This guide will help you set up a comprehensive Docker-based infrastructure with the following applications:
Before starting, ensure you have:
example.com)First, create a shared network for all applications:
docker network create -d bridge proxy_network
Create the base directory structure:
sudo mkdir -p /opt/docker-apps/{nginx,portainer,prometheus,heimdall}
Nginx Proxy Manager provides an easy way to manage reverse proxies with SSL certificates.
cd /opt/docker-apps/nginx
nano docker-compose.yml
version: "3.8"
services:
nginx-proxy-manager:
image: 'jc21/nginx-proxy-manager:latest'
container_name: nginx-proxy-manager
restart: unless-stopped
ports:
- '80:80' # HTTP
- '443:443' # HTTPS
- '81:81' # Admin interface
networks:
- proxy_network
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
environment:
- DB_SQLITE_FILE=/data/database.sqlite
networks:
proxy_network:
external: true
docker-compose up -d
http://your-server-ip:81Default credentials:
[email protected]changemeImportant: Change these credentials immediately after first login.
After initial setup, create a proxy host to access the admin interface through your domain:
nginx.example.comhttpnginx-proxy-manager81Portainer provides a web-based interface for managing Docker containers.
cd /opt/docker-apps/portainer
nano docker-compose.yml
version: '3.8'
services:
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- portainer_data:/data
ports:
- "9000:9000"
networks:
- proxy_network
volumes:
portainer_data:
networks:
proxy_network:
external: true
docker-compose up -d
http://your-server-ip:9000In Nginx Proxy Manager, create a new Proxy Host:
portainer.example.comhttpportainer9000This section sets up a complete monitoring solution with Prometheus for metrics collection and Grafana for visualization.
sudo mkdir -p /etc/prometheus
sudo nano /etc/prometheus/prometheus.yml
global:
scrape_interval: 15s
evaluation_interval: 15s
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
scrape_configs:
- job_name: 'prometheus'
scrape_interval: 5s
static_configs:
- targets: ['localhost:9090']
- job_name: 'node_exporter'
static_configs:
- targets: ['node_exporter:9100']
- job_name: 'cadvisor'
static_configs:
- targets: ['cadvisor:8080']
cd /opt/docker-apps/prometheus
nano docker-compose.yml
version: '3.8'
services:
prometheus:
image: prom/prometheus:latest
container_name: prometheus
restart: unless-stopped
ports:
- "9090:9090"
volumes:
- /etc/prometheus:/etc/prometheus:ro
- prometheus_data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
networks:
- proxy_network
grafana:
image: grafana/grafana-oss:latest
container_name: grafana
restart: unless-stopped
ports:
- "3000:3000"
volumes:
- grafana_data:/var/lib/grafana
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=admin
- GF_USERS_ALLOW_SIGN_UP=false
networks:
- proxy_network
node_exporter:
image: quay.io/prometheus/node-exporter:latest
container_name: node_exporter
restart: unless-stopped
command:
- '--path.rootfs=/host'
pid: host
volumes:
- '/:/host:ro,rslave'
networks:
- proxy_network
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
container_name: cadvisor
restart: unless-stopped
privileged: true
devices:
- /dev/kmsg:/dev/kmsg
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy_network
volumes:
prometheus_data:
grafana_data:
networks:
proxy_network:
external: true
docker-compose up -d
http://your-server-ip:3000admin / adminhttp://prometheus:9090In Nginx Proxy Manager, create a new Proxy Host:
grafana.example.comhttpgrafana3000Security Note: Do not expose Prometheus directly to the internet. Only expose Grafana through the reverse proxy.
Import these community dashboards for comprehensive monitoring:
18601428214282Heimdall provides a customizable application dashboard for easy access to all your services.
cd /opt/docker-apps/heimdall
nano docker-compose.yml
version: '3.8'
services:
heimdall:
image: lscr.io/linuxserver/heimdall:latest
container_name: heimdall
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York # Adjust to your timezone
volumes:
- heimdall_config:/config
ports:
- "8080:80"
networks:
- proxy_network
volumes:
heimdall_config:
networks:
proxy_network:
external: true
docker-compose up -d
http://your-server-ip:8080In Nginx Proxy Manager, create a new Proxy Host:
apps.example.com or heimdall.example.comhttpheimdall80https://portainer.example.comhttps://grafana.example.comhttps://nginx.example.comUse Let's Encrypt certificates through Nginx Proxy Manager for all public-facing services:
Update all containers regularly:
# In each application directory
docker-compose pull
docker-compose up -d
Backup important data volumes:
./data and ./letsencryptportainer_data volumegrafana_data volumeheimdall_config volumeproxy_network exists and containers are connected# Check container logs
docker logs [container_name]
# Restart a service
docker-compose restart [service_name]
# Check network connectivity
docker network inspect proxy_network
# View resource usage
docker stats
This setup provides a robust foundation for managing containerized applications with monitoring, reverse proxy capabilities, and a centralized dashboard. Each component serves a specific purpose in creating a comprehensive Docker infrastructure management solution.