Portainer - 如何在 docker-compose.yml 中指定 SSL?
Portainer - how to specify SSL in docker-compose.yml?
我正在尝试将 Portainer 实例部署到 docker 集群。我不确定如何设置正确的标志以启用 SSL。
来自文档:
$ docker run -d -p 443:9000 --name portainer --restart always -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key
https://portainer.readthedocs.io/en/stable/deployment.html
但是如何将其转换为 docker compose yml 文件?
https://composerize.com/ 可以帮助将您的 docker
命令转换为 docker-compose.yml
By default, Portainer’s web interface and API is exposed over HTTP.
This is not secured, it’s recommended to enable SSL in a production
environment.
To do so, you can use the following flags --ssl, --sslcert and
--sslkey:
$ docker run -d -p 443:9000 --name portainer --restart always -v
~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl
--sslcert /certs/portainer.crt --sslkey /certs/portainer.key
You can use the following commands to generate the required files:
$ openssl genrsa -out portainer.key 2048
$ openssl ecparam -genkey -name secp384r1 -out portainer.key
$ openssl req -new -x509 -sha256 -key portainer.key -out portainer.crt -days 3650
Note that Certbot could be used as well to generate a certificate and a key.
作为 , you can use https://composerize.com/ 从 docker
命令生成 docker-compose.yml
。
所以,您的 docker-compose 文件应该是这样的:
version: '3'
services:
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- '443:9000'
volumes:
- '~/local-certs:/certs'
- 'portainer_data:/data'
command:
--ssl
--sslcert /certs/portainer.crt
--sslkey /certs/portainer.key
volumes:
portainer_data:
可能我来晚了一点,但看起来你必须使用 Portainer 的标志来为你的 Portainer 启用 ssl(如 documentation) and composerize.com 中所说,在某处丢失了那部分,所以你应该添加这个给你写:
command:
--ssl
--sslcert /certs/portainer.crt
--sslkey /certs/portainer.key
或完整的撰写文件:
version: 3
services:
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- '443:9000'
volumes:
- '~/local-certs:/certs'
- 'portainer_data:/data'
command:
--ssl
--sslcert /certs/portainer.crt
--sslkey /certs/portainer.key
以下对我有用:
version: '3'
services:
portainer:
image: portainer/portainer-ce
volumes:
- "/local-certs:/certs"
- "portainer_data:/data"
restart: always
ports:
- "9000:9000"
container_name: portainer
command:
- --ssl
- --sslcert
- /certs/wildcard.crt
- --sslkey
- /certs/wildcard.key
我正在尝试将 Portainer 实例部署到 docker 集群。我不确定如何设置正确的标志以启用 SSL。
来自文档:
$ docker run -d -p 443:9000 --name portainer --restart always -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key
https://portainer.readthedocs.io/en/stable/deployment.html
但是如何将其转换为 docker compose yml 文件?
https://composerize.com/ 可以帮助将您的 docker
命令转换为 docker-compose.yml
By default, Portainer’s web interface and API is exposed over HTTP. This is not secured, it’s recommended to enable SSL in a production environment.
To do so, you can use the following flags --ssl, --sslcert and --sslkey:
$ docker run -d -p 443:9000 --name portainer --restart always -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key
You can use the following commands to generate the required files:
$ openssl genrsa -out portainer.key 2048 $ openssl ecparam -genkey -name secp384r1 -out portainer.key $ openssl req -new -x509 -sha256 -key portainer.key -out portainer.crt -days 3650
Note that Certbot could be used as well to generate a certificate and a key.
作为 docker
命令生成 docker-compose.yml
。
所以,您的 docker-compose 文件应该是这样的:
version: '3'
services:
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- '443:9000'
volumes:
- '~/local-certs:/certs'
- 'portainer_data:/data'
command:
--ssl
--sslcert /certs/portainer.crt
--sslkey /certs/portainer.key
volumes:
portainer_data:
可能我来晚了一点,但看起来你必须使用 Portainer 的标志来为你的 Portainer 启用 ssl(如 documentation) and composerize.com 中所说,在某处丢失了那部分,所以你应该添加这个给你写:
command:
--ssl
--sslcert /certs/portainer.crt
--sslkey /certs/portainer.key
或完整的撰写文件:
version: 3
services:
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- '443:9000'
volumes:
- '~/local-certs:/certs'
- 'portainer_data:/data'
command:
--ssl
--sslcert /certs/portainer.crt
--sslkey /certs/portainer.key
以下对我有用:
version: '3'
services:
portainer:
image: portainer/portainer-ce
volumes:
- "/local-certs:/certs"
- "portainer_data:/data"
restart: always
ports:
- "9000:9000"
container_name: portainer
command:
- --ssl
- --sslcert
- /certs/wildcard.crt
- --sslkey
- /certs/wildcard.key