver=lets-encrypt"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=web"
    networks:
      - web

This section defines the Portainer service, which listens on port 9000. The configuration includes security options and specifies the Docker socket for management. The Traefik labels ensure the service is accessible via HTTPS.

Traefik

The Traefik labels are crucial for correctly configuring the service and directing the traffic accordingly:

  • traefik.enable=true: Activates Traefik for this service, allowing Traefik to monitor and forward requests.
  • traefik.http.routers.portainer.rule=Host('portainer.your-domain.org'): Defines the URL mapping condition, specifying that requests to portainer.your-domain.org are forwarded to the Portainer service.
  • traefik.http.routers.portainer.entrypoints=websecure: Instructs Traefik to serve this service via the websecure entry point, used for HTTPS traffic.
  • traefik.http.routers.portainer.tls.certresolver=lets-encrypt: Indicates that Traefik uses Let’s Encrypt to secure HTTPS traffic.
  • traefik.http.services.portainer.loadbalancer.server.port=9000: Specifies the internal port of the Portainer service to which Traefik forwards traffic.
  • traefik.docker.network=web: Specifies the Docker network used by Traefik to manage connections.

Networks

The network settings define the network Traefik uses to connect the services:


networks:
  web:
    external: true  # Uses an external network managed by Traefik

This section defines the network used by Traefik to connect the various services and manage the connections.

Conclusion

With this guide, you can efficiently and securely deploy Portainer with Traefik and Docker. The configuration is flexible and can be easily adapted to individual requirements. For further questions or professional support, visit our Discord Channel. We are happy to assist you in optimally setting up and managing your applications.

Complete Docker Compose

Here is the complete docker-compose.yml file for the Portainer installation:


version: "3.7"

services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.your-domain.org`)"  # Replace 'your-domain.org' with your actual domain
      - "traefik.http.routers.portainer.entrypoints=websecure"
      - "traefik.http.routers.portainer.tls.certresolver=lets-encrypt"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.docker.network=web"
    networks:
      - web

networks:
  web:
    external: true  # Uses an external network managed by Traefik
Vorheriger Post Alle Posts Nächster Post

Ähnliche Artikel