Portainer是一个轻量级的Docker管理界面,通过Nginx代理可以增加安全性和灵活性。以下是配置步骤:
安装Nginx(如果尚未安装):
sudo apt update
sudo apt install nginx
创建Nginx配置文件(例如 /etc/nginx/sites-available/portainer.conf):
server {
listen 80;
server_name portainer.yourdomain.com; # 替换为你的域名
location / {
proxy_pass http://localhost:9000; # Portainer默认端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
启用配置:
sudo ln -s /etc/nginx/sites-available/portainer.conf /etc/nginx/sites-enabled/
sudo nginx -t # 测试配置
sudo systemctl reload nginx
获取SSL证书(使用Let's Encrypt):
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d portainer.yourdomain.com
自动生成的HTTPS配置类似于:
server {
listen 443 ssl;
server_name portainer.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/portainer.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portainer.yourdomain.com/privkey.pem;
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name portainer.yourdomain.com;
return 301 https://$host$request_uri;
}
添加基本认证:
sudo apt install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd username
然后在Nginx配置中添加:
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
WebSocket支持(Portainer需要):
location / {
# ...其他配置...
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
自定义路径(不使用根路径):
location /docker-admin/ {
proxy_pass http://localhost:9000/;
# ...其他代理设置...
}
bash
docker run -d -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock portainer/portainerbash
sudo nginx -tbash
sudo systemctl restart nginxbash
journalctl -u nginx -f
docker logs portainer这样配置后,Portainer将通过Nginx代理提供更安全的访问方式,并可以轻松添加SSL加密和其他安全功能。