Using Portainer To Manage Your Docker Containers Easily

We hope that with all the Docker tutorials and our self-hosting handbook, we hope that many you are practically swimming in Docker containers. Docker makes the task of running a lot of applications on a single VPS a lot easier, but even if you run just a few WordPress blogs, you'll end up with 6, 8, 10, or more containers running concurrently. No matter how intelligent your naming scheme, the sheer volume makes managing them tricky.

Enter Portainer, which bills itself as a lightweight management UI for easier management of a Docker host or Swarm cluster. It's a single container that can run on any Docker host, and helps you manage all of your containers, images, volumes, networks, and more.

In this tutorial, we'll cover the process of installing Portainer, and figure out how to do some basic maintenance.

Prerequisites

• A VPS running any of our OS options
• A working Docker installation—for information about how to install Docker, check out our getting started with Docker tutorial.

Step 1. Installing Portainer

Because Portainer runs inside of a Docker container itself, installation is pretty straightforward. Although you don't have to set up Portainer so that it forces SSL over connections to the web portal, that's the method we're going to cover—simply put, if you're using Portainer to manage production Docker containers, you'll want to ensure that connections are secure. Plus, it's just good practice.

We're also going to set up Portainer so that data can be persisted between reboots.

This is more complex than the baisc installation process docker run -d -p 9000:9000 portainer/portainer, but will be safer and more maintainable.

Creating SSL keys

Before we can move forward, let's create the keys necessary to run Portainer in SSL mode. When you enter the final command, you'll be asked to input some information about how to sign the key, which you can fill out to your discretion.

Note: If you're running Portainer on a production machine, you probably already have (signed) SSL certificates available to use instead of these self-signed ones. Or, if you don't have them already, you can set up something like Certbot. However, for the sake of simplifying this tutorial to accommodate the most installations, we'll just cover self-signed certificates.

$ mkdir local-certs && cd local-certs
$ openssl genrsa -out portainer.key 2048
$ openssl ecparam -genkey -name secp384r1 -out portainer.key
$ openssl req -new -x509 -sha256 -key portainer.key -out portainer.crt -days 3650

Now that we have our SSL keys in hand, we can move forward with the Portainer installation.

Installing Portainer

As previously mentioned, we're going to set up Portainer to use SSL and persist the information, so the command will be significantly more complex than the aforementioned default.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key

Let's break that command down at little bit.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key

This sets up Portainer to listen to traffic on port 443 (the port for SSL), and forwards that traffic to port 9000 within the container.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key

The -v option sets up volumes containing data that's meant to be shared between the host and the container. There are three volumes in question here, the first of which is ~/local-certs, which is where we saved our SSL certificates, and the second of which binds ~/portainer on the host to the /data folder inside the container. The third connects this container to the host's socket.

The values before the colon (:) in the first two volumes can be changed if need be.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key

Finally, this portion of the command tells Portainer where to look for the certificates it needs to enable SSL.

So, once you run this command, Docker will download the Portainer image (unless you happen to have it already), and launch the container.

Step 2. Connecting to the Portainer web interface

We're finally ready to connect to the web interface. To do so, open your favorite browser and navigate to https://YOUR_SERVER_IP/. You'll probably get a warning from your browser about the certificate being insecure because it's not signed by a certificate authority. That's true, but since you're using only using this for administration and not for anyone else accessing thes server, it's safe to move forward—the connection is still encrypted, but only with your self-signed key.

You'll first see a prompt asking you to set an admin password.

After that, you'll see a standard login screen. Your username will be admin, and the password is what you just set.

Finally, you'll be prompted about how you want Portainer to connect to the Docker engine. You want to click the selector next to Manage the Docker instance where Portainer is running, and then hit Connect.

After a moment, you'll be directed to the management interface.

Step 3. Basic container management via Portainer

Much of the Portainer interface is best left to exploration, but let's cover a number of interesting elements and things you might not be aware of straightaway. Starting from the dashboard (below), you can see the status of all of your containers, images, volumes, networks, and more.

Let's quickly walk through the process of creating a new Docker container using the Portainer interface.

First, click on the App Templates link in the navigation, and look for MySQL in the list of templates. Then, give it a logical name and enter a secure root password.

After yours is configured similar, you can go ahead and click "Create." You'll be redirected to the containers status page, where you'll be able to see the MySQL container running. By clicking on the container's name, you can enter its specific administration area, where you can view logs, connect to the container via a console, restart the container, kill it, remove it, and more.

We hope this tutorial has been useful for those who want better container management! If you have questions or ideas for interesting things you can do after being empowered with Portainer, lets us know in the comments.