On this page
portainer.info
Deploy Portainer for managing Docker environments. It covers the configuration of a custom Docker network and the Portainer service, ensuring effective and secure operation.
ChatGPT has contributed to this document. Therefore, it’s advisable to treat the information here with caution and verify it if necessary.
Let’s break down what this docker-compose.yml file does in detail. This file
is used to configure and deploy services using Docker Compose, specifically
setting up a Portainer instance for managing Docker environments.
Here’s a detailed explanation:
Compose File Metadata
- Filename:
docker-compose.yml - Author: GJS (homelab-alpha)
- Date: Jun 11, 2024
- Description: This file configures a custom Docker network and a Portainer service to manage Docker containers. It includes detailed network settings and service configurations to ensure Portainer runs smoothly and securely.
- RAW Compose File: docker-compose.yml
Networks Configuration
networks:
portainer_net:
internal: false
external: false
name: portainer
driver: bridge
ipam:
driver: default
config:
- subnet: 172.20.1.0/24
ip_range: 172.20.1.0/24
gateway: 172.20.1.1
driver_opts:
com.docker.network.bridge.default_bridge: "false"
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
com.docker.network.bridge.name: "portainer"
com.docker.network.driver.mtu: "1500"
labels:
com.portainer.network.description: "is an isolated network."
- networks: This section defines a custom network named
portainer_net. - internal: false: The network is accessible externally.
- external: false: The network is not an externally defined one but created
within this
docker-composefile. - name: portainer: Specifies the name of the network.
- driver: bridge: Uses the bridge driver to create an isolated network.
- ipam: Configures IP address management for the network.
- subnet: Defines the subnet for the network.
- ip_range: Restricts the IP range within the subnet.
- gateway: Sets the gateway for the network.
- driver_opts: Additional options for the network driver.
- default_bridge: “false”: Indicates this is not the default Docker bridge.
- enable_icc: “true”: Enables inter-container communication.
- enable_ip_masquerade: “true”: Allows outbound traffic to appear as if it came from the host.
- host_binding_ipv4: “0.0.0.0”: Binds the bridge to all available IP addresses on the host.
- bridge.name: “portainer”: Names the bridge network.
- mtu: “1500”: Sets the Maximum Transmission Unit size for the network.
- labels: Metadata for the network.
- com.portainer.network.description: A description label for the network.
Services Configuration
services:
portainer_app:
restart: always
logging:
driver: "json-file"
options:
max-size: "1M"
max-file: "2"
container_name: portainer
image: portainer/portainer-ee:latest
pull_policy: if_not_present
volumes:
- /docker/portainer/production/app:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
TZ: Europe/Amsterdam
domainname: portainer.local
hostname: portainer
networks:
portainer_net:
ipv4_address: 172.20.1.2
ports:
- "8000:8000/tcp"
- "8000:8000/udp"
- "9000:9000/tcp"
- "9000:9000/udp"
- "9443:9443/tcp"
- "9443:9443/udp"
security_opt:
- no-new-privileges:true
labels:
com.docker.compose.project: "portainer"
com.portainer.description:
"deploy, configure, troubleshoot and secure containers."
healthcheck:
disable: true
- services: Defines services to be deployed.
- portainer_app: The service name for the Portainer container.
- restart: always: Ensures the container always restarts if it stops or crashes.
- logging: Configures logging for the container.
- driver: “json-file”: Uses JSON file logging driver.
- max-size: “1M”: Limits log file size to 1MB.
- max-file: “2”: Keeps a maximum of 2 log files.
- container_name: portainer: Names the container “portainer”.
- image: portainer/portainer-ee:latest: Uses the latest Portainer image from Docker Hub.
- pull_policy: if_not_present: Pulls the image only if it’s not already present locally.
- volumes: Mounts host directories or files into the container.
- /docker/portainer/production/app:/data: Persists Portainer data.
- /var/run/docker.sock:/var/run/docker.sock: Grants the container access to the Docker socket.
- environment: Sets environment variables.
- TZ: Europe/Amsterdam: Sets the timezone to Amsterdam.
- domainname: portainer.local: Sets the domain name for the container.
- hostname: portainer: Sets the hostname for the container.
- networks: Connects the service to the
portainer_netnetwork.- ipv4_address: 172.20.1.2: Assigns a static IP address to the container.
- ports: Maps host ports to container ports.
- “8000:8000/tcp”: Maps TCP port 8000 on the host to port 8000 in the container.
- “8000:8000/udp”: Maps UDP port 8000 on the host to port 8000 in the container.
- “9000:9000/tcp”: Maps TCP port 9000 on the host to port 9000 in the container.
- “9000:9000/udp”: Maps UDP port 9000 on the host to port 9000 in the container.
- “9443:9443/tcp”: Maps TCP port 9443 on the host to port 9443 in the container.
- “9443:9443/udp”: Maps UDP port 9443 on the host to port 9443 in the container.
- security_opt: Security options for the container.
- no-new-privileges: true: Prevents the container from gaining additional privileges.
- labels: Metadata for the container.
- com.docker.compose.project: “portainer”: Project label.
- com.portainer.description: Description label for Portainer.
- healthcheck: Healthcheck configuration.
- disable: true: Disables health checks for the container.
Conclusion
This docker-compose file sets up a robust Docker environment for running
Portainer, a management UI for Docker. It creates a custom bridge network with
specific IP settings and security configurations. The Portainer service is
configured with persistent storage, access to the Docker socket, and various
network and security options. The configuration ensures that Portainer runs
continuously, restarts on failure, and logs efficiently.
Last updated 01 Sep 2024, 10:22 CEST .