1. Home
  2. VPS
  3. Tutorials
  4. How to use Docker with Portainer and DirectAdmin without SSH access

How to use Docker with Portainer and DirectAdmin without SSH access

Docker is ideal to quickly setup your development environment or to deliver your application in a server-software wrapped solution. This allows everybody to have the exact same development environment, which is ideal for debugging.

In this article we will explain how to use Docker in combination with DirectAdmin. We assume that Docker already has been installed and is working properly.

Requirements

  • Any Operating System supported by Docker and DirectAdmin works.
  • Apache webserver
  • At least 4 GB of RAM*
  • Admin level access required.
  • SSH root access required (for initial setup).

* Make sure that your server has plenty of RAM. We do not recommend to run Docker without plenty of resources in combination with other services. Although Docker is great, it still requires resources and can make your server unstable should there not be enough resources.

Configure Nginx

If you use Nginx, make sure that you edit the following files:

/etc/nginx/webapps.conf
/etc/nginx/webapps.hostname.conf
/etc/nginx/webapps.ssl.conf

Change the value of

GET|HEAD|POST

to

GET|HEAD|POST|PROPFIND|OPTIONS|PUT|DELETE|MKCOL|COPY|MOVE

and restart Nginx.

Portainer

With our managed hosting services, clients prefer to not have root access to prevent unwanted situations such as interrupting their web applications. Therefore, we will show how you can manage Docker applications with Portainer. However, the instructions shown in this article can also be used to reverse proxy any web service based Docker image.

Configure CSF

If you have installed any Firewall, make sure that you allow traffic to the Docker containers. When you are using CSF, create /etc/csf/csfpre.sh (credits to Jsherz).

echo "[DOCKER] Setting up FW rules."

iptables -N DOCKER

# Masquerade outbound connections from containers
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE

# Accept established connections to the docker containers
iptables -t filter -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Allow docker containers to communicate with themselves & outside world
iptables -t filter -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
iptables -t filter -A FORWARD -i docker0 -o docker0 -j ACCEPT

echo "[DOCKER] Done."

Make the file executable using the following command:

chmod +x /etc/csf/csfpost.sh

And allow traffic to the local IP’s:

csf -a '172.17.0.0/16 #Docker'

We also have to configure Docker to not forward the locally opened ports. Open /etc/docker/daemon.json  and add the following:

{
    "iptables": false,
    "ip-forward": false,
    "ip-masq": false
}

Restart docker. For CentOS:
systemctl restart docker

Installing Portainer

  1. Create a DirectAdmin user. Make sure that the user can have one subdomain that can be used for Portainer only and plenty of traffic for the usage of Portainer. 25 GB should be enough.
  2. Go to Admin level -> Custom HTTPD Configurations -> Click on the domain.tld and put the following in httpd.conf Customization for domain.tld:
    Alias /.well-known "/var/www/html/.well-known"
    
    RewriteEngine On
    # This will enable the Rewrite capabilities
    
    # Redirect http traffic to HTTPs but ignore Let's encrypt requests.
    RewriteCond %{REQUEST_URI} !^/.well-known/(.*)
    RewriteCond %{HTTPS} !=on
    
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    
    # Only proxy non Let's Encrypt requests to the Docker instance.
    ProxyPass /.well-known !
    ProxyPass "/" "http://localhost:9000/" # Make sure that you end with a /
    ProxyPassReverse "/" "http://localhost:9000/" # Make sure that you end with a /
  3. Save the configuration. It might take up to one minute before this configuration works.
  4. Install Portainer using SSH:
    docker run --restart=always -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer

The Apache configuration in step 2 first makes sure that all the traffic (except Let’s Encrypt requests) runs over https. Secondly, it creates a reverse proxy to the Docker container to port 9000 (the default port of Portainer). You can use this code snippet for any Docker instance as Portainer is just a Docker container itself.

In step 4 we launch the Docker container and forward the Docker sock, allowing the container to manage the Docker installation. And with the --restart=always flag we make sure that the instance gets booted when Docker starts.

How to reverse proxy a Docker container in DirectAdmin

Follow the steps in Portainer except for step 4. Keep in mind that port 9000 is already in use for Portainer. For adding the Docker container you can use Portainer now.

Updated on August 30, 2017

Was this article helpful?

Related Articles