1. Docker for standalone operation
Container deployment is carried out now, most open source applications support container deployment. Docker CLI and Docker-compose are often used for management in the scenario of a small number of machines, and docker Swarm Swarm will be used for “single-machine management”. After all, K8S is a little bit heavier. If there are more machines, we usually use K8S. In the case of individuals, startups, small teams, we tend to have a small number of virtual machine servers in multiple clouds, at home, on VPS. These servers are running the docker instance while we can also use public network VPN, zerotier through various regional machine form a network, to build a “cluster”, but the reality is not so much bandwidth, thus unable to “load balancing”, so the actual real or independent use restricted to the public network bandwidth is very small, It can only be used independently. We also have some 4G mobile traffic access in EDGE EDGE scenarios. Docker instances are also running on the IoT. Sure, it’s convenient to use the Portainer
2. Use Portainer as the actual steps of Docker instance management platform
2.1 Primary Node -Portainer Server Main control installation
Select a 7×24 hour node with a public IP address to run the Portainer server control
docker run -d -p 8000:8000 -p 9000:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /data/appdata/portainer:/data portainer/portainerCopy the codePort 9000 is the web management interface port. Port 8000 is the Agent access port. These two ports must be enabled by the public IP address firewall
http://Portainer Server Main control public IP address :9000
After setting the password, you need to select the way to Connect to docker. Select the first Local and click Connect to enter the default Home menu. Click the Local Local Docker instance to enter other management
Portainer official installation manual reference
2.2 (Optional) Configuring the HTTPS Nginx Proxy
If you don’t configure HTTPS can skip this section your public IP: http:// 9000 no HTTPS by default security planning a domain such as https://portainer.iamle.com for HTTPS access using nginx as reverse proxy to access http://portainerip:9000 Here is a sample nginx Portainer configuration (which contains the websocket proxy required)
# portainer.iamle.com.conf map $http_upgrade $connection_upgrade { default Upgrade; '' close; } upstream portainer {server 127.0.0.1:9000; } server { listen 80; server_name portainer.iamle.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name portainer.iamle.com; ssl_certificate ssl/iamle.com.cer; ssl_certificate_key ssl/iamle.com.key; #ssl_session_cache shared:SSL:10m; #ssl_session_timeout 10m; #ssl_session_tickets off; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:! aNULL:! MD5:! EXPORT56:! EXP; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Request-Id $request_id; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_read_timeout 60m; proxy_send_timeout 60m; Proxy_http_version 1.1; proxy_pass http://portainer; break; } error_log /data/logs/portainer.iamle.com-error.log; access_log /data/logs/portainer.iamle.com.log access; }Copy the code2.3 Primary Node – Configure an Agent client on the NAT Intranet
Previously, we have configured a Portainer management control node with public IP, so now we access Docker instances running on the Intranet (NAT, IoT), public cloud, VPS and so on to the control node management
A picture is worth a thousand words
Add an Edge AgentEndpoints menu to Portainer Server
Name: user-defined Portainer Server URL: The default Portainer Server IP address (HTTPS can be used without the port number if HTTPS is configured with Nginx) Add endpoint
Appears after adding endpoints
The Standalone agent has two options for deploying the Standalone agent (e.g. Swarm and Swarm). The Standalone agent has two options for deploying the Standalone agent (e.g. Swarm and Swarm). If it can be set so that ports exposed by docker containers deployed in the future can automatically generate urls
2.4 Managed Node – Docker instance client to be managed
Run the command on the managed client terminal (Intranet (NAT, IOT) and public network, as long as it can be connected to our Portainer Server). In this example, there is one Intranet machine whose IP address is 192.168.0.8
docker run -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes -v /:/host --restart always -e EDGE=1 -e EDGE_ID=6ad0f1ff-6fea-4710-97e2-513ef1066fd8 -e CAP_HOST_MANAGEMENT=1 -p 8000:80 -v Portainer_agent_data: / data - the name portainer_edge_agent portainer/agent: 1.5.1Copy the codeEnter the Join token obtained in the previous step and click Submit. Agent Setup OK. You can close this page. Indicates that the Agent is added
Return to the Portainer Server management interface and wait for online
Click iamle-LAN-01 and wait a few seconds
This allows us to manage multiple Docker instances
3. The tips
- If the Agent does not run, restart indefinitely
Portainer is required according to docker logsedgeThe official Github Issue is a good place to check the error information obtained by agent
Latest portainer/agent:1.5.1 Normal on 19 Oct 2019 16:55:01 - If Stacks paste docker-comemess. yml: version 2 cannot be changed to version 2
4. Reference
Portainer Edge Agent released the Portainer Intranet Edge node configuration document PDF
Water management fish release!