Running Portainer in a Docker Container with Apache 2.4 mod_proxy and basic auth

Question

Q: How do I configure Apache 2.4 as a reverse proxy for Portainer using Basic Authentication?

Portainer is a UI for managing Docker container. The Portainer documentation has a sample nginx configuration, but unfortunately none for apache.

Answer 1

A: You need to start Portainer with the flag --no-auth and use mod_proxy_wstunnel.

Start Portainer with --no-auth. I use the following Docker Compose File:

portainer:
  image: portainer/portainer
  container_name: "portainer-app"
  privileged: true
  command: --no-auth
  ports:
    - 9000:9000
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /srv/docker/portainer/data:/data
    - /etc/localtime:/etc/localtime:ro
    - /etc/timezone:/etc/timezone:ro
  environment:
    TZ: "Europe/Berlin"

Configure Basic Authentication for your Apache domain. Enable mod_proxy_wstunnel. Add the following to the configuration:

<Location /portainer/>
    ProxyPass http://localhost:9000/
    ProxyPassReverse http://localhost:9000/
    RequestHeader set Connection ""
</Location>
<Location /portainer/api/websocket/>
    RequestHeader set Upgrade $http_upgrade;
    RequestHeader set Connection "upgrade"
    ProxyPass ws://localhost:9000/api/websocket/
</Location>

Answer 2

I have Portainer installed in Docker Swarm with Docker Flow Proxy, all behind Apache.

Following this idea, I was able to successfully configure apache.

<Location /portainer/api/websocket/>
  RewriteEngine On
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
  RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
  RewriteRule /portainer/api/websocket/(.*) ws://192.168.1.190:480/portainer/api/websocket/$1 [P]
</Location>