Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community
Sign In
Sign In

Installing and Using Portainer

Installing and Using Portainer
Hostman Team
Technical writer
Docker
07.05.2024
Reading time: 12 min
Share

Portainer is a container management tool that seamlessly works with both Docker and Kubernetes.

It is available in two versions:

  • free and open Community Edition;

  • paid Business Edition with additional features for corporate clients.

In this article, we will focus on installing Portainer on Ubuntu 22.04 with Docker and using the Community Edition. Although we will use Ubuntu as an example, most of the steps are similar for other operating systems, making this tutorial applicable to a variety of use cases.

Portainer is excellent for both beginners and professionals. Its intuitive graphical interface greatly simplifies management, making container technology accessible even to those new to the field. Experienced users will also find a rich selection of options for fine-tuning and personalization.

The article will focus on installing, overviewing the main functions and settings, connecting an external server as an environment, and providing a practical example of deploying WordPress on an external server using Portainer.

Prerequisites

  • A computer or a cloud server running a Linux-based OS such as Ubuntu, Debian etc.

In this article, we'll demonstrate installing Portainer on a local machine; however, if you plan to use it as a team, the application can also be installed on a cloud server, providing centralized management and accessibility to all team members. 

Installing Portainer in Docker

Step 1: Install Docker and Docker Compose

Before installing Portainer, make sure Docker is installed on your system. If it is, you can skip this step. Otherwise, run the following commands to install:

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh ./get-docker.sh

After installation, check the versions by running the commands:

docker -v
docker compose version

This will confirm successful installation and show the versions of installed programs.

Step 2: Create a working directory

Create a directory for the application in /opt and move to it:

cd /opt
sudo mkdir hostmanportainer
cd ./hostmanportainer

Step 3: Create a configuration file

Now create a docker-compose.yml file in the hostmanportainer directory. This file will describe the startup configuration. Use nano or any other text editor to create the file:

sudo nano docker-compose.yml

Paste the following content into the file:

version: "3.3"
services:
	hostmanportainer:
		image: portainer/portainer-ce:latest
		container_name: hostmanportainer
		environment:
			- TZ=Europe/London
		volumes:
			- /var/run/docker.sock:/var/run/docker.sock
			- /opt/hostmanportainer/portainer_data:/data
		ports:
			- "8000:8000"
			- "9443:9443"
		restart: always

Description of parameters:

  • version: "3.3": Indicates the version of Docker-compose you are using. Version 3.3 is suitable for most modern applications.

  • services: This section describes the services to start.

  • hostmanportainer: Service name. Used as an identifier.

  • image: portainer/portainer-ce:latest: Specifies the image to be used. The latest version of Community Edition is used here.

  • container_name: hostmanportainer: Assigns a name to the container to make it easier to identify.

  • environment: Allows you to set environment variables. For example, TZ=Europe/London sets the time zone of the container.

  • volumes:

    • /var/run/docker.sock: /var/run/docker.sock allows Portainer to communicate with Docker on your host;

    • /opt/hostmanportainer/portainer_data:/data creates a persistent data store.

  • ports:

    • "8000:8000" and "9443:9443" open the corresponding ports to access the Portainer. 9443 is used for HTTPS connection.

  • restart: always: Ensures that the container will automatically restart when necessary, for example after a server reboot.

Step 4: Launch

After creating the configuration file, run Portainer with Docker using the command:

docker compose up -d

Step 5: Access the Interface

Portainer is now running and accessible at https://<ip_or_localhost>:9443. Open this address in your browser to access the web interface.

Image1

Step 6: Create an Administrator Account

When you first log in, you will be asked to create an administrator account. Please note that the password requires a minimum of 12 characters. After completing the registration process, you will have access to the settings and container management functionality in the interface.

General Settings

To access the settings, go to the Settings section. Here we will cover the key settings that are most important for the basic configuration. We recommend reading the official documentation for a deeper understanding of all available settings.

  • Application settings. In this section, you can configure settings such as the frequency of creating state snapshots and sending anonymous application usage statistics.

