I got comfortable with Docker CLI fairly quickly. docker ps, docker logs, docker exec — the basics aren't hard. But when I started running eight or ten containers on a server, keeping track of which was which and checking logs for each one became tedious.
Portainer is the web interface that makes Docker management visual. See all containers at a glance, start or stop them with a click, view log streams in the browser, manage volumes and networks, deploy new stacks from a form. It doesn't replace knowing Docker — but it makes routine management noticeably faster.
The 5-minute initial password setup window is the thing that catches people on first install. I'll make sure that's clear.
This guide deploys Portainer CE (Community Edition) on Ubuntu 22.04, secured with HTTPS via Nginx and Let's Encrypt.
I run Portainer on Tencent Cloud Lighthouse. It's one of the first things I install on any server where I plan to run multiple Docker containers. Lighthouse has a Docker CE application image — select it when creating your instance and Docker is pre-installed, so you can jump straight to installing Portainer without any Docker setup steps. Lighthouse's OrcaTerