RHEL BasedRocky Linux

How To Install Portainer on Rocky Linux 10

r00t

Install Portainer on Rocky Linux 10

Container management has become a cornerstone of modern IT infrastructure, yet many system administrators struggle with the complexity of Docker’s command-line interface. Rocky Linux 10, as a robust enterprise-grade operating system, provides an excellent foundation for containerized applications. Portainer emerges as the perfect solution, offering a comprehensive web-based interface that simplifies Docker container management.

This comprehensive guide will walk you through the complete installation process of Portainer on Rocky Linux 10. You’ll learn everything from initial system preparation to advanced configuration techniques. Whether you’re a seasoned system administrator or a DevOps engineer looking to streamline container operations, this tutorial provides the expertise needed to successfully deploy and configure Portainer in your environment.

The installation process involves several critical steps: preparing your Rocky Linux system, installing Docker, deploying Portainer, and securing your container management platform. Each step includes detailed commands, troubleshooting tips, and best practices to ensure a smooth installation experience.

What is Portainer?

Portainer stands as one of the most popular Docker management platforms available today. This powerful web-based interface transforms complex Docker command-line operations into intuitive point-and-click actions. The platform excels at simplifying container lifecycle management, making it accessible to both technical and non-technical team members.

The Community Edition offers robust features for small to medium-sized deployments. These include comprehensive container management, image handling, volume administration, and network configuration tools. Users can monitor resource usage, view real-time logs, and execute commands directly through the web interface.

Portainer Business Edition extends functionality with advanced features like role-based access control, audit logging, and enterprise-grade security controls. Multi-environment support allows administrators to manage multiple Docker hosts from a single interface. The platform integrates seamlessly with existing CI/CD pipelines and monitoring solutions.

Key advantages include reduced learning curve for Docker management, improved operational efficiency, and enhanced team collaboration. Visual representations of container relationships make troubleshooting more intuitive. The platform supports both standalone Docker installations and Docker Swarm clusters, providing scalability for growing infrastructure needs.

Organizations benefit from centralized container management, reducing the time spent on routine administrative tasks. The graphical interface eliminates the need to memorize complex Docker commands, making container management accessible to a broader range of team members. Real-time monitoring capabilities provide immediate insights into container performance and resource utilization.

Prerequisites and System Requirements

Hardware Requirements

Successful Portainer deployment begins with adequate system resources. The minimum hardware specification requires at least one CPU core, though two or more cores deliver significantly better performance. Memory requirements start at 2GB RAM, but 4GB provides optimal performance for most production environments.

Storage considerations include 20GB of available disk space for the operating system, Docker images, and container data. Additional storage may be necessary depending on your specific use cases and the number of containers you plan to manage. Network connectivity remains essential for downloading Docker images and accessing the Portainer web interface.

Production environments benefit from higher specifications. Consider dedicating 4-8GB RAM and multiple CPU cores for environments managing numerous containers. SSD storage improves Docker image pulling and container startup times significantly compared to traditional hard drives.

Software Prerequisites

Rocky Linux 10 installation should be completed with the latest updates applied. A user account with sudo privileges is mandatory for system-level operations. Basic familiarity with Linux command-line operations will help you navigate the installation process more efficiently.

Internet connectivity enables package downloads and Docker image retrieval. Ensure your system can reach external repositories and the Docker Hub registry. If operating behind a corporate firewall, verify that necessary ports and domains are accessible.

Package management tools should function correctly. Test basic DNF operations to confirm repository access. Update the package cache to ensure you’re working with the latest available software versions.

Network and Port Requirements

Portainer requires specific network ports for proper operation. TCP port 9443 serves the HTTPS web interface, providing secure access to the management console. TCP port 8000 facilitates Edge Agent communication in distributed environments, though this may be optional for simple deployments.

Multi-node configurations require TCP port 9001 for Portainer Agent communication. This enables management of remote Docker hosts from the central Portainer instance. Firewall configuration must allow these ports while maintaining security best practices.

SSL/TLS certificate planning should occur early in the process. While Portainer generates self-signed certificates by default, production environments benefit from proper certificates issued by recognized certificate authorities.