409d2664 Ef50 4763 B2c4 297f82a5d0e7

  • App Templates. Here you can specify the URL of a JSON file with templates for quickly deploying containers. You can also use pre-installed templates, making launching new applications easier.
  • SSL certificate. This section allows you to upload your own SSL certificates for a secure connection. While this is not required for a local installation, attaching your own SSL certificate increases security when deploying Portainer on a remote server.

8542340f 252e 4b81 9e5b 5c1f9cc98a55

  • Backup up Portainer. This section allows you to create a backup copy of the application settings and configuration. It is useful for ensuring data security and simplifying migration to other systems.

194e333b A7a0 47bb Aa37 21a9fabbc6b8

  • Authentication. Here you can configure the user session duration and select the authentication method. The following methods are available in Community Edition: Internal (default), LDAP, and OAuth. However, it is worth noting that configuring OAuth in Community Edition has limitations, and popular services such as Microsoft OAuth, Google OAuth, Github OAuth are not supported, which requires manual configuration. When using Internal authentication, you can change the password requirements, such as reducing the minimum number of characters.

A8a9c1e8 D2df 424e A551 D02c8019c7cd

To change your password, go to the upper right corner of the screen, click on your account name and select My account. This will allow you to update your password and other personal settings.

After studying the basic settings, let's move on to other important sections available in the left menu of the interface.

  • Users. This section is for managing users. It is especially useful for working with a team as it allows you to restrict access to resources. Here you can create and manage individual users. In addition, in the Teams section you can create teams with different users for more granular access control. It should be noted that more advanced role settings are only available in the Business Edition.

61465395 4bfa 46d5 8dd6 1a06e46ff892

  • Registries. In the Registries section, users can configure access to image repositories. The management interface facilitates integration with popular repositories such as DockerHub, AWS ECR, Quay.io, ProGet, Azure and GitLab, allowing you to efficiently manage container images directly through a graphical user interface.

5d0d9718 871c 4ea5 A038 Ec96ff917869

  • Environments. The key section of Portainer for connecting to and managing external servers or environments. You can manage a variety of environments here, including Docker, Docker Swarm, Kubernetes, and ACI. Nomad is also available in the Business Edition. This section allows Portainer Server to manage multiple environments, simplifying scaling and infrastructure management.

Adding a new environment

To demonstrate the process of adding a new environment, we will connect a server on Ubuntu 22.04 with Docker pre-installed. This can be either a new server or a server on which containers are already running.

  1. Start by clicking the Add environment button in the Environments section.
  2. Select Docker Standalone and use the setup wizard by clicking Start Wizard.

6ef5896a 6a99 4d4d Ab9b E96bc432aa90

  1. During the setup process, select Agent and run the following command on the server that you plan to connect as an environment:
docker run -d\
-p 9001:9001\
--name portainer_agent\
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/lib/docker/volumes:/var/lib/docker/volumes \
portainer/agent:2.19.4

This command will launch the Portainer Agent, allowing Portainer Server to connect to the server and manage containers.

  1. After successfully installing and launching the agent on the server, return to the web interface and complete the connection process by specifying the name of the environment and its address in the format server_ip:9001.
  2. Click Connect to complete the connection. After successfully adding an environment, a pop-up notification Environment created will be displayed in the interface.

Environments Settings

When you go to the Home page, you will see two environments: local (the device where the application is running) and the previously added server. After selecting the previously added server, the menu on the left will update, adding management functions for the environment.

4fcdf77d 67d1 400b 9f98 3872b2a95245

Environment Management

  • Images. The Images section displays all available images in the system. Here you can delete images individually or en masse, as well as download new images using the Pull image option.

304ccebd Eaf3 45e3 A1af 0a26639a40d2

  • Networks. The Networks page displays all available networks. Using an intuitive setup wizard accessible through Add Network, users can create new networks, expanding the connectivity between containers.

