Enter Portainer, which bills itself as a lightweight management UI for easier management of a Docker host or Swarm cluster. It’s a single container that can run on any Docker host and helps you manage all of your containers, images, volumes, networks, and more.



  • A VPS running any of our OS options.
  • A working Docker installation.


Step 1. Installing Portainer


Because Portainer runs inside of a Docker container itself, installation is pretty straightforward. Although you don’t have to set up Portainer so that it forces SSL over connections to the web portal, that’s the method we’re going to cover—simply put, if you’re using Portainer to manage production Docker containers, you’ll want to ensure that connections are secure. Plus, it’s just good practice.


We’re also going to set up Portainer so that data can be persisted between reboots.


This is more complex than the baisc installation process docker run -d -p 9000:9000 portainer/portainer, but will be safer and more maintainable.


Creating SSL keys


Before we can move forward, let’s create the keys necessary to run Portainer in SSL mode. When you enter the final command, you’ll be asked to input some information about how to sign the key, which you can fill out to your discretion.


Note: If you’re running Portainer on a production machine, you probably already have (signed) SSL certificates available to use instead of these self-signed ones. Or, if you don’t have them already, you can set up something like Certbot. However, for the sake of simplifying this tutorial to accommodate the most installations, we’ll just cover self-signed certificates.

$ mkdir local-certs && cd local-certs
$ openssl genrsa -out portainer.key 2048
$ openssl ecparam -genkey -name secp384r1 -out portainer.key
$ openssl req -new -x509 -sha256 -key portainer.key -out portainer.crt -days 3650


Now that we have our SSL keys in hand, we can move forward with the Portainer installation.


Installing Portainer


As previously mentioned, we’re going to set up Portainer to use SSL and persist the information, so the command will be significantly more complex than the aforementioned default.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key


Let’s break that command down at little bit.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key


This sets up Portainer to listen to traffic on port 443 (the port for SSL), and forwards that traffic to port 9000 within the container.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key


The -v option sets up volumes containing data that’s meant to be shared between the host and the container. There are three volumes in question here, the first of which is ~/local-certs, which is where we saved our SSL certificates, and the second of which binds ~/portainer on the host to the /data folder inside the container. The third connects this container to the host’s socket.


The values before the colon (:) in the first two volumes can be changed if need be.

$ docker run -d -p 443:9000 -v ~/local-certs:/certs -v ~/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key


Finally, this portion of the command tells Portainer where to look for the certificates it needs to enable SSL.


So, once you run this command, Docker will download the Portainer image (unless you happen to have it already), and launch the container.


Step 2. Connecting to the Portainer web interface


We’re finally ready to connect to the web interface. To do so, open your favourite browser and navigate to https://YOUR_SERVER_IP/. You’ll probably get a warning from your browser about the certificate being insecure because it’s not signed by a certificate authority. That’s true, but since you’re using only using this for administration and not for anyone else accessing these server, it’s safe to move forward—the connection is still encrypted, but only with your self-signed key.


You’ll first see a prompt asking you to set an admin password. After that, you’ll see a standard login screen. Your username will be admin, and the password is what you just set.


Finally, you’ll be prompted about how you want Portainer to connect to the Docker engine. You want to click the selector next to Manage the Docker instance where Portainer is running, and then hit Connect.


Step 3. Basic container management via Portainer


Much of the Portainer interface is best left to exploration, but let’s cover a number of interesting elements and things you might not be aware of the straightaway. Starting from the dashboard (below), you can see the status of all of your containers, images, volumes, networks, and more.


Let’s quickly walk through the process of creating a new Docker container using the Portainer interface.


First, click on the App Templates link in the navigation, and look for MySQL in the list of templates. Then, give it a logical name and enter a secure root password.


After yours is configured similar, you can go ahead and click “Create.” You’ll be redirected to the containers status page, where you’ll be able to see the MySQL container running. By clicking on the container’s name, you can enter its specific administration area, where you can view logs, connect to the container via a console, restart the container, kill it, remove it, and more.

Was this answer helpful? 0 Users Found This Useful (0 Votes)