How do I install and use Portainer on a Linode?
I want to install Portainer on my Linode in order to manage my Docker deployments, how do I do this?
1 Reply
Portainer Community Edition (Portainer-CE) and NGINX-Proxy-Manager (NPM) are two powerful tools that can be setup together to streamline app deployment. Portainer specifically handles the deployment and configuration of Docker containers, while NGINX-Proxy-Manager can be used to create Reverse Proxies and creating/automatically renewing SSL Certificates within an easy-to-use User Interfaces (UI).
This post will detail the setup and configuration of Portainer, while a companion post will explain how to setup and use NGINX-Proxy-Manager.
1. Basic Setup, Updating, and User Creation:
Although all Linode plan sizes can be used for this stack, your resource needs will ultimately be based on:
How many containers will you deploy?
How resource-intensive is each individual container?
How much traffic will your deployments receive?
While a Nanode or Shared 2GB PU plan may suffice for simple website deployment and management, larger plans may be required for larger deployments. If you begin to run out of resources based on your use of this deployment stack, you can always upgrade to a larger plan as needed.
As always, you should make sure that you have taken all of the necessary steps to setup and secure your Linode, specifically taking note to create a limited user with sudo privileges. Again, this may not be necessary if you are using an existing server or have deployed a Secured Linode, but it can never hurt to double check your system’s security measures. Additionally, many of the upcoming commands/installations require that your system be up-to-date, so start by updating with the command:
sudo apt update && sudo apt upgrade -y
2. Installation and Configuration of Docker:
Portainer relies on Docker to pull, deploy, and manage the containers you use for your workload, so our next step is to install Docker. Docker-Compose is also necessary when deploying Portainer Stacks (versus pulling stand-alone containers), so should be installed now too:
sudo apt install docker-compose -y
Once Docker has been installed, ensure that it is currently running and enable it to automatically start on-boot:
sudo systemctl status docker
sudo systemctl enable docker
The installation guide also recommends adding your limited user to the group “Docker” so that Docker commands can be run by your user *without needing to include ‘sudo’. Add your limited user to the Docker group:
sudo usermod -aG docker $USERNAME
Your current shell session will not recognize this change immediately and may provide permission denied errors when attempting to use Docker without sudo permissions. You should either exit/rejoin the SSH/LISH session or continue to use sudo with subsequent Docker commands until you naturally start a new SSH/LISH session.
Alternatively, you can deploy a new Linode with Docker installed if you use the Docker Marketplace App. Please note that you will still need to install Docker-Compose if you deploy this way.
3. Install Portainer-CE Container, Configure, and Connect:
We're going to create a repo and portainer directory/sub-directory to better organize ourselves for future deployments:
cd ~
mkdir -p repo/portainer
Now that you have Docker running, you need to create or define a volume for persistent configuration storage and create a Docker network for your NGINX-Proxy-Manager environment:
docker volume create $VOLUME
docker network create $NETWORK
I called $VOLUME portainer-data and $NETWORK nginx-proxy-network, but these can essentially be named anything you choose as long as you remain consistent.
3a. Docker Run:
The following command will pull the Portainer container image, attach the volume you created, deploy the container on the new internal network, and open the ports necessary for configuration and container communication:
docker run --network=$NETWORK -d -p 8000:8000 -p 9443:9443 -p 9000:9000 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v $VOLUME:/data portainer/portainer-ce:latest
3b. Docker-Compose Up:
In the spirit of learning how to use/read Docker-Compose manifests, this same Docker run command can be written out as follows:
nano ~/repo/portainer/docker-compose.yml
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: always
ports:
- '9443:9443' #Default HTTPS (self-signed)
- '9000:9000' #Default HTTP, optional
- '8000:8000' #Portainer-Edge-Agent, optional/not necessary
volumes:
- portainer-data:/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- nginx-proxy-network
networks:
nginx-proxy-network:
external: true
volumes:
portainer-data:
external: true
Then, instead of using docker run, launch Portainer with the command:
docker-compose up -d -f ~/repo/portainer/docker-compose.yml
Firewall Considerations:
Portainer-CE will have deployed on your new NGINX-Proxy-Manager network and will be accessible at your IP address on ports 9443 and/or 9000. If you had previously configured UFW or Linode’s Cloud Firewall, be sure to allow connections on ports 9443/9000 and 81 for upcoming configuration.
Once you create your admin login, you will be able to begin running containers and deployment stacks through Portainer. When you login, you can see confirmation that Portainer sees its own attached volume, container image, and active container running.
Our next steps are to install NGINX-Proxy-Manager and begin creating proxies and SSL certs for apps/domains hosted within this Portainer stack. For that, be sure to check out the companion guide: