Portainer with Traefik as reverse proxy

Hi All!

I have not written a blog post for a while! Many things went by and I had many projects and even a new job. For quite a while I’ve started to become interested in Docker since my new job requires a daily usage.

Personally I use Docker Swarm. It is simple to use, the compose files are easy to read and it’s simple to manage a small cluster for personal projects and applications. I want to go into my setup in another blog post at another date but for now, let’s discuss the latest release of Portainer, a web interface to manage your swarm cluster!

The new Portainer Agents

With it’s latest release, Portainer introduced the agents. The issue until now was that you were not able to get any information from the docker swarm nodes that didn’t have Portainer running – which of you only run one instance. You were restricted to what basically docker service ps <serivce>  told you.

The developers describe the Agent as follow:

The Portainer Agent is a workaround for a Docker API limitation when using the Docker API to manage a Docker environment. The user interactions with specific resources (containers, networks, volumes and images) are limited to those available on the node targeted by the Docker API request.

Docker Swarm mode introduces a concept which is the clustering of Docker nodes. It also adds services, tasks, configs and secrets which are cluster-aware resources. Cluster-aware means that you can query for a list of services or inspect a task inside any node on the cluster, as long as you’re executing the Docker API request on a manager node.

Containers, networks, volumes and images are node specific resources, not cluster-aware. When you, for example, want to list all the volumes available on a node inside your cluster, you will need to send a query to that specific node.

The purpose of the agent aims to allows previously node specific resources to be cluster-aware, all while keeping the Docker API request format. As aforementioned, this means that you only need to execute one Docker API request to retrieve all these resources from every node inside the cluster. In all bringing a better Docker user experience when managing Swarm clusters.

Deploying the Portainer Stack

If you want a nicely secured (with HTTPS) control panel you should use a reverse proxy, especially if you deploy on a docker swarm cluster.  Here is the docker-compose.yml  for the full stack:

version: "3"

    image: portainer/portainer
      - /var/data/portainer:/data
      - traefik_public
      - internal
        - traefik.docker.network=traefik_public
        - traefik.frontend.rule=Host:console.example.com
        - traefik.port=9000
        constraints: [node.role == manager]
    command: -H tcp://tasks.agent:9001 --tlsskipverify

    image: portainer/agent
      - internal
      AGENT_CLUSTER_ADDR: tasks.agent
      - /var/run/docker.sock:/var/run/docker.sock
      mode: global

    external: true
    driver: overlay

You can see that I am using a bind  mount here. I use a gluster in docker setup to have persistent storage between all cluster nodes. Other than that, I hope this file is pretty self explanatory!

Let me know if you have any question!


9 thoughts on “Portainer with Traefik as reverse proxy

  1. I’m getting the following error:
    invalid mount config for type “bind”: bind source path does not exist
    when running portainer with this stack..

    probably because my host does not have

    what would be the best approach to make sure all manager will have this directory created in its system.

    • Schemen says:

      Yes that’s probably because the folder does not exist. If you have multiple hosts, you would need to have a shared file system. An example would be a Gluster Cluster or something simple like a NFS share that all servers have access to.

  2. Jonas says:

    Hey :)
    The docker-compose.yml is missing the traefik service eventhough that’s the point of this blog post, isn’t it ;)

    • Schemen says:

      In this blog post it is assumed (wrongly maybe?) that there is a traefik service already running, if you want though I can extend it with traefik service instructions as well.

      • Madcap says:

        That would be much appreciated, as I have a hard time letting my service stack including Traefik work together with the portainer stack (I keep getting Docker endpoint not reachable in the Portainer portal).

      • developer says:

        please do extend with traefik service instructions.
        or perhaps on a separate post but linked to each other.
        i believe many beginner would benefit from it.


  3. Albert says:

    Hi Great Post. As mentioned by others, it’d be great if you could add the Traefik lines to your docker-compose.yml example :)

Leave a Reply

Your email address will not be published. Required fields are marked *