How to force Portainer to use HTTPS and load your SSL certificates

How to force Portainer to use HTTPS and load your SSL certificates

If Portainer is your go-to GUI for Docker and Kubernetes, you should consider adding some extra security to your implementation.

A developer that adds additional security to your implementation.
Image: Christina Morillo/Pexels

Portainer is one of the most powerful and easy to use GUIs for managing Docker and Kubernetes. With this well-designed GUI, you can work with almost every aspect of your container deployments. Portainer smoothes out the rather steep learning curve of Kubernetes, making it much easier for your teams to manage namespaces, networks, pods, entries, Helms, ConfigMaps & Secrets, Volumes, and even the cluster.

WATCH: Hiring Kit: Back-end Developer (Tech Republic Premium)

Over the past few years, I have found Portainer to be an invaluable tool. My go-to method of deploying Portainer is through a Microk8s cluster, which is the easiest method to get Kubernetes support in the web-based GUI; however, when implemented this way, Portainer can be accessed over HTTP or HTTPS and does not use SSL certificates. Fortunately, Portainer makes it easy to enable HTTPS forcing and upload your SSL certificates. I’ll show you how this is done.

Note: When you force HTTPS on Portainer, HTTP access will no longer work. Also, after you force HTTPS, Portainer doesn’t automatically redirect connections from HTTP to HTTPS, so you’ll need to tell anyone accessing Portainer the new address.

Jump to:

What you need to force Portainer to use HTTPS and SSL

You need a running instance of Portainer, an SSL certificate, and a user with administrator privileges. The SSL certificate can be purchased or self-signed. You will need an X.509 certificate and a private key.

How to force HTTPS in Portainer

Log in to your Portainer instance as an admin user, and then click Settings in the left sidebar (Figure A).

Figure A

Portainer's sidebar is where you access the Settings page.
Portainer’s sidebar is where you access the Settings page.

On the resulting page, scroll down to the SSL Certificate section and click the ON/OFF option to Force HTTPS Only until it is in the ON position (Figure B).

Figure B

Forcing HTTPS in Portainer.
Forcing HTTPS in Portainer.

After enabling Forced HTTPS, click Apply Capabilities; once it is saved, you will be kicked out of Portainer. In the address bar of your browser, type the new address of https://SERVER:30779, where SERVER is the IP address or domain of the hosting server.

How to add your SSL certificate to Portainer

You will need two files: the X.509 certificate and your private key. It doesn’t matter if it’s purchased or self-signed keys, but for production environments, I suggest a key purchased from a certificate authority like DigiCert.

After you get your SSL certificates, go back to the Portainer Settings window, scroll down to the SSL Certificate section and click the top Select File button (Figure C) to add your X.509 certificate.

Figure C

Uploading your SSL key files to Portainer.
Uploading your SSL key files to Portainer.

Click the Select File button below and upload your private key file. After selecting both keys, click Apply Changes. You should not be forced out of Portainer; instead, you can select your environment and go to work.

Enable these features for added security

You should probably not use websites or services that do not use HTTPS and SSL. With Portainer, adding these features is so easy that anyone can handle the task. I recommend that you enable these features before deploying the platform to your computers to avoid sending them an email with new instructions to get to the site.

Be sure to read more of my TechRepublic tutorials on Portainer: how to add a new development environment to Portainer, how to add an authenticated Docker Hub registry in Portainer for a more robust development platform, and how to use Helm charts with Portainer.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for the latest tech tips for business professionals from Jack Wallen.

Leave a Reply

Your email address will not be published. Required fields are marked *