73746096 7c0f 4b1c B644 D25632e4df4d

  • Volumes. The Volumes section contains information about all volumes. This section allows you to view existing volumes, delete them, or create new ones using the Add volume setup wizard.
  • Containers. The Containers section provides extensive container management capabilities. In this section, all existing containers are visible. You can delete, suspend, activate, or restart them. The Quick Actions menu provides additional functions, including viewing container information, statistics, and console access.

1bb5993b 7235 47db B7cb 0848690441e7

To create a new container, click on Add container. For example. let's create a container with Nginx. Specify  the name, the nginx image and set up the network ports: click on publish a new network port and enter port 9090 for host, and port 80 for container.

386dace1 Ff8f 426d 8d49 A6023de4e8d6

Next, click on the Deploy the container button below and wait until the container is deployed.

Upon completion, you will be redirected to the Container list page. After deploying the container, going to http://server_ip:9090 will show running Nginx.

Advanced Features: App Templates and Stacks

The App Templates section is a collection of pre-configured templates for deploying common applications and services. These templates are designed to simplify the process of creating new containers by minimizing the need for manual configuration. Users can choose from a variety of available templates that range from basic web servers to complex multi-tier applications.

When using a template, it is enough to specify some basic parameters, such as the container name, network settings and, in some cases, specific settings such as passwords or environment variables. This makes the App Templates section particularly useful for quickly testing new ideas and utilities, as well as learning and experimenting with new technologies.

6f329daa Af5e 47d4 9063 9078cdb3573e

Stacks are an efficient way to manage groups of containers. They are defined through docker-compose files. This simplifies the management of complex applications and provides automation and consistency in deployment.

Use Case: Using Stacks for WordPress Deployment

A special feature of Stacks is choosing the configuration definition method: you can use the built-in editor to directly write or edit Docker Compose files, download a ready-made docker-compose.yml file, or even connect a git repository to update and deploy containers automatically.

Now let's put this technology into practice. Using WordPress deployment as an example, we'll show you how to use Stacks to create and manage multi-container applications. This example will help you understand how to simplify and automate your application deployment processes using Stacks.

  1. In the Stacks section, click Add stack to open the configurator.
  2. Using the Web editor, describe the application configuration in YAML format. For WordPress and MariaDB database, the configuration might look like this:
services:
	db:
		image: mariadb:10.6.4-focal
		command: '--default-authentication-plugin=mysql_native_password'
		volumes:
        	- db_data:/var/lib/mysql
 		restart: always
    	expose:
			- 3306
 			- 33060
		environment:
			- MYSQL_ROOT_PASSWORD=hostmantest
			- MYSQL_DATABASE=hostman_wp
			- MYSQL_USER=hostman
			- MYSQL_PASSWORD=password
 	wordpress:
 		image: wordpress:latest
 		ports:
 			- 80:80
 		restart: always
		environment:
   			- WORDPRESS_DB_HOST=db
   			- WORDPRESS_DB_USER=hostman
   			- WORDPRESS_DB_PASSWORD=password
   			- WORDPRESS_DB_NAME=hostman_wp
volumes:
    db_data:
  • Environment variables can be placed in a separate section. In Environment variables select Advanced mode and specify the variables:
MYSQL_ROOT_PASSWORD=hostmantest
MYSQL_DATABASE=hostman_wp
MYSQL_USER=hostman
MYSQL_PASSWORD=password
WORDPRESS_DB_HOST=db
WORDPRESS_DB_USER=hostman
WORDPRESS_DB_PASSWORD=password
WORDPRESS_DB_NAME=hostman_wp
  • Remove the environment section from the main YAML file to avoid duplication:
services:
  db:
    image: mariadb:10.6.4-focal
    command: '--default-authentication-plugin=mysql_native_password'
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    expose:
      - 3306
      - 33060
  wordpress:
    image: wordpress:latest
    ports:
      - 80:80
    restart: always
volumes:
    db_data:

923371b4 C89a 4dd9 9807 93143925f53d

  1. Click Deploy the stack. A bit later, if the deployment is successful, you will be redirected to the Stacks list page, where our Wordpress instance will be displayed.

Test your WordPress functionality by going to http://server_ip:80. You should see the WordPress start page, confirming successful deployment.

Conclusion

In our review, we covered all the important aspects of working with Portainer, from its installation with Docker to the details of deploying applications through Stacks. We took a detailed look at the tool's various features and settings, including user management, image repository handling, and environment coordination. The WordPress deployment example clearly showed how Portainer simplifies working with complex systems, making the management process more efficient. The article provided a comprehensive understanding of Portainer as a solution to simplify and streamline application deployment processes.

Docker
07.05.2024
Reading time: 12 min
Share

Similar

Docker

Removing Docker Images, Containers, Volumes, and Networks

Docker is software for quickly deploying applications through containerization. However, with its active use, many objects accumulate, consuming valuable host resources: images, containers, volumes, and networks. You can remove these objects through Docker Desktop, but it is much more convenient, especially when dealing with a significant number of objects, to use command-line tools. In this article, you will find tips for working with Docker and learn how to remove various objects using both the Docker Desktop client and command-line tools. Removing Containers To interact with containers and change their current state, including removing them, go to the "Containers/Apps" tab in the Docker Desktop web interface, select the desired object, and apply the chosen action: Now, let's look at how to remove these objects using command-line tools. To remove containers, use the docker container rm command or simply docker rm. For clarity, we will use docker container rm with the following syntax: docker container rm [removal options] [object ID] Options: --force or -f: Force removal of the container (e.g., if running). --link or -l: Remove the specified link (e.g., between two objects)*. --volume or -v: Remove anonymous volumes associated with the container. Containers are isolated from each other. One way to link them is via network ports. Using the --link flag will remove this network link in Docker. There are two commands in the command-line arsenal for obtaining information about containers: docker ps and docker container ls. They have the same options and syntax: Options: --all or -a: Display all containers. By default, only running containers are displayed. --filter or -f: Filter based on a set of flags. --format: Format the output. You can display only the necessary information. --last or -n: Show the last n containers. --latest or -l: Show the most recent container. --no-trunc: Do not truncate the output. --quiet or -q: Display only the container IDs. --size or -s: Display the total size. Using these parameters, you can create a list of containers you wish to remove, then pass the container IDs to the docker container rm command. For example, to create a list of containers with the status created or exited, run this command to get such objects: docker ps -a -f status=created -f status=exited Now, pass the result to the removal command: docker container rm $(docker ps -a -f status=created -f status=exited -q) To remove running containers, you must first stop them. Of course, you can use the --force option, but this may lead to data corruption with the application's working data. It is always better to first stop the containers with the docker stop command. To remove all containers in Docker, you can simply use these two commands: docker stop $(docker ps -a -q)docker container rm $(docker ps -a -q) There is a separate command to remove all stopped containers: docker container prune. Removing Docker Images Like containers, you can also remove Docker images within the client application. To do this, go to the "Images" tab: To delete an image, click "Clean up…" in the upper right corner and select the images. If an image is currently in use, Docker will not allow you to delete it. Now, let's move on to the command-line tools. There are two commands for removing Docker images: docker rmi and docker image rm. They are identical and work in much the same way as docker rm. Here's their syntax: docker rmi [remove options] [image IDs] Options: --force or -f: Forcefully remove the image. --no-prune: Do not remove untagged parent images. To find the image IDs, we use the following command: docker images [options] [REPOSITORY:[TAG]] Options: --all or -a: Show all images. By default, intermediate images are hidden. --digests: Show digests. --filter or -f: Filter by flags. --format: Format the output. --no-trunc: Do not truncate the output. --quiet or -q: Show only the image IDs. The application of these commands is the same as in the previous section. First, we query the list of images we want and use it as input for the docker rmi command. For example, to remove images that are not associated with any containers, we can use the dangling=true flag. It is important to note that we will get untagged images. docker images --filter dangling=true After checking the list, we can safely remove it: docker rmi $(docker images --filter dangling=true -q) To remove all unused images, use the docker image prune command. Removing Volumes A volume is a file system located outside the containers and stored on the host machine. To free up disk space occupied by volumes, go to the "Volumes" section, and in the top-right corner, select the corresponding icon: To delete volumes from the command line, use the docker volume rm command with the following syntax: docker volume rm [options] [volume names] This command is not very flexible with options and only provides the --force or -f flag for forced removal. You can only remove volumes if they are not associated with running containers. Forced removal of volumes linked to active containers is not recommended, as it may lead to data corruption. To list volume names, use the docker volume ls command with the following syntax: docker volume ls [options] Again, Docker is limited on options here, with only three available: --filter or -f: Filter by flags. --format: Format the output. --quiet or -q: Show only the volume names. Volumes exist independently of containers, and after their deletion, they remain in the host's file system as unlinked volumes. Let's try deleting such volumes. Use the dangling=true flag for this purpose: docker volume ls -f dangling=true Now, pass the results to the command for deletion: docker volume rm $(docker volume ls -f dangling=true -q) Alternatively, you can use another command to remove all unused volumes: docker volume prune. However, before using this command, check the list to ensure it includes only the volumes you want to remove. If you need to remove an unnamed volume, you can delete it with its associated container. For this, add the -v flag when using docker rm. Removing Networks To remove networks, you need to use the docker network rm command with the following syntax: docker network rm [network names/IDs] This command does not have any options. You can pass either names or IDs of the networks. To find the names and IDs of the networks, use the docker network ls command: docker network ls [options] This command has four available options: --filter or -f: Filter by flags. --format: Format the output. --no-trunc: Do not truncate the output. --quiet or -q: Show only IDs. Before deleting a network, you must remove any objects (containers) that are using it. To check which containers are using a specific network, use the following command: docker ps -f network=[network ID] Afterward, you can proceed to delete the network. For example, to delete networks with the driver=bridge value, use the following commands: docker network ls -f driver=bridgedocker network rm $(docker network ls -f driver=bridge -q) Cleaning Up Docker from All Objects Sometimes, you might need to remove everything and reinstall Docker to return an application to its initial state. Instead of deleting Docker entirely, you can execute a series of commands to clean up all objects and work with a fresh environment: Stop and remove containers: docker stop $(docker ps -a -q)docker rm $(docker ps -a -q) Remove images: docker rmi $(docker images -a -q) Remove volumes: docker volume rm $(docker volume ls -a -q) Remove networks: docker network rm $(docker network ls -a -q)  
05 December 2024 · 6 min to read
Docker

How to Install Docker on Ubuntu 22.04

Docker is a free, open-source tool for application containerization. Containers are isolated environments similar to virtual machines (VMs), but they are more lightweight and portable across platforms, requiring fewer system resources. Docker uses OS-level virtualization, leveraging features built into the Linux kernel. This guide walks through installing Docker on Ubuntu 22.04 but also applies to other Ubuntu versions. Additionally, we’ll download Docker Compose, a tool essential for managing multiple containers efficiently. For this guide, we will use a Hostman cloud server. System Requirements According to Docker's documentation, the following 64-bit Ubuntu versions are supported: Ubuntu Oracular 24.10 Ubuntu Noble 24.04 (LTS) Ubuntu Jammy 22.04 (LTS) Ubuntu Focal 20.04 (LTS) Docker works on most popular architectures. The resource requirements for your device will depend on your intended use and how comfortably you want to work with Docker. The scale of applications you plan to deploy in containers will largely dictate the system needs. Some sources recommend a minimum of 2 GB of RAM. Additionally, a stable internet connection is required. Installing Docker on Ubuntu 22.04 Installing Docker on Ubuntu 22.04 involves executing a series of terminal commands. Below is a step-by-step guide with explanations. The steps are also applicable to server versions of Ubuntu. 1. Update Package Indexes The default repository may not always contain the latest software releases. Therefore, we will download Docker from its official repository to ensure the latest version. First, update the package indexes: sudo apt update 2. Install Additional Packages To install Docker, you’ll need to download four additional packages: curl: Required for interacting with web resources. software-properties-common: Enables software management via scripts. ca-certificates: Contains information about certification authorities. apt-transport-https: Necessary for data transfer over the HTTPS protocol. Download these packages with the following command: sudo apt install curl software-properties-common ca-certificates apt-transport-https -y The -y flag automatically answers "Yes" to all terminal prompts. 3. Import the GPG Key The GPG key is required to verify software signatures. It is needed to add Docker's repository to the local list. Import the GPG key with the following command: wget -O- https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/keyrings/docker.gpg > /dev/null During the import process, the terminal may display a warning before confirming the successful execution of the command. 4. Add Docker Repository Add the repository for your version of Ubuntu, named "Jammy." For other versions, use their respective code names listed in the "System Requirements" section. Run the following command: echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null During execution, the terminal will prompt you to confirm the operation. Press Enter. 5. Update Package Indexes Again After making these changes, update the package indexes once more using the familiar command: sudo apt update 6. Verify the Repository Ensure that the installation will proceed from the correct repository by running the following command: apt-cache policy docker-ce Output example: The output may vary depending on the latest Docker releases. The key point is to confirm that the installation will be performed from Docker's official repository. 7. Installing Docker After configuring the repositories, proceed with the Docker installation: sudo apt install docker-ce -y The installation process will begin immediately. To confirm a successful installation, check Docker's status in the system: sudo systemctl status docker Output example: The output should indicate that the Docker service is active and running. Installing Docker Compose Docker Compose is a Docker tool designed for managing multiple containers. It is commonly used in projects where many containers must work together as a unified system. Managing this process manually can be challenging. Instead, you describe the entire configuration in a single YAML file containing the settings and configurations for all containers and their applications. There are several ways to install Docker Compose. If you need the latest version, make sure to use manual installation and installation via the Git version control system. Installation via apt-get If having the latest version is not critical for you, Docker Compose can be installed directly from the Ubuntu repository. Run the following command: sudo apt-get install docker-compose Installing via Git First, install Git: sudo apt-get install git Verify the installation by checking the Git version: git --version The output should show the Git version. Next, clone the Docker Compose repository. Navigate to the Docker Compose GitHub page and copy the repository URL. Run the following command to clone the repository: git clone https://github.com/docker/compose.git The cloning process will begin, and the repository will be downloaded from GitHub. Manual Installation Go to the Docker Compose GitHub repository and locate the latest release version under the Latest tag. At the time of writing, the Latest version of Docker Compose is v2.31.0. Let's download it: sudo curl -L "https://github.com/docker/compose/releases/download/v2.31.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose In this command, the parameters $(uname -s) and $(uname -m) automatically account for the system characteristics and architecture. After the download finishes, change the file's permissions: sudo chmod +x /usr/local/bin/docker-compose Conclusion In this guide, we covered the installation of Docker on Ubuntu 22.04, along with several ways to install Docker Compose. You can order a cloud server at Hostman for your experiments and practice.
04 December 2024 · 5 min to read
Docker

How to Install Nextcloud with Docker

Nextcloud is an open-source software for creating and using your own cloud storage. It allows users to store data, synchronize it between devices, and share files through a user-friendly interface. This solution is ideal for those prioritizing privacy and security over public cloud services. Nextcloud offers a range of features, including file management, calendars, contacts, and integration with other services and applications. When deploying Nextcloud, Docker provides a convenient and efficient way to install and manage the application. Docker uses containerization technology, simplifying deployment and configuration and ensuring scalability and portability. Combining Docker with Docker Compose allows you to automate and standardize the deployment process, making it accessible even to users with minimal technical expertise. In this guide, we'll walk you through installing Nextcloud using Docker Compose, configuring Nginx as a reverse proxy, and obtaining an SSL certificate with Certbot to secure your connection. Installing Docker and Docker Compose Docker is a powerful tool for developers that makes deploying and running applications in containers easy. Docker Compose simplifies orchestration of multi-container applications using YAML configuration files, which streamline the setup and management of complex applications. Download the installation script by running the command: curl -fsSL https://get.docker.com -o get-docker.sh This script automates the Docker installation process for various Linux distributions. Run the installation script: sudo sh ./get-docker.sh This command installs both Docker and Docker Compose. You can add the --dry-run option to preview the actions without executing them. After the script completes, verify that Docker and Docker Compose are installed correctly by using the following commands: docker -vdocker compose version These commands should display the installed versions, confirming successful installation. Preparing to Install Nextcloud Creating a Working Directory In Linux, third-party applications are often installed in the /opt directory. Navigate to this directory with the command: cd /opt Create a folder named mynextcloud in the /opt directory, which will serve as the working directory for your Nextcloud instance: mkdir mynextcloud Configuring the docker-compose.yml File After creating the directory, navigate into it: cd mynextcloud We will define the Docker Compose configuration in the docker-compose.yml file. To edit this file, use a text editor such as nano or vim: nano docker-compose.yml In the docker-compose.yml file, you should include the following content: version: '2' volumes: mynextcloud: db: services: db: image: mariadb:10.6 restart: unless-stopped command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=RootPass - MYSQL_PASSWORD=NextPass - MYSQL_DATABASE=nextclouddb - MYSQL_USER=nextclouduser app: image: nextcloud restart: unless-stopped ports: - 8081:80 links: - db volumes: - mynextcloud:/var/www/html environment: - MYSQL_PASSWORD=NextPass - MYSQL_DATABASE=nextclouddb - MYSQL_USER=nextclouduser - MYSQL_HOST=db Parameters in this file: version: '2': Specifies the version of Docker Compose being used. Version 2 is known for its simplicity and stability. volumes: Defines two named volumes: mynextcloud for app data and db for database storage. services: db: image: Uses the MariaDB 10.6 image. restart: Automatically restarts the service unless manually stopped. volumes: Binds the db volume to /var/lib/mysql in the container for persistent database storage. environment: Sets environment variables like passwords, database name, and user credentials. app: image: Uses the Nextcloud image. ports: Maps port 8081 on the host to port 80 inside the container, allowing access to Nextcloud through port 8081. links: Links the app container to the db container for database interaction. volumes: Binds the mynextcloud volume to /var/www/html for storing Nextcloud files. environment: Configures database-related environment variables, linking the Nextcloud app to the database. This configuration sets up your application and database environment. Now, we can move on to launching and configuring Nextcloud. Running and Configuring Nextcloud Once the docker-compose.yml configuration is ready, you can start the project. Run the following commands in the mynextcloud directory to download the necessary images and start the containers: docker compose pulldocker compose up The docker compose pull command will download the required Nextcloud and MariaDB images. The docker compose up command will launch the containers based on your configuration. The initial setup may take a while. When it’s complete, you will see messages like: nextcloud-app-1  | New nextcloud instancenextcloud-app-1  | Initializing finished After the initial configuration, you can access Nextcloud through your browser. Enter http://server-ip:8081 into the browser’s address bar. You will be prompted to create an administrator account by providing your desired username and password. During the initial configuration, you can also choose additional apps to install. Stopping and Restarting Containers in Detached Mode After verifying that Nextcloud is running correctly through the web interface, you can restart the containers in detached mode to keep them running in the background. If the containers are still running in interactive mode (after executing docker compose up without the -d flag), stop them by pressing Ctrl+C in the terminal. To restart the containers in detached mode, use the command: docker compose up -d The -d flag stands for "detached mode," which allows the containers to run in the background independently