Installing Docker on Rocky Linux 10

System Preparation

Begin by updating all system packages to ensure compatibility and security. Execute the following command to refresh package repositories and install updates:

sudo dnf update -y

Install essential dependencies required for Docker installation. The DNF plugins core package provides additional repository management capabilities:

sudo dnf install dnf-plugins-core -y

Remove any existing Docker installations to prevent conflicts. Check for previous Docker packages and remove them completely:

sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine

Verify system architecture compatibility. Docker supports x86_64 architecture, which is standard for most server deployments. Confirm your system meets this requirement:

uname -m

Docker Repository Configuration

Add Docker’s official repository to your system. This ensures you receive updates directly from Docker rather than potentially outdated distribution packages:

sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

The repository configuration enables access to the latest Docker Community Edition packages. Verify the repository addition by listing configured repositories:

sudo dnf repolist

Import Docker’s GPG key to verify package authenticity. This security measure ensures you’re installing genuine Docker packages:

sudo rpm --import https://download.docker.com/linux/centos/gpg

Update the package cache to include the newly added Docker repository:

sudo dnf makecache

Docker Installation Process

Install Docker Community Edition along with essential components. The installation includes the Docker daemon, command-line interface, and container runtime:

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

The installation process downloads approximately 100-200MB of packages depending on dependencies. Monitor the installation for any error messages that might indicate repository or network issues.

Verify the installation by checking installed Docker packages:

rpm -qa | grep docker

Confirm Docker binary availability and version information:

docker --version

Docker Service Configuration

Start the Docker service to enable container operations. The systemctl command manages service states on Rocky Linux:

sudo systemctl start docker

Enable Docker to start automatically at system boot. This ensures container services remain available after system restarts:

sudo systemctl enable docker

Verify Docker service status to confirm successful startup:

sudo systemctl status docker

Configure non-root user access to Docker. Add your user account to the docker group to eliminate the need for sudo with Docker commands:

sudo usermod -aG docker $USER

Log out and log back in for group membership changes to take effect. Alternatively, use the newgrp command:

newgrp docker

Test Docker functionality with a simple container run:

docker run hello-world

Installing Portainer on Rocky Linux 10

Creating Docker Volume for Persistent Storage

Docker volumes provide persistent storage for container data, ensuring information survives container restarts and updates. Create a dedicated volume for Portainer data:

docker volume create portainer_data

Verify volume creation by listing all Docker volumes:

docker volume ls

Inspect the volume details to understand storage location and configuration:

docker volume inspect portainer_data

Understanding volume management is crucial for backup and maintenance procedures. Volumes store critical Portainer configuration, user accounts, and application settings. Proper volume handling ensures data persistence across Portainer upgrades and system maintenance.

Downloading and Running Portainer Container

Deploy Portainer using Docker’s run command with comprehensive configuration parameters. This single command downloads the Portainer image and starts the container with proper settings:

docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Command parameter explanation enhances understanding:

  • -d: Runs container in detached mode, returning control to the terminal
  • -p 8000:8000: Maps host port 8000 to container port 8000 for Edge Agent communication
  • -p 9443:9443: Maps host port 9443 to container port 9443 for web interface access
  • --name=portainer: Assigns a friendly name to the container for easy management
  • --restart=always: Automatically restarts the container if it stops or after system reboot
  • -v /var/run/docker.sock:/var/run/docker.sock: Mounts Docker socket for container management
  • -v portainer_data:/data: Mounts persistent volume for data storage

Alternative installation using Docker Compose provides better configuration management for complex deployments. Create a docker-compose.yml file:

version: '3.8'
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    ports:
      - "8000:8000"
      - "9443:9443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data

volumes:
  portainer_data:

Deploy using Docker Compose:

docker compose up -d

Verifying Installation

Check container status to confirm successful deployment. The following command displays running containers:

docker ps

Look for the Portainer container in the output. The status should show “Up” along with uptime information. Port mappings should match your configuration.

Review container logs for startup messages and potential issues:

docker logs portainer

Successful startup logs indicate server initialization, port binding, and service readiness. Error messages in logs help identify configuration or system issues.

Test port accessibility using network tools:

netstat -tlnp | grep :9443

This command confirms that port 9443 is listening and bound to the Portainer container.

Firewall Configuration

Configure the system firewall to allow Portainer web interface access. Rocky Linux uses firewalld as the default firewall management tool:

sudo firewall-cmd --permanent --add-port=9443/tcp
sudo firewall-cmd --permanent --add-port=8000/tcp
sudo firewall-cmd --reload

Verify firewall rule addition:

sudo firewall-cmd --list-ports

SELinux considerations may affect Docker socket access and port binding. Check SELinux status and adjust policies if necessary:

sestatus

For environments requiring strict SELinux enforcement, create custom policies to allow Portainer operations while maintaining security.

Accessing and Configuring Portainer Web Interface

Initial Web Access

Open your web browser and navigate to the Portainer web interface. Use your server’s IP address or hostname:

https://your-server-ip:9443

The initial connection triggers SSL certificate warnings due to self-signed certificates. Accept the certificate temporarily for initial setup, but plan to implement proper certificates for production use.

Modern browsers display security warnings for self-signed certificates. Click “Advanced” and proceed to the website. Firefox and Chrome handle certificate exceptions differently, so adjust your approach accordingly.

Install Portainer on Rocky Linux 10

Initial page load may take several seconds as Portainer initializes its database and web components. Monitor the browser developer console for any JavaScript errors that might indicate configuration issues.

Creating Administrator Account

The first-time setup wizard guides you through administrator account creation. Choose a strong password meeting security requirements:

  • Minimum 12 characters
  • Combination of uppercase, lowercase, numbers, and special characters
  • Avoid common passwords and dictionary words

Username defaults to “admin” but can be customized during setup. Consider using a less predictable administrator username for enhanced security.

Password recovery options are limited in Community Edition. Document credentials securely and consider implementing backup access methods. Business Edition provides additional account recovery features.

Account creation establishes the foundation for all future Portainer access. This account has full administrative privileges, including user management, system configuration, and container operations.

Environment Configuration

Select the Docker environment connection method. For local installations, choose “Docker” and specify the Docker socket location:

/var/run/docker.sock

Environment validation tests the connection between Portainer and Docker. Successful validation displays Docker version information and confirms socket accessibility.

Connection failures often indicate permission issues or Docker service problems. Verify Docker service status and socket permissions:

sudo systemctl status docker
ls -la /var/run/docker.sock

Advanced environments may require TCP connection configuration for remote Docker hosts. Specify the Docker daemon address and port for remote connections.

Interface Overview and Navigation

The Portainer dashboard provides comprehensive container environment overview. Key sections include:

  • Home dashboard with system statistics
  • Containers section for lifecycle management
  • Images area for registry and local image management
  • Volumes section for storage administration
  • Networks panel for connectivity configuration

Navigation follows logical groupings of related functionality. The left sidebar provides quick access to major sections, while the main content area displays detailed information and management tools.

Container management features include start, stop, restart, and removal operations. Detailed container views show logs, statistics, and configuration information. Interactive terminal access enables direct container troubleshooting.

Security Best Practices and Hardening

Authentication and Access Control

Implement robust password policies to protect administrative access. Change default passwords immediately and establish regular password rotation schedules. Strong authentication prevents unauthorized access to your container infrastructure.

User role management becomes critical in multi-user environments. Portainer Community Edition provides basic user management, while Business Edition offers granular role-based access control. Define user roles based on job responsibilities and access requirements.

LDAP and Active Directory integration centralizes user authentication with existing organizational identity systems. This approach simplifies user management and ensures consistent security policies across infrastructure components.

Session timeout configuration prevents unauthorized access through abandoned browser sessions. Configure appropriate timeout values balancing security and user convenience. Shorter timeouts improve security but may impact user productivity.

Two-factor authentication adds an additional security layer beyond username and password. While not available in Community Edition, Business Edition supports various 2FA methods including TOTP and hardware tokens.

Network Security

HTTPS configuration protects data transmission between browsers and Portainer. Replace self-signed certificates with certificates from recognized certificate authorities for production deployments.

Certificate management involves obtaining, installing, and renewing SSL certificates. Let’s Encrypt provides free certificates suitable for many environments. Corporate environments may require certificates from internal certificate authorities.

Reverse proxy deployment with Nginx or Apache provides additional security features and load balancing capabilities. Reverse proxies can handle SSL termination, request filtering, and access logging.

Example Nginx configuration for Portainer:

server {
    listen 443 ssl;
    server_name portainer.yourdomain.com;
    
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    
    location / {
        proxy_pass https://localhost:9443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Network segmentation isolates container management traffic from other network services. Create dedicated VLANs or subnets for container infrastructure to limit potential security exposure.

VPN access for remote management ensures secure connections from external locations. Configure VPN solutions to provide encrypted tunnels for administrative access while maintaining security controls.

Container Security

Docker daemon security configuration includes several important settings. Disable inter-container communication by default and enable only when necessary. Configure resource limits to prevent resource exhaustion attacks.

