If Portainer is your entry-level GUI for Docker and Kubernetes, consider adding a little extra security to the deployment.
Portainer is one of the most powerful and easy-to-use GUIs for managing Docker and Kubernetes. This well-designed GUI lets you work with almost every aspect of your container deployments. Portainer smoothes out the rather steep learning curve of Kubernetes and makes it significantly easier for your teams to manage Namespaces, Networks, Pods, Ingresses, Helm, ConfigMaps & Secrets, Volumes and even the Cluster.
SEE: Hiring Kit: Backend Developer (TechRepublic Premium)
Over the past few years, I’ve found Portainer to be an invaluable tool. My preferred method of deploying Portainer is via a Microk8s cluster, which is the easiest way to integrate Kubernetes support into the web-based GUI. However, when deployed this way, Portainer can be accessed over either HTTP or HTTPS and no SSL certificates are used. Luckily, Portainer makes it easy to enable HTTPS enforcement and upload your SSL certificates. I’ll show you how.
Note: If you force HTTPS in Portainer, HTTP access will stop working. After you force HTTPS, Portainer does not automatically redirect connections from HTTP to HTTPS, so you must inform anyone accessing Portainer of the new address.
What you need to force Portainer to use HTTPS and SSL
You need a running instance of Portainer, an SSL certificate and a user with administrator rights. The SSL certificate can either be purchased or self-signed. You need both an X.509 certificate and a private key.
How to force HTTPS in Portainer
Log in to your Portainer instance as an admin user, then click Settings (Figure A).
On the resulting page, scroll down to the SSL Certificate section and click the ON/OFF option for Force HTTPS only until it is in the ON position (Figure B).
After enabling Forced HTTPS, click Apply Opportunities; Once it’s saved, you’ll be kicked out of Portainer. In the address bar of your browser, enter the new address https://SERVER:30779, where SERVER is either the IP address or the domain of the hosting server.
How to add your SSL certificate to Portainer
You need two files: the X.509 certificate and your private key. It doesn’t matter if the keys are purchased or self-signed, but for production environments I recommend a key purchased from a certificate authority like DigiCert.
After getting your SSL Certificates, go back to the Portainer settings window, scroll down to the SSL Certificate section and click the top Choose File button (Figure C) to add your X.509 certificate.
Click the Choose File button below and upload your private key file. After selecting both keys, click Apply Changes. You shouldn’t be forced out of Portainer; Instead, you can choose your environment and get to work.
Enable these features for extra security
You probably shouldn’t use websites or services that don’t use HTTPS and SSL. With Portainer, adding these features is so easy that anyone can take care of the task. I recommend enabling these features before deploying the platform to your teams so you can avoid emailing them new instructions on how to reach the site.
Be sure to read more of my TechRepublic tutorials on Portainer: How to add a new development environment to Portainer, How to add an authenticated Docker Hub registry in Portainer for a more robust development platform, and How to use Helm charts with Portainer.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for the latest tech advice for business professionals from Jack Wallen.