TheHomelessSherlock/Portainer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

portainer wrn fix

Browse Source
This commit is contained in:
Eduardo David Paredes Vara
2026-02-17 09:16:59 +00:00
parent f29208cfa2
commit f22842052a
1 changed files with 20 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docker-compose.yml
View File

@@ -1,24 +1,15 @@
services: services:
portainer: portainer:
image: ${PORTAINER_IMAGE:-portainer/portainer-ce:latest} image: portainer/portainer-ee:2.33.7
container_name: portainer container_name: portainer
restart: unless-stopped restart: unless-stopped
env_file:
- .env
volumes: volumes:
# Clave de cifrado: misma clave montada en las dos rutas - /opt/portainer/secrets/portainer:/run/secrets/portainer:ro,Z
- ${PORTAINER_SECRET_PATH:-/opt/portainer/secrets/portainer}:/run/secrets/portainer:ro,Z - /opt/portainer/secrets/portainer:/run/portainer/portainer:ro,Z
- ${PORTAINER_SECRET_PATH:-/opt/portainer/secrets/portainer}:/run/portainer/portainer:ro,Z
# Socket de Docker (NO usar :Z aquí)
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- /opt/portainer/data:/data:Z
# Datos de Portainer (DB cifrada incluida)
- ${PORTAINER_DATA_PATH:-/opt/portainer/data}:/data:Z
# SELinux: evita bloqueos con docker.sock
security_opt: security_opt:
- label=disable - label=disable
@@ -26,28 +17,24 @@ services:
- proxy - proxy
labels: labels:
traefik.enable: "true" - "traefik.enable=true"
traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK:-proxy}" - "traefik.docker.network=proxy"
############################ # 1) UI protegida Authentik
# 1) UI protegida (ej: SSO) - "traefik.http.routers.portainer.rule=Host(`portainer.thehomelesssherlock.com`)"
############################ - "traefik.http.routers.portainer.entrypoints=websecure"
traefik.http.routers.portainer.rule: "Host(`${PORTAINER_DOMAIN:-portainer.example.com}`)" - "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
traefik.http.routers.portainer.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE:-websecure}" - "traefik.http.routers.portainer.middlewares=ths-authentik@docker"
traefik.http.routers.portainer.tls.certresolver: "${TRAEFIK_CERTRESOLVER:-letsencrypt}" - "traefik.http.services.portainer.loadbalancer.server.port=9000"
traefik.http.routers.portainer.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE:-ths-authentik@docker}"
traefik.http.services.portainer.loadbalancer.server.port: "${PORTAINER_HTTP_PORT:-9000}"
######################################################### # 2) API/App móvil SIN Authentik, SOLO por VPN (WireGuard)
# 2) API/App móvil SIN SSO, restringida por IP (ej: VPN) - "traefik.http.middlewares.portainer-api-ip.ipallowlist.sourcerange=10.8.0.0/24,172.18.0.1/32"
######################################################### - "traefik.http.routers.portainer-direct.rule=Host(`portainer-api.thehomelesssherlock.com`)"
traefik.http.middlewares.portainer-api-ip.ipwhitelist.sourcerange: "${PORTAINER_API_IP_WHITELIST:-10.8.0.0/24,172.18.0.1/32}" - "traefik.http.routers.portainer-direct.entrypoints=websecure"
traefik.http.routers.portainer-direct.rule: "Host(`${PORTAINER_API_DOMAIN:-portainer-api.example.com}`)" - "traefik.http.routers.portainer-direct.tls.certresolver=letsencrypt"
traefik.http.routers.portainer-direct.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE:-websecure}" - "traefik.http.routers.portainer-direct.middlewares=portainer-api-ip"
traefik.http.routers.portainer-direct.tls.certresolver: "${TRAEFIK_CERTRESOLVER:-letsencrypt}" - "traefik.http.routers.portainer-direct.service=portainer"
traefik.http.routers.portainer-direct.middlewares: "portainer-api-ip" - "traefik.http.routers.portainer-direct.priority=100"
traefik.http.routers.portainer-direct.service: "portainer"
traefik.http.routers.portainer-direct.priority: "100"
networks: networks:
proxy: proxy: