Wiki

Clone wiki

telstar-server / portainer

Managing Telstar with Portainer

portainer.png

Portainer simplifies container management in Docker, Swarm, Kubernetes, ACI and Edge environments. It can be used to speed up software deployments and troubleshoot problems.

Running Portainer on a local secure network is very simple as it can run within its own Docker container. Full details can be found at https://www.portainer.io/.

When using Portainer on a remote public server such as a DigtalOceam Droplet or other cloud server, security needs to be considered. There are several ways in which Portainer can be secured in a live environment, however, using a SSH Tunnel is one of the simplest.

When using a SSH Tunnel, Portainer is installed on the live server but is not exposed to the outside world. Instead a SSH Tunnel is created from a local machine to the remote machine. The installation of Portainer is then mapped to a local port. for example.

Using Portainer via an SSH Tunnel

Installation

Install and run Portainer on the live web server ensuring public access is denied within the firewall settings. Full details can be found at https://www.portainer.io/. This typically invloves creating a persistant volume and running the Portainer container e.g.

$ docker volume create portainer_data    
$ docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce

Creating the SSH Tunnel

The firat thing to do is update the local machines hosts file and add the server, for example, to add a server at glasstty.com, the following line would be added.

167.99.205.178  glasstty.com

From a local machine execute the following command, changing the user and server to suit your own setup.

ssh john@glasstty.com -L 9090:167.99.205.178:9000

The above example creates an SSH connection to my server at glasstty.com using the username john. An SSH certificate is used to access the server so no password is needed. In the command the ports are mapped such that the local port 9090, is mapped to the remote port 9000.

Portainer is listening by default on port 9000 on the remote server. After executing the above command, the Portainer web interface can be accessed using the url http//localhost:9090 on the local machine.

Updated