Skip to main content

Portainer & NPM & Vaultwarden Deployment | Part 3

fossda-portainer.png

Get 20€ in cloud credits to get started with Hetzner on this link.

Overview & Prerequisites

Please check documentation first, then continue with installation bellow.

Introduction

In this part, we will be taking a hands-on approach and walking you through the process of deploying these open-source tools to manage and secure our digital infrastructure. We will start with Portainer, a lightweight management UI for Docker environments, then move on to Nginx Proxy Manager (NPM) a web-based interface for managing proxy hosts, and finally, we will show you how to deploy Vaultwarden, a tool for securely storing and accessing secrets, such as tokens, passwords, and encryption keys.

What is Portainer?

Portainer is a lightweight management UI which allows you to easily manage your Docker environments. It provides a simple and intuitive web-based interface for managing containers, images, networks, and volumes, as well as performing other related tasks. Portainer can be used to manage both local and remote Docker environments, and is compatible with Windows, Linux, and macOS. It also provides a wide range of features such as container orchestration, multi-tenancy, and role-based access control, making it a popular choice among developers and system administrators.

What is NGINX Proxy Manager?

The Nginx proxy manager (NPM) is a reverse proxy management system running on Docker. NPM is based on an Nginx server and provides users with a clean, efficient, and beautiful web interface for easier management.

What is Vaultwarden?

Vaultwarden (formerly Bitwarden_RS) is an unofficial Bitwarden server implementation written in Rust. Vaultwarden is compatible with the official Bitwarden clients, and is ideal for self-hosted deployments where running the official resource-heavy service is undesirable.

Why to use open-source?

There are several reasons why organizations and individuals might choose to use open-source software:

  1. Cost: Open-source software is typically free to use, distribute, and modify, which can save organizations significant costs compared to proprietary software.
  2. Flexibility: Open-source software allows users to tailor the software to their specific needs and requirements, as the source code is available for modification.
  3. Security: Open-source software can be more secure than proprietary software, as the code is open for review and scrutiny by the community. This allows for rapid identification and resolution of security vulnerabilities.
  4. Innovation: The open-source model encourages collaboration and the sharing of ideas, which can lead to faster innovation and the development of new features and functionality.
  5. Transparency: With open-source software, users can see exactly how the software works and what it's doing, which can be important for organizations that need to meet compliance and regulatory requirements.
  6. Community support: Open-source software typically has a large community of users and developers, which can provide valuable support and resources.

Responsibility

Must read this!

It is important to note that if you are new to Docker and are not familiar with its security features and best practices, it is recommended that you first gain a solid understanding of the technology before deploying it in production environments. Docker is a powerful tool that can provide many benefits, but if it is not configured and used correctly, it can also introduce security vulnerabilities.

Here are a few key points to keep in mind when working with Docker:

  1. Use official and trusted images: Only use images from official and trusted sources to minimize the risk of running compromised or malicious code.
  2. Keep your Docker host and containers up-to-date: Make sure to keep your Docker host and containers up-to-date with the latest security updates and patches.
  3. Limit container privileges: Limit the privileges of your containers to the minimum required for their operation to minimize the potential impact of a security breach.
  4. Use network segmentation: Use network segmentation to isolate your containers and restrict access to sensitive data and services.
  5. Monitor and audit your container environment: Regularly monitor and audit your container environment to detect and respond to security incidents.

If you're interested in learning more about how Webnestify can help you with securing your Linux machine, Docker and other services, please don't hesitate to contact me. Visit Webnestify website.

Installation

Follow along the video and find all commands in this documentation.

Video Walkthrough

Secure your server!

Docker Engine Installation

Make sure to install latest Docker Engine packages. For more information, please see official docker website.

  1. Set up the repository:
sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
  1. Add Docker’s official GPG key:
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  1. Use the following command to set up the repository:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  1. Install Docker services:
sudo apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
  1. Test hello-world image:
sudo docker run hello-world
  1. Add user to Docker group:
sudo usermod -aG docker username

Replace user username with username, you have chosen.

  1. Perform reboot:
sudo reboot

Install Portainer

  1. Paste following command to terminal to create new volume:
docker volume create portainer_data
  1. Install Portainer:
docker run -d -p 8000:8000 -p 9000:9000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
  1. Visit Portainer WebUI on port 9000
  2. Follow along video

Adding VPN Server to Portainer:

  1. Install Portainer agent on VPN server:
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:latest
  1. Follow along video

Install NGINX Proxy Manager

  1. Copy this code to Portainer Stacks:
version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  1. Deploy stack
  2. Configure NPM according to video

Install Vaultwarden

  1. Copy this code to Portainer Stacks:
version: '3'

services:
  vaultwarden:
    restart: always
    container_name: vaultwarden
    image: vaultwarden/server:latest
    volumes:
      - ./vaultwarden/data:/data/
    ports:
      - 8062:80
    environment:
      - SMTP_HOST=
      - SMTP_FROM=
      - SMTP_FROM_NAME=
      - SMTP_SECURITY=starttls
      - SMTP_PORT=587
      - SMTP_USERNAME=
      - SMTP_PASSWORD=
      - SMTP_TIMEOUT=30
      - SMTP_AUTH_MECHANISM="TLS"
      - LOGIN_RATELIMIT_MAX_BURST=10
      - LOGIN_RATELIMIT_SECONDS=60
      - DOMAIN=
      - INVITATION_ORG_NAME=
      - INVITATIONS_ALLOWED=false
      - ADMIN_TOKEN=
      - SIGNUPS_ALLOWED=true
      - SIGNUPS_VERIFY=true
      - SIGNUPS_VERIFY_RESEND_TIME=3600
      - SIGNUPS_VERIFY_RESEND_LIMIT=6
      - EMERGENCY_ACCESS_ALLOWED=true
      - SENDS_ALLOWED=true
      - USE_SYSLOG=true
      - EXTENDED_LOGGING=true
      - WEB_VAULT_ENABLED=true
      - TIME_ZONE="Europe/Bratislava"
  1. Add your values into compose file like in video
  2. Deploy Vaultwarden and follow along tutorial

About Webnestify

Imagine a world where you can focus on your business and less time maintaining your cloud infrastrucure. With Webnestify cloud based solutions, we provide customized solutions for all types of companies to meet their needs; no matter how big or small they may be!

Read our reviews on Trustpilot!

Subscribe to our YouTube channel!

Back to top