This project provides a Docker Compose and Swarm configuration for deploying Portainer Community Edition (CE) and its agent.
This setup consists of two main services:
- Portainer: The main Portainer web interface for managing your Docker environment.
- Agent: The Portainer agent that runs on each node in the swarm to provide information to the Portainer instance.
This configuration is optimized for Docker Swarm, as indicated by the use of deploy keys, overlay networks, and global service mode for the agent.
- Docker and Docker Compose installed.
- A Docker Swarm cluster initialized (for swarm deployment).
- An external network named
traefik-publicmust exist if you intend to use the Traefik labels.
- Create a
.envfile from the example:cp .env.example .env
- Edit the
.envfile and set thePORTAINER_HOSTvariable to the domain where you want to access Portainer.PORTAINER_HOST=portainer.your-domain.com
You can deploy this stack using either Docker Compose or Docker Swarm.
docker stack deploy -c docker-compose.yml portainerdocker-compose up -dThe docker-compose.yml file includes commented-out labels for integrating with a Traefik reverse proxy. If you are using Traefik, you can uncomment these labels to automatically expose Portainer with SSL.
Make sure the traefik-public network is correctly configured and that your Traefik instance is connected to it. You will also need a cloudflare cert resolver configured in your Traefik setup for the TLS to work as defined in the labels.
For security, the cap_drop: - ALL directive is used for both services to drop all capabilities, and only the necessary ones are added by Docker.
- agent_network: An overlay network that allows the Portainer service to communicate with the agents.
- traefik-public: An external network for connecting to a Traefik reverse proxy.
- portainer_data: A named volume used to persist Portainer's data.