├── .env.sample ├── .github └── README.md ├── .gitignore ├── LICENSE ├── docker-compose-with-password.yml ├── docker-compose.yml ├── start.sh └── stop.sh /.env.sample: -------------------------------------------------------------------------------- 1 | # 2 | # docker-portainer-letsencrypt 3 | # 4 | # Portainer configured to work along with our Web Proxy 5 | # https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 6 | # 7 | # This is the .env file to set up your portainer enviornment 8 | 9 | # 10 | # Container name for your Portainer 11 | # 12 | CONTAINER_NAME=portainer 13 | 14 | # 15 | # Path where your Portainer files will be located 16 | # 17 | PORTAINER_DATA_PATH=/path/to/your/portainer/data 18 | 19 | # 20 | # Password for Admin user 21 | # 22 | ADMIN_PASSWORD=your_admin_password 23 | 24 | # 25 | # Your domain (or domains) 26 | # 27 | DOMAINS=portainer.domain.com,portainer2.domain.com 28 | 29 | # 30 | # Port for portainer 31 | # 32 | PORT=9000 33 | 34 | # 35 | # Main domain for SSL certificate 36 | # 37 | MAIN_DOMAIN=portainer.domain.com 38 | 39 | # 40 | # Your email for Let's Encrypt register 41 | # 42 | LETSENCRYPT_EMAIL=your_email@domain.com 43 | 44 | # 45 | # Path to the certificates 46 | # If you use our webproxy should be: 47 | # /home/user/webproxy/data/certs 48 | PORTAINER_SSL_PATH=/path/to/your/certs 49 | 50 | # 51 | # SSL Certificates previously generated 52 | # You may use below webproxy to generate your ssl certificate 53 | #(https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion) 54 | # 55 | PORTAINER_SSL_CERTIFICATE=/certs/$MAIN_DOMAIN.crt 56 | PORTAINER_SSL_KEY=/certs/$MAIN_DOMAIN.key 57 | 58 | # 59 | # Network name 60 | # 61 | # Your container app must use a network conencted to your webproxy 62 | # https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 63 | # 64 | NETWORK=webproxy 65 | 66 | #-- 67 | 68 | -------------------------------------------------------------------------------- /.github/README.md: -------------------------------------------------------------------------------- 1 | # Docker Portainer running with auto generate/renew Let's Encrypt Certificate 2 | 3 | With this repo you will be able to set up the fantastic [Portainer](https://portainer.io) as a container over SSL auto generated and auto renewed by our Web Proxy. 4 | 5 | ![Portainer Environment](https://github.com/evertramos/images/blob/master/portainer.jpg) 6 | 7 | # Prerequisites 8 | 9 | In order to use this compose file (docker-compose.yml) you must have: 10 | 11 | 1. docker [https://docs.docker.com/engine/installation/](https://docs.docker.com/engine/installation/) 12 | 2. docker-compose [https://docs.docker.com/compose/install/](https://docs.docker.com/compose/install/) 13 | 3. docker-compose-letsencrypt-nginx-proxy-companion [https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion](https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion) 14 | 15 | # How to use 16 | 17 | 1. Clone this repository: 18 | 19 | ```bash 20 | git clone https://github.com/evertramos/docker-portainer-letsencrypt.git 21 | ``` 22 | 23 | 2. Make a copy of our .env.sample and rename it to .env: 24 | 25 | Update this file with your preferences. 26 | 27 | ```bash 28 | # 29 | # docker-portainer-letsencrypt 30 | # 31 | # Portainer configured to work along with our Web Proxy 32 | # https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 33 | # 34 | # This is the .env file to set up your portainer environment 35 | 36 | # 37 | # Container name for your Portainer 38 | # 39 | CONTAINER_NAME=portainer 40 | 41 | # 42 | # Path where your Portainer files will be located 43 | # 44 | PORTAINER_DATA_PATH=/path/to/your/portainer/data 45 | 46 | # 47 | # Password for Admin user 48 | # 49 | ADMIN_PASSWORD=your_admin_password 50 | 51 | # 52 | # Your domain (or domains) 53 | # 54 | DOMAINS=domain.com,www.domain.com,portainer.domain.com 55 | 56 | # 57 | # Main domain for SSL certificate 58 | # 59 | MAIN_DOMAIN=portainer.domain.com 60 | 61 | # 62 | # Your email for Let's Encrypt register 63 | # 64 | LETSENCRYPT_EMAIL=your_email@domain.com 65 | 66 | # 67 | # Path to the certificates 68 | # If you use our webproxy should be: 69 | # /home/user/webproxy/data/certs 70 | PORTAINER_SSL_PATH=/path/to/your/certs 71 | 72 | # 73 | # SSL Certificates previously generated 74 | # You may use below webproxy to generate your ssl certificate 75 | #(https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion) 76 | # 77 | PORTAINER_SSL_CERTIFICATE=/certs/$MAIN_DOMAIN.crt 78 | PORTAINER_SSL_KEY=/certs/$MAIN_DOMAIN.key 79 | 80 | # 81 | # Network name 82 | # 83 | # Your container app must use a network conencted to your webproxy 84 | # https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion 85 | # 86 | NETWORK=webproxy 87 | 88 | #-- 89 | ``` 90 | 91 | 3. Start your container 92 | 93 | You can run our script, and it will use your predefined password: 94 | ```bash 95 | # ./start.sh 96 | ``` 97 | 98 | Or you can simply start your compose environment: 99 | ```bash 100 | # docker-compose up -d 101 | ``` 102 | 103 | > If you run only `docker-compose up -d` you will be prompted to set your admin password when accessing your browser. 104 | 105 | > This container must be in a network connected to your webproxy containers or use the same network of the webproxy. 106 | 107 | > Please keep in mind that when starting for the first time it may take a few moments (even a couple minutes) to get your Let's Encrypt certificates generated. 108 | 109 | ### Any further Portainer configuration please check [Portainer Official Documentation](https://portainer.readthedocs.io/en/stable/index.html) 110 | 111 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | create_network.sh 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. 166 | -------------------------------------------------------------------------------- /docker-compose-with-password.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | portainer: 5 | container_name: ${CONTAINER_NAME} 6 | restart: unless-stopped 7 | image: portainer/portainer-ce 8 | volumes: 9 | - ${PORTAINER_DATA_PATH}:/data 10 | - ${PORTAINER_SSL_PATH}:/certs 11 | - /var/run/docker.sock:/var/run/docker.sock 12 | environment: 13 | VIRTUAL_HOST: ${DOMAINS} 14 | VIRTUAL_PORT: ${PORT} 15 | LETSENCRYPT_HOST: ${DOMAINS} 16 | LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL} 17 | SSL: 18 | SSLCERT: ${PORTAINER_SSL_CERTIFICATE} 19 | SSLKEY: ${PORTAINER_SSL_KEY} 20 | command: --admin-password ${ENCRYPTED_PASSWORD} 21 | 22 | networks: 23 | portainer_network: 24 | name: ${NETWORK} 25 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | portainer: 5 | container_name: ${CONTAINER_NAME} 6 | restart: unless-stopped 7 | image: portainer/portainer-ce 8 | volumes: 9 | - ${PORTAINER_DATA_PATH}:/data 10 | - ${PORTAINER_SSL_PATH}:/certs 11 | - /var/run/docker.sock:/var/run/docker.sock 12 | environment: 13 | VIRTUAL_HOST: ${DOMAINS} 14 | VIRTUAL_PORT: ${PORT} 15 | LETSENCRYPT_HOST: ${DOMAINS} 16 | LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL} 17 | SSL: 18 | SSLCERT: ${PORTAINER_SSL_CERTIFICATE} 19 | SSLKEY: ${PORTAINER_SSL_KEY} 20 | 21 | networks: 22 | portainer_network: 23 | name: ${NETWORK} -------------------------------------------------------------------------------- /start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 4 | # Script to start your Portainer 5 | # 6 | # Uses the admin password specified in the .env file 7 | 8 | # 1. Check if .env file exists 9 | if [ -e .env ]; then 10 | source .env 11 | else 12 | echo "Please set up your .env file before starting your enviornment." 13 | exit 1 14 | fi 15 | 16 | # 2. Passowrd for Admin User 17 | 18 | # 2.1 Check if a password was set up in the .env file 19 | if [ -z "$ADMIN_PASSWORD" ]; then 20 | echo "You must set up a password in your '.env' file." 21 | exit 1 22 | fi 23 | 24 | # 2.2 Check if passowrd was the same as sample file 25 | if [ $ADMIN_PASSWORD = "your_admin_password" ]; then 26 | echo 27 | echo "#-----------------------------------------------------------" 28 | echo "#" 29 | echo "# CAREFUL!" 30 | echo "#" 31 | echo "# You are using the same passowrd of our sample." 32 | echo "# Please change it AS SOON AS POSSÍBLE!" 33 | echo "#" 34 | echo "#-----------------------------------------------------------" 35 | echo 36 | fi 37 | 38 | # 2.3 Generate the encrypted password 39 | ENCRYPTED_PASSWORD=$(docker run --rm httpd:2.4-alpine htpasswd -nbB admin $ADMIN_PASSWORD | cut -d ":" -f 2) 40 | 41 | # 2.4 Delete old ENCRYPTED_PASSWORD 42 | if [[ $(uname) == "Darwin" ]] 43 | then 44 | sed -i '' '/ENCRYPTED_PASSWORD/d' .env 45 | else 46 | sed -i '/ENCRYPTED_PASSWORD/d' .env 47 | fi 48 | 49 | # 2.4 Send passowrd to .env file 50 | echo "ENCRYPTED_PASSWORD='$ENCRYPTED_PASSWORD'" >> .env 51 | 52 | # 3. Start Portainer container 53 | docker-compose -f docker-compose-with-password.yml up -d 54 | 55 | # Final message 56 | echo 57 | echo "#-----------------------------------------------------------" 58 | echo "#" 59 | echo "# The WebProxy take a few moments to get the SSL Certificates" 60 | echo "#" 61 | echo "# Please check your browser to see if it is running, use your" 62 | echo "# domain(s): " 63 | echo "# $DOMAINS" 64 | echo "#" 65 | echo "#-----------------------------------------------------------" 66 | echo 67 | 68 | 69 | exit 0 70 | -------------------------------------------------------------------------------- /stop.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 4 | # Script to stop your Portainer 5 | # 6 | # Uses the admin password specified in the .env file 7 | 8 | docker-compose -f docker-compose-with-password.yml down 9 | 10 | exit 0 11 | --------------------------------------------------------------------------------