What Portainer Does
- Container Management: Start, stop, restart, remove, and inspect containers with a click
- Image Management: Pull, push, build, and manage Docker images
- Stack Deployment: Deploy Docker Compose stacks from the UI, Git repos, or templates
- Network Management: Create and manage Docker networks and volume configurations
- Log Viewing: Real-time container log streaming with search and filtering
- Console Access: Interactive terminal into any running container
- Resource Monitoring: CPU, memory, and network usage per container
- Multi-Environment: Manage multiple Docker hosts and Kubernetes clusters from one UI
- User Management: Teams, roles, and access control for shared environments
- App Templates: One-click deployment of 100+ popular applications
Architecture
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Web UI │────▶│ Portainer │────▶│ Docker API │
│ (Angular) │ │ Server (Go) │ │ (Socket) │
└──────────────┘ └──────────────┘ └──────────────┘
┌──────────────┐
│ K8s API │
│ (Optional) │
└──────────────┘Installation
Docker Standalone
docker volume create portainer_data
docker run -d
-p 9443:9443
-p 8000:8000
--name portainer
--restart=always
-v /var/run/docker.sock:/var/run/docker.sock
-v portainer_data:/data
portainer/portainer-ce:latestDocker Swarm
docker service create
--name portainer
--publish 9443:9443
--publish 8000:8000
--replicas=1
--constraint 'node.role == manager'
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock
--mount type=volume,src=portainer_data,dst=/data
portainer/portainer-ce:latestKubernetes
kubectl apply -n portainer -f https://downloads.portainer.io/ce2-21/portainer.yamlKey Features
Stack Management
Deploy Docker Compose stacks directly from the UI:
# Paste or upload your docker-compose.yml
services:
web:
image: nginx:alpine
ports:
- "80:80"
db:
image: postgres:16
environment:
POSTGRES_PASSWORD: exampleOr deploy from a Git repository — Portainer pulls and deploys automatically, with optional webhook for CI/CD.
App Templates
One-click deployment for popular apps:
- WordPress, Ghost, Drupal
- PostgreSQL, MySQL, Redis, MongoDB
- Grafana, Prometheus, InfluxDB
- Nginx, Traefik, Caddy
- And 100+ more community templates
Edge Computing
Portainer Edge Agent enables managing remote Docker hosts behind firewalls:
- Outbound-only connection (no inbound ports needed)
- Manage edge devices, IoT gateways, and remote servers
- Centralized control of distributed infrastructure
RBAC & Teams
- Admin: Full control over all resources
- Standard User: Access to assigned environments and stacks
- Read-only User: View resources without modification
- Team-based: Group users into teams with shared access policies
Portainer vs Alternatives
| Feature | Portainer | Rancher | Docker Desktop | Lazydocker |
|---|---|---|---|---|
| Open Source | Yes (CE) | Yes | Partial | Yes |
| Web UI | Yes | Yes | Desktop app | Terminal UI |
| Docker | Yes | Yes | Yes | Yes |
| Kubernetes | Yes | Yes | Limited | No |
| Multi-host | Yes | Yes | No | No |
| RBAC | Yes | Yes | No | No |
| Remote mgmt | Edge Agent | Yes | No | No |
常见问题
Q: Portainer CE 和 Portainer BE 有什么区别? A: CE(Community Edition)免费开源,包含核心容器管理功能。BE(Business Edition)增加了 RBAC 增强、注册管理、GitOps 自动更新等企业功能。小团队和个人用 CE 足够。
Q: 暴露 Docker Socket 安全吗? A: 挂载 Docker Socket 给予 Portainer 完整的 Docker 控制权限。建议:使用 HTTPS(默认 9443 端口)、设置强密码、限制网络访问、考虑使用 Docker Socket Proxy(如 Tecnativa/docker-socket-proxy)限制 API 调用。
Q: 可以同时管理多台服务器吗? A: 可以。在每台远程服务器安装 Portainer Agent,然后在主 Portainer 中添加远程环境。Edge Agent 还支持管理防火墙后的服务器。
来源与致谢
- GitHub: portainer/portainer — 37.1K+ ⭐ | zlib
- 官网: portainer.io