Portainer docker container behind Nginx reverse proxy

George Wright

1/17/24, 2:46 PM

I have set up an nginx reverse proxy on an Ubuntu 22.04 server and I have successfully obtained ssl certificate from lets encrypt. The two keys are stored here:

/etc/letsencrypt/live/test.ddns.net/fullchain.pem;
/etc/letsencrypt/live/test.ddns.net/privkey.pem

and in my default nginx config I have two paths helloworld and portainer. Both paths redirects to docker containers.

server {
    listen 80;
    listen [::]:80;
    server_name test.ddns.net;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name test.ddns.net;
    ssl_certificate /etc/letsencrypt/live/test.ddns.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/test.ddns.net/privkey.pem;

    location /helloworld {
        proxy_pass http://localhost:32768;
    }

    location /portainer {
        proxy_pass http://localhost:9000;
    }

The helloworld path works as expected and loads an html page with https protocol (so my ngnix config is correct). But portainer path not. I tried port 9000, port 8000, port 9443. Non of them worked. I get 404 error, or request sent via http while expected https, or other errors. Does anyone by chance has the same setup and is able to help me?

Thanks.

2121

1 + 0

server

nginx

https

reverse-proxy

letsencrypt

Score:2

Ubuntu

Andreas Violaris

1/18/24, 9:50 PM

Regarding the ports you mentioned trying:

Port 8000 is used by Portainer Edge Agent to remotely manage and interact with edge devices and their services. Since you haven't mentioned anything about edge computing, this port is not necessary for your use case.
Port 9000 was used to establish a connection to the Portainer web UI, but is now only available for legacy reasons and it is highly recommended to avoid using it.
Portainer added support for https in mid-2021, making port 9443 the recommended option for secure connections to the Portainer web UI. Therefore, that's the one you should use.

Regarding your Nginx configuration:

You were close enough, but in order for Portainer to work on a subpath (like the one you want), you should add a trailing slash to both location and proxy_pass fields, as shown below:

location /portainer/ {
     proxy_pass https://localhost:9443/;
}

After you restart Nginx using the command sudo systemctl restart nginx, the 404 error should be resolved.

+ 4

Andreas Violaris

1/19/24, 11:42 AM

It was not my intention to imply any oversight on your part regarding the mention of port 9443 in the latter portion of your response. However, my response centers on the use of trailing slashes as a means of resolving the 404 error. Thus, I cannot concur that your statement is "exactly the same". Additionally, I did not assert that port 9000 is inoperable. Nonetheless, as I advised the inquirer to exclusively utilize port 9443, it was essential to provide a comprehensive explanation for the reasons behind the exclusion of the other ports.

Artur Meinild

1/19/24, 11:44 AM

You're right, and I'm sorry - I missed the part about the trailing slash. I've edited your post to highlight this important difference. Actually, I'll remove my answer, since I believe yours are more correct, and mine was merely a qualified guess, which didn't work out. Thanks for pointing out - and upvoted!

Andreas Violaris

1/19/24, 1:18 PM

You are welcome, no problem. Thanks for the upvote!

George Wright

1/19/24, 1:55 PM

It worked! Thank you so much! I've been really struggling with it for days.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Portainer docker container behind Nginx reverse proxy

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.