Rootless Docker - Nginx Reverse-Proxy for Portainer


first, sorry for my bad english.

I will use docker rootless and i’m asking me why i need to specify the ports for portainer like in the tuorial on the following site, because i saw a video (see link below) where nginx reverse-proxy is using the name from docker run command (–name) to make the app available on port 80 (on subdomain).

Nginx Proxy Manager - How-To Installation and Configuration - YouTube see video til ~10:45

Maybe I don’t understand something either, so someone has to explain it to me.

I don 't want to open any port on the (future) server for portainer.
Only the nginx reverse-proxy should forward to the app if i open a subdomain.
If anybody is visiting the domain (not subdomain!) directly (on port 80) he/she will not see anything on that site.

So the server has only opened the port (22) for ssh and for the nginx werbserver (80).

By default, we assume you will be accessing Portainer directly on the ports we open - running behind a nginx proxy is an advanced configuration and not covered by the blog post you linked. For running behind a nginx proxy I suggest you read our documentation guide on exactly this:

Is this compose file config for using it with docker rootless?
And this is the only way to use it?

In my posting i was not detailed or clear enough… i would like to use nginx proxy manager instead of nginx als reverse-proxy.
So how does the compose file config has to looks like?

The compose file assumes you are running Docker as root, so you might need to make some adjustments for rootless usage.

If you want to use an alternative proxy system in front of Portainer you can do so, and I would imagine in most cases you therefore wouldn’t need to expose the ports (assuming the proxy has a way to route traffic to them).

The configuration of the proxy is outside of what we can support.

First, why it’s not noticed in the tutorial that this compose file is for Docker running with root rights only?!

Running Docker as root is insecure, for years!

Second, there should be a compose file for running portainer with Docker rootless too!

That you can not support the config of the proxy is ok too.

The original guide you linked to is a blog post from December 2020, which is when rootless Docker became non-experimental. Our officially supported installation methods can be found in our documentation.

I have made some changes to the reverse proxy guide to make it clearer that it assumes you are running an environment that matches our supported installation methods.

I say you may need to make changes to the compose file as I have not tested it with rootless Docker. It might also work just fine as it is.