Richard Applegate

How to set up Portainer with nginx Proxy Manager.

by

Richard Applegate
in

Hi, I am doing this my way because I do see this way successful and Useful for any future app.
You will need to access an ssh server or actual physical Server in person to work on. You will need to log in as sudo. So, I am type (sudo su) on terminal to use root access. I do know what to do with server.

Step 1 – Setting up Docker and Portainer

So first you will have to install Docker and Docker-Compose on your Linux Server first before we start this.

Install Docker Engine on Ubuntu | Docker Documentation

We have to create Portainer on Docker Compose in Terminal instead of Portainer WebGui, since we don’t have one in the active tutorial.

1. Create the folder where you want to save because I am not using Docker Volumes for a reason. I am lack experience with the volumes part. But please bearing with me.

mkdir /mnt/nasdrive/portainer/ && mkdir /mnt/nasdrive/nginx

2. create the network for nginx on terminal ssh.

docker network create nginx

3. go to that folder you created for Portainer and create the file docker-compose.yml

cd /mnt/nasdrive/portainer && touch docker-compose.yml

4. open docker-compose and here is my configure docker-compose.yml

version: '3.3'
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    ports:  #you can remove this
      - 8000:8000
      - 9443:9443
    networks: # you need to add this because so we can add network on this app automatic instead create “Default_Portainer” So add here and add bottom of this docker-compose to make sure this docker-compose is attached to the network we requested. 
      - nginx
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/nasdrive/portainer/data:/data # Where you want to save your data, and this is important to know.
networks:
  nginx:
   external: true

5. start the Portainer now we have sited up running. However, there is no Let’s encrypt on Portainer, and we need to create this to make my site secure and HTTPS with let’s encrypt. I already have and created an account. You will expect to see create account first time. https://yourIP:port

Now, you log in to your account on Portainer to start the creation of docker nginx proxy manager on Portainer.

Step 2 – setting up nginx proxy manager

1. select the Server you want to use, then you should see the option “Stacks” on your front page from Portainer, click that then add stack on the blue button.

2. create the name any you want, it is not necessary require but for me to keep organizing better on my side. So, we created it applegate-nginxproxymanager. And I use these compose docker configure: But We have MariaDB Database separate docker-compose because I want to use one database for all my General apps. If you would like to use MariaDB database, here is a tutorial on how to set up database on Portainer. 

version: '3.8'
services:
  app:
    container_name: nginx
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    networks:
      - nginx
      - mariadb
    ports:
      - target: 443
        published: 443 # Outside port
        mode: host
        protocol: tcp
      - target: 80
        published: 80 # Outside port
        mode: host
        protocol: tcp
      - target: 81
        published: 81
        mode: host
        protocol: tcp 
    environment:
      # Mysql/Maria connection parameters:
      DB_MYSQL_HOST: "mariadb"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "Kt5ultra!!"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'
      TZ: 'America/Los_Angeles'
    volumes:
      - /mnt/nasdrive/nginx/data:/data
      - /mnt/nasdrive/nginx/letsencrypt:/etc/letsencrypt

networks:
  nginx:
    external: true
  mariadb:
    external: true

I already created a MariaDB database and user for nginx proxy manager. So easy with PhpMyAdmin method instead, terminal console. Learn more about set up PhpMyAdmin!

3. start to deployment the stack for nginx!

Now you can open your Docker Nginx Proxy Manager http://yourIP:81

Looks like this, but there is no creation page for users, so there is a default login

Email: admin@example.com Password: changeme
Immediately after logging in with this default user, you will be asked to modify your details and change your password.

After you change the password and Username you set, then now you should see this:

You should be said “0 Proxy Hosts”. I just have many domains here to use all my apps.

Now you can open the Proxy hosts to create certification HTTPS for nginx proxy manger and Portainer.

Nginx Proxy Manager – Nginx Proxy Host Detail

This for Nginx proxy Manager. That form you should fill out. Just a reminder, the Forward hostname/IP can work with docker-compose “container_name: nginx”.
You see docker-compose.yml have container_name: that you create, and container_name needs to be on form where is Forward Hostname/IP. So that way this machine can communicate with container_name to more secure because never know IP changed.
Last, for nginx proxy Manager – Force SSL and HTTP2 and HSTS need to be enabled.
Now, our sites are secure, and you have to remove port 81 on docker-compose to secure our HTTP. We will never expose 80 or 81, but our nginx proxy manager needs port 80 for Let’s Encrypt. So, we leave port for 80 and 443 on our docker-compose.yml.

Portainer – Nginx Proxy Host Detail

Portainer – scheme for HTTPS and port for 9443 and make sure you enable block common exploits and Web sockets support.
Portainer – you will need to enable SSL and HTTP/2 and HSTS.

There will not have to add advanced custom nginx configurations. Then now your Portainer and nginx are secured!

HTTPS on Portainer sites. 🙂

I recommend you all to enable force HTTPS only on private network too. It too good secure. So Portainer itself app will not work with HTTP port anymore.

Portainer ⇾ settings ⇾ scroll down until you see SSL Certificate

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *