# Portainer 

## Description
This docker compose run portainer on docker

## Requierments
### Folder
```bash
sudo mkdir -p /home/docker/portainer/data
```
### Certificats
Copy crt and key files on `/home/docker/certs/`

## Run
```bash
docker compose up -d
```
## Config
By default the lifetime of the password is 8 hours. For modify goto **Settings** -> **Authentication**
The maximum lifetime is 1 year

## Reset admin password
```bash
docker container stop portainer
docker run --rm -v /home/docker/portainer/data:/data portainer/helper-reset-password
...
2024/11/15 21:22:13 Password successfully updated for user: admin
2024/11/15 21:22:13 Use the following password to login: 9fB1`%r50ZVH:(XutQqm#M<_LE387,w2
```

## Apache 
### http-portainer.conf
```
<VirtualHost *:80>
    ServerName portainer.gmotech.net
    ServerAlias portainer
    CustomLog logs/portainer_access_log common
    ErrorLog  logs/portainer_error_log
    # redirect to https
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =portainer [OR]
    RewriteCond %{SERVER_NAME} =portainer.gmotech.net
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
```
### https-portainer.conf
```
##
## SSL Virtual Host Context
##
#  General setup for the virtual host
<VirtualHost *:443>
    ServerName portainer.gmotech.net
    ServerAlias portainer
    CustomLog logs/portainer_access_log common
    ErrorLog  logs/portainer_error_log

# SSL
    SSLEngine on
    SSLHonorCipherOrder on
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder on
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
    # Enable HTTP/2, if available
    Protocols h2 http/1.1
    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"
# certificats
    SSLCertificateFile "/etc/httpd/auth/cert/gmotech.net.crt"
    SSLCertificateKeyFile "/etc/httpd/auth/cert/gmotech.net.key"
    SSLCertificateChainFile "/etc/httpd/auth/cert/gmotechCA.crt"
# proxy
    SSLProxyEngine On
    ProxyPreserveHost On
    ProxyRequests off
    ProxyPass "/" "http://127.0.0.1:9000/"
    ProxyPassReverse "/" "https://127.0.0.1:9000/"
</VirtualHost>
```
## Access
https://portainer.gmotech.net

## Change Session lifetime
To TEST !! (one year)
## Sources
https://omar2cloud.github.io/rasp/psswd/  
https://docs.portainer.io/admin/settings/authentication

### Changelog
### [1.0.1] - 2025-08-23
#### Added
- config behind a proxy or not
---
### [1.0.0] - 2024-11-11
#### Added
- initial version by [GMo](mailto:gilles.mouchet@gmail.com)