Container privilege management follows the principle of least privilege. Run containers with minimal required permissions and avoid privileged containers unless absolutely necessary. User namespace mapping provides additional isolation.

Image security scanning identifies vulnerabilities in container images before deployment. Integrate scanning tools into CI/CD pipelines to catch security issues early in the development process.

Registry security involves using trusted image sources and implementing image signing verification. Private registries provide better control over image distribution and security policies.

Regular security updates and patch management maintain system security over time. Establish procedures for updating Docker, Portainer, and underlying operating system components.

Troubleshooting Common Installation Issues

Docker-Related Issues

Docker service startup failures often stem from configuration problems or resource constraints. Check service logs for specific error messages:

sudo journalctl -u docker.service

Permission denied errors typically indicate incorrect user group membership or socket permissions. Verify docker group membership and socket ownership:

groups $USER
ls -la /var/run/docker.sock

Port conflicts occur when other services occupy Docker’s required ports. Identify conflicting services and resolve port assignments:

sudo netstat -tlnp | grep :2375
sudo netstat -tlnp | grep :2376

Storage driver compatibility issues may arise with certain kernel or filesystem combinations. Review Docker documentation for supported storage drivers and configuration requirements.

Portainer Container Issues

Container startup failures require log analysis to identify root causes. Common issues include port conflicts, volume mounting problems, and resource constraints:

docker logs portainer --details

Port binding conflicts prevent Portainer from starting properly. Identify processes using required ports and resolve conflicts:

sudo lsof -i :9443
sudo lsof -i :8000

Volume mounting problems often relate to permissions or path issues. Verify volume creation and mount point accessibility:

docker volume inspect portainer_data
ls -la /var/lib/docker/volumes/

Memory and resource constraints may prevent container startup in resource-limited environments. Monitor system resources and adjust container resource limits if necessary:

free -h
df -h

Network and Connectivity Issues

Web interface access problems may stem from firewall rules, network configuration, or service binding issues. Systematically verify each component:

sudo firewall-cmd --list-all
ss -tlnp | grep :9443

Firewall blocking connections requires rule verification and correction. Ensure all necessary ports are open and rules are properly applied:

sudo firewall-cmd --permanent --list-ports
sudo firewall-cmd --reload

SELinux policy conflicts may prevent proper operation in enforcing mode. Check SELinux status and review audit logs for denials:

sudo ausearch -m avc -ts recent

SSL certificate issues prevent secure connections to the web interface. Verify certificate validity and configuration:

openssl s_client -connect localhost:9443 -servername localhost

Advanced Configuration and Optimization

Performance Tuning

Resource allocation optimization improves Portainer performance in demanding environments. Monitor container resource usage and adjust limits accordingly:

docker stats portainer

Database tuning for large environments involves optimizing Portainer’s internal database configuration. While limited in Community Edition, proper volume management and storage optimization improve performance.

Storage performance considerations include using SSD storage for Docker volumes and optimizing filesystem choices. XFS and ext4 filesystems generally provide good performance for container workloads.

Monitoring and alerting setup provides proactive notification of performance issues. Integrate Portainer with monitoring solutions like Prometheus and Grafana for comprehensive visibility.

Multi-Node Setup

Portainer Agent installation enables management of remote Docker hosts from a central Portainer instance. Install agents on each remote host:

docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:latest

Agent communication configuration requires network connectivity between Portainer and agent hosts. Configure firewalls to allow communication on port 9001.

Load balancing considerations become important for high-availability deployments. Use load balancers to distribute traffic across multiple Portainer instances.

High availability setup involves deploying multiple Portainer instances with shared storage. This configuration ensures service continuity during maintenance or failures.

Backup and Disaster Recovery

Data backup strategies for Portainer should include volume backups and configuration exports. Regular backups protect against data loss and enable rapid recovery:

docker run --rm -v portainer_data:/data -v $(pwd):/backup alpine tar czf /backup/portainer_backup.tar.gz -C /data .

Container configuration export/import enables migration and disaster recovery. Export configurations before major changes:

docker export portainer > portainer_container_backup.tar

Database backup procedures protect user accounts, settings, and configuration data. Automate backup processes to ensure consistent data protection.

Recovery testing validates backup procedures and ensures rapid restoration capabilities. Regularly test recovery processes in non-production environments.

Congratulations! You have successfully installed Portainer. Thanks for using this tutorial for installing Portainer on your Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Portainer website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button