Ognir/docker-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Portainer restaurado con usuario 1032 y labels de Traefik v3

Browse Source
This commit is contained in:
Ognir
2026-01-05 14:42:13 +01:00
parent 368f16c6a5
commit e28af4ff1b
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
portainer/docker-compose.yml Normal file → Executable file
View File

@@ -1,4 +1,14 @@
# ==============================================================================
# PORTAINER CE - CONFIGURACIÓN SEGURA PARA OGNIRNAS
# ==============================================================================
# - Usuario: 1032 (docker-manager)
# - Acceso Socket: GID 65538 (Synology Docker Group)
# - Red: services-internal-net
# - Middleware: seguridad-general@file
# ==============================================================================
version: '3.8' version: '3.8'
services: services:
portainer: portainer:
image: portainer/portainer-ce:latest image: portainer/portainer-ce:latest
@@ -6,24 +16,26 @@ services:
restart: always restart: always
user: "1032:100" user: "1032:100"
group_add: group_add:
- "65538" - "65538" # Permite al usuario 1032 leer el socket de root
networks: networks:
- services-internal-net - services-internal-net
# Importante: mantenemos los puertos por si falla el proxy, pero Traefik irá por el 9000 interno # Puertos de emergencia (puedes comentarlos si solo usas Traefik)
ports: ports:
- "8000:8000" - "8000:8000"
- "9443:9443" - "9443:9443"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/configs/portainer:/config
- /volume1/docker/data/portainer:/data - /volume1/docker/data/portainer:/data
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.ognir-server.synology.me`)" - "traefik.http.routers.portainer.rule=Host(`portainer.ognir-server.synology.me`)"
- "traefik.http.routers.portainer.entrypoints=websecure" - "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls=true" - "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=myresolver" # Cambia 'myresolver' por el nombre que tengas en tu Traefik - "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
- "traefik.docker.network=services-internal-net"
- "traefik.http.services.portainer.loadbalancer.server.port=9000" - "traefik.http.services.portainer.loadbalancer.server.port=9000"
# Importante: El middleware que definimos en la config dinámica
- "traefik.http.routers.portainer.middlewares=seguridad-general@file"
networks: networks:
services-internal-net: services-internal-net: