TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Portainer base

Browse Source
This commit is contained in:
Eduardo David Paredes Vara
2025-12-03 15:53:20 +00:00
parent 55a3f2bfe1
commit 49dc080632
5 changed files with 94 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.env Normal file
View File

@@ -0,0 +1,30 @@
##### Portainer #####
# Por defecto se usa Portainer CE (definido en el docker-compose)
# Si quieres usar Portainer EE, descomenta y ajusta esta línea:
# PORTAINER_IMAGE=portainer/portainer-ee:2.33.5
# Rutas (cámbialas si no quieres /opt/...)
# PORTAINER_SECRET_PATH=/opt/portainer/secrets/portainer
# PORTAINER_DATA_PATH=/opt/portainer/data
# PORTAINER_HTTP_PORT=9000
##### Traefik / dominios #####
# Nombre de la red de Docker que usa Traefik
# TRAEFIK_DOCKER_NETWORK=proxy
# Nombre del entrypoint HTTPS en Traefik
# TRAEFIK_ENTRYPOINT_SECURE=websecure
# Nombre del certresolver de Let's Encrypt
# TRAEFIK_CERTRESOLVER=letsencrypt
# Middleware de autenticación (SSO, etc.)
# TRAEFIK_AUTH_MIDDLEWARE=authentik@docker
# Dominios de ejemplo (cámbialos por los tuyos)
# PORTAINER_DOMAIN=portainer.example.com
# PORTAINER_API_DOMAIN=portainer-api.example.com
# Rangos IP permitidos para la API directa (ej: red VPN + host)
# PORTAINER_API_IP_WHITELIST=10.8.0.0/24,172.18.0.1/32

2
Traefik/stack.env
View File

@@ -2,7 +2,7 @@
TRAEFIK_IMAGE=traefik:v3.1 TRAEFIK_IMAGE=traefik:v3.1
TRAEFIK_LOG_LEVEL=INFO TRAEFIK_LOG_LEVEL=INFO
TRAEFIK_DOCKER_NETWORK=proxy TRAEFIK_DOCKER_NETWORK=proxy
TRAEFIK_ACME_EMAIL=lets.encrypt@thehomelesssherlock.com TRAEFIK_ACME_EMAIL=lets.encrypt@example.com
TRAEFIK_ACME_STORAGE=/letsencrypt/acme.json TRAEFIK_ACME_STORAGE=/letsencrypt/acme.json
TRAEFIK_HTTP_PORT=80 TRAEFIK_HTTP_PORT=80
TRAEFIK_HTTPS_PORT=443 TRAEFIK_HTTPS_PORT=443

7
docker-compose.9443.yml Normal file
View File

@@ -0,0 +1,7 @@
services:
portainer:
ports:
- "9443:9443"
# Si quisieras también el edge:
# - "8000:8000"

55
docker-compose.yml Normal file
View File

@@ -0,0 +1,55 @@
services:
portainer:
image: ${PORTAINER_IMAGE:-portainer/portainer-ce:latest}
container_name: portainer
restart: unless-stopped
env_file:
- .env
volumes:
# Clave de cifrado: misma clave montada en las dos rutas
- ${PORTAINER_SECRET_PATH:-/opt/portainer/secrets/portainer}:/run/secrets/portainer:ro,Z
- ${PORTAINER_SECRET_PATH:-/opt/portainer/secrets/portainer}:/run/portainer/portainer:ro,Z
# Socket de Docker (NO usar :Z aquí)
- /var/run/docker.sock:/var/run/docker.sock:ro
# Datos de Portainer (DB cifrada incluida)
- ${PORTAINER_DATA_PATH:-/opt/portainer/data}:/data:Z
# SELinux: evita bloqueos con docker.sock
security_opt:
- label=disable
networks:
- proxy
labels:
traefik.enable: "true"
traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK:-proxy}"
############################
# 1) UI protegida (ej: SSO)
############################
traefik.http.routers.portainer.rule: "Host(`${PORTAINER_DOMAIN:-portainer.example.com}`)"
traefik.http.routers.portainer.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE:-websecure}"
traefik.http.routers.portainer.tls.certresolver: "${TRAEFIK_CERTRESOLVER:-letsencrypt}"
traefik.http.routers.portainer.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE:-authentik@docker}"
traefik.http.services.portainer.loadbalancer.server.port: "${PORTAINER_HTTP_PORT:-9000}"
#########################################################
# 2) API/App móvil SIN SSO, restringida por IP (ej: VPN)
#########################################################
traefik.http.middlewares.portainer-api-ip.ipwhitelist.sourcerange: "${PORTAINER_API_IP_WHITELIST:-10.8.0.0/24,172.18.0.1/32}"
traefik.http.routers.portainer-direct.rule: "Host(`${PORTAINER_API_DOMAIN:-portainer-api.example.com}`)"
traefik.http.routers.portainer-direct.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE:-websecure}"
traefik.http.routers.portainer-direct.tls.certresolver: "${TRAEFIK_CERTRESOLVER:-letsencrypt}"
traefik.http.routers.portainer-direct.middlewares: "portainer-api-ip"
traefik.http.routers.portainer-direct.service: "portainer"
traefik.http.routers.portainer-direct.priority: "100"
networks:
proxy:
external: true

2
ruleta/docker-compose.yml
View File

@@ -22,7 +22,7 @@ services:
# --------------------------- # ---------------------------
# 1) Router EXISTENTE (subdominio) # 1) Router EXISTENTE (subdominio)
# https://ruleta.thehomelesssherlock.com # https://ruleta.example.com
# --------------------------- # ---------------------------
traefik.http.routers.ruleta-sub.rule: "Host(`${RULETA_SUBDOMAIN}`)" traefik.http.routers.ruleta-sub.rule: "Host(`${RULETA_SUBDOMAIN}`)"
traefik.http.routers.ruleta-sub.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}" traefik.http.routers.ruleta-sub.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"