of your terminal session. Now the containers are running in the background. If you have a domain ready, you can proceed with configuring the server as a reverse proxy. Setting up Nginx as a Reverse Proxy Installation Nginx is often chosen as a reverse proxy due to its performance and flexibility. You can install it by running the command: sudo apt install nginx Configuring Nginx Create a configuration file for your domain (e.g., nextcloud-test.com). Use a text editor to create the file in the /etc/nginx/sites-available directory: sudo nano /etc/nginx/sites-available/nextcloud-test.com Add the following directives to the file: server { listen 80; server_name nextcloud-test.com; location / { proxy_pass http://localhost:8081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; } location ^~ /.well-known { location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } return 301 /index.php$request_uri; } } This configuration sets up the web server to proxy requests to Nextcloud running on port 8081, with headers for security and proxying. Key Configuration Details Basic Configuration: server { listen 80; server_name nextcloud-test.com; location / { proxy_pass http://localhost:8081; ... } } This block configures the server to listen on port 80 (standard HTTP) and handle requests directed to nextcloud-test.com. Requests are proxied to the Docker container running Nextcloud on port 8081. Proxy Settings: proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; These headers ensure that the original request information (like the client’s IP address and request protocol) is passed on to the application, which is important for proper functionality and security. HSTS (HTTP Strict Transport Security): add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; This header enforces security by instructing browsers only to use HTTPS when accessing your site for the next 180 days. Well-Known URI Settings: location ^~ /.well-known { ... } This block handles special requests to .well-known URIs, used for service discovery (e.g., CalDAV, CardDAV) and domain ownership verification (e.g., for SSL certificates). Enabling the Nginx Configuration Create a symbolic link to the configuration file from the /etc/nginx/sites-enabled/ directory: sudo ln -s /etc/nginx/sites-available/nextcloud-test.com /etc/nginx/sites-enabled/ Now restart Nginx to apply the new configuration: sudo systemctl restart nginx At this point, your web server is configured as a reverse proxy for the Nextcloud application, and you can access it via your domain (note that you might initially see an "Access through untrusted domain" error, which we’ll fix later). Configuring SSL Certificates with Certbot Installing Certbot Certbot is a tool from the Electronic Frontier Foundation (EFF) used for obtaining and managing SSL certificates from Let's Encrypt. It automates the process, enhancing your website's security by encrypting the data exchanged between the server and its users. To install Certbot and the Nginx plugin, use the following command: sudo apt install certbot python3-certbot-nginx Obtaining and Installing the SSL Certificate To obtain an SSL certificate for your domain and configure the web server to use it, run the command: sudo certbot --non-interactive -m [email protected] --agree-tos --no-eff-email --nginx -d nextcloud-test.com In this command: --non-interactive: Runs Certbot without interactive prompts. -m [email protected]: Specifies the admin email for notifications. --agree-tos: Automatically agrees to Let's Encrypt’s terms of service. --no-eff-email: Opts out of EFF-related emails. --nginx: Uses the Nginx plugin to automatically configure SSL. -d nextcloud-test.com: Specifies the domain for which the certificate is issued. Certbot will automatically update the Nginx configuration to use the SSL certificate, including setting up HTTP-to-HTTPS redirection. After Certbot completes the process, restart Nginx to apply the changes: sudo systemctl restart nginx Now, your Nextcloud instance is secured with an SSL certificate, and all communication between the server and clients will be encrypted. Fixing the "Access through Untrusted Domain" Error When accessing Nextcloud through your domain, you may encounter an "Access through untrusted domain" error. This occurs because the initial configuration was done using the server’s IP address. Since our application is running inside a container, you can either use docker exec or modify the Docker volume directly. We’ll use the latter method since we created Docker volumes earlier in the docker-compose.yml file. First, list your Docker volumes: docker volume ls Find the volume named mynextcloud_mynextcloud. To access the volume, run: docker volume inspect mynextcloud_mynextcloud Look for the Mountpoint value to find the path to the volume. Change to that directory: cd /var/lib/docker/volumes/mynextcloud_mynextcloud/_data Navigate to the config directory and open the config.php file for editing: cd confignano config.php In the file, update the following lines: Change overwrite.cli.url from http://server_ip:8081 to https://your_domain. In the trusted_domains section, replace server_ip:8081 with your domain. Add the line 'overwriteprotocol' => 'https' after overwrite.cli.url to ensure all resources load via HTTPS. Save the changes (in Nano, use Ctrl+O, then Ctrl+X to exit). After saving the changes in config.php, you should be able to access the application through your domain without encountering the "untrusted domain" error. Conclusion Following these steps, you’ll have a fully functional, secure Nextcloud instance running in a containerized environment.
27 September 2024 · 10 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support