Install Portainer
Time Required
30 Minutes
Difficulty
Moderate
Configuration suggestion
I would suggest configuring a main Portainer with Edge agents and putting no or minimal containers on the main Portainer instance.
This config requires minimum;
One Portainer instance (VM or Bare Metal)
One Portainer Edge Agent (VM or Bare Metal)
The advantages of a set up like this are;
Portainer Edge can browse Docker Volumes. The main Portainer installation cannot browse volumes, thus you cannot download, edit and upload config files from the browser
Reduced security risk if the public facing instance is breaked
Segregation
A VM for test
a VM for prod external services (eg Minecraft server, website)
a VM for prod internal only services (eg DNS, PXE)
Install Portainer
SSH into your Docker host and run the below command to login as root.
Provide your password when prompted
Copy paste the below commands to install Docker (assumes Ubuntu)
Run the below command to install Portainer
I would suggest installing Portainer using this command (rather than the one provided by Portainer themselves) as it adds a WatchTower label to enable auto-updates, which we will set up later in this doco\
Run the below command and confirm you see that the Portainer container is running
Configure Portainer
Now that Portainer is installed, we can behind configuring it
Account Creation
Browse to https://YOURSERVERIP:9443
Create your credentials, I would suggest following this guide
(Optional) Install Portainer Edge Agents
On the left hand pane, click on Environments
On the far right, click on 'Add environment'
Select 'Docker Standalone' and click on 'Start Wizard'
Click on 'Edge Agent Standard'
Give the instance a name, such as the host name for the server / machine
The Portainer API server URL should be something like:
If possible, use your servers DNS alias here to make your network more resilient to IP address changes
Click on Create
Scroll down and locate the 'Docker Standalone' install script and copy this to notepad
Ensure the last line is '
portainer/agent:latest
' and not versioned (eg agent:10.1)Replace the the 'docker run' line with the below. This will allow WatchTower to automatically update the Edge Agent
SSH into your server that will have the Edge Agent installed and log in as the Root account with the below command
Copy paste the below commands to install Docker (assumes Ubuntu)
Install the Edge Agent by copy pasting the text copied and altered in step 5
Wait for the container to download and launch
Click on 'Home' and confirm all your agent's show a green Heartbeat
Repeat step 3 for any other Edge Agent's you're configuring
Create Tags & Groups
On the left hand panel, click on Environments
Click on Tags
Create any relevant tags, such as 'Test' or 'Production'
On the left, click on Groups
Click on Add Group
Provide a name, eg 'Test' or 'Production'
Provide a description, eg 'Test servers'
Click on tags and select the relevant tag
Click on 'Create group'
Repeat step 5 for any other groups
Apply Tags
On the left hand menu, click on Home
Click on the pen icon next to your first Portainer instance
under Metadata
Under Group, select the relevant group (eg 'test')
Under Tags, select the relevant tag/s (eg 'test', 'linux')
Click on Update environment
Repeat for each Portainer instance
Enable Edge Compute
On the left hand panel, click on Settings
Click on 'Edge Compute'
tick 'Enable Edge Compute features'
Set up the WatchTower Edge stack
On the left, click on 'Edge Stacks' and click on 'Create'
Name your stage 'WatchTower'
Click on Edge Groups and select all your groups
In the web editor, provide the below compose file and hit deploy
Click on 'WatchTower' and you will be shown the same screen as step 1. You can make any adjustments to the stack here, such as removing groups or editing the compose file
Click on the Environments tab. This will show any server the stack has been deployed too and their state. The stack will be deloyed to any devices in the groups chosen in step 1.2
This stack will enable auto-updates for anything with the com.centurylinklabs.watchtower.enable=true
label
Please note: This is NOT a recommended solution for updating containers. This guide will only assist you with updating Portainer, as it is potentially a public facing resource and needs to be patched. The WatchTower auto update may (and probably will) break Portainer at some stage. Keep backups.
Last updated