¶ Setup Differnet Helper Apps
¶ Introduction
We will setup:
- nginx proxy manager: expose services easily and securely - website
- portainer: a centralized service delivery platform for containerized apps - website
- prometheus: monitoring solution - website
- grafana: visualize metrics from prometheus - website
- heimdall: application dashboard - website
¶ Steps
¶ prerequisites:
- a domain name
- a wild card ssl certificate [optional]
- docker and docker-compose installed
- a docker network that will be used by all apps that need to be proxy reversed to with nginx:
docker network create -d bridge proxy_network
¶ Nginx Proxy Manager
- create a folder names nginx and create a docker-compose file
mkdir /datadrive/codes/nginx nano docker-compose.yml - inside docker-compose.yml add these lines:
version: "3" services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports: - '80:80' # Public HTTP Port - '443:443' # Public HTTPS Port - '81:81' # Admin Web Port # - '21:21' # FTP networks: - proxy_network volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt networks: proxy_network: external: true - NPM is now up and runing, visit it with <your machine ip>:81
Default Admin User:Email: [email protected] Password: changeme - Immediately after logging in with this default user you will be asked to modify your details and change your password.
- To close the port 81 (and let only 80 and 443 as open ports for http), we will reverse proxy the NPM admin web app:
- add a new proxy host:
- enter your domain name: nginx.example.com
- scheme : http
- Forward Hostname/IP: nginx container ip address (under network created earlier)
- Forward Port: container port (81 for admin nginx)
- add a new proxy host:
¶ Portainer
- create a folder named portainer and create a docker-compose file
mkdir /datadrive/codes/portainer nano docker-compose.yml - inside docker-compose.yml add these lines:
version: '3' services: portainer: image: portainer/portainer-ce:latest container_name: portainer restart: unless-stopped security_opt: - no-new-privileges:true volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./portainer-data:/data ports: - 9000:9000 networks: - proxy_network networks: proxy_network: external: true - run:
docker-compose up -d
portainer is now up and runing , you can visit it either by <your machine ip>:9000 or you can setup NPM to proxy calls.
- visiting nginx.example.com or <ip>:81 for admin nginx we ui:
- add a new proxy host:
- enter your domain name: portainer.example.com
- scheme : http
- Forward Hostname/IP: portainer container ip address (under network created earlier)
- Forward Port: container port (9000)
- add a new proxy host:
¶ Prometheus/Grafana
- create a folder named prometheus inside /etc/ where we will create a prometheus.yml config file
sudo mkdir /etc/prometheus sudo nano /etc/prometheus/prometheus.yml - inside prometheus.yml add these lines:
3 jobs configured for prometheus:global: scrape_interval: 15s # Attach these labels to any time series or alerts when communicating with # external systems (federation, remote storage, Alertmanager). # external_labels: # monitor: 'codelab-monitor' # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: 'prometheus' # Override the global default and scrape targets from this job every 5 seconds. scrape_interval: 5s static_configs: - targets: ['localhost:9090'] # Example job for node_exporter - job_name: 'node_exporter' static_configs: - targets: ['node_exporter:9100'] # Example job for cadvisor - job_name: 'cadvisor' static_configs: - targets: ['cadvisor:8080']- scraping target every 5s
- node_exporter job link to exporter github
- cadvisor job link to exporter github
- you can add other exporters to prometheus : List
- now inside portainer web ui:
- click stacks and add stack:
- choose a stack name : monitoring for example
- past the following lines inside the web editor text area:
version: '3' volumes: prometheus-data: driver: local grafana-data: driver: local networks: proxy_network: external: true services: prometheus: image: prom/prometheus:latest container_name: prometheus ports: - "9090:9090" volumes: - /etc/prometheus:/etc/prometheus - prometheus-data:/prometheus restart: unless-stopped command: - "--config.file=/etc/prometheus/prometheus.yml" networks: - proxy_network grafana: image: grafana/grafana-oss:latest container_name: grafana ports: - "3000:3000" volumes: - grafana-data:/var/lib/grafana restart: unless-stopped networks: - proxy_network node_exporter: image: quay.io/prometheus/node-exporter:latest container_name: node_exporter command: - '--path.rootfs=/host' pid: host restart: unless-stopped volumes: - '/:/host:ro,rslave' networks: - proxy_network cadvisor: image: google/cadvisor:latest container_name: cadvisor # ports: # - "8080:8080" volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /dev/disk/:/dev/disk:ro devices: - /dev/kmsg restart: unless-stopped networks: - proxy_network - click stacks and add stack:
prometheus and grafana are up and runing , you can visit it either by <your machine ip>:9090 for prometheus and <your machine ip>:3000 for grafana or you can setup NPM to proxy calls.
- note: prometheus is not protected, you should not expose it to public
- visiting nginx.example.com or <ip>:81 for admin nginx we ui:
- add a new proxy host:
- enter your domain name: grafana.example.com
- scheme : http
- Forward Hostname/IP: grafana container ip address (under network created earlier)
- Forward Port: container port (3000)
- default grafana login and password:
admin:admin
- add a new proxy host:
- setup grafana:
- add data source
- create and setup your dashboards or use the community well maintained ones for your different exporters:
- add data source
¶ Heimdall
- create a folder named heimdall then a directory named config inside it
sudo mkdir -p /datadrive/codes/heimdall/config - now inside portainer web ui:
- create a new stack
- choose a stack name : heimdall for example
- past the following lines inside the web editor text area:
version: '3' services: heimdall: image: lscr.io/linuxserver/heimdall container_name: heimdall environment: - PUID=1000 - PGID=1000 - TZ=Europe/Paris volumes: - /datadrive/codes/heimdall/config:/config restart: unless-stopped ports: - 82:80 networks: - proxy_network networks: proxy_network: external: true
heimdall is up and runing , you can visit it either by <your machine ip>:82 or you can setup NPM to proxy calls.
-
visiting nginx.example.com or <ip>:81 for admin nginx we ui:
- add a new proxy host:
- enter your domain name: apps.example.com
- scheme : http
- Forward Hostname/IP: portainer container ip address (under network created earlier)
- Forward Port: container port (80)
- add a new proxy host:
-
setup heimdall:
- add a password to your admin user
- add apps with their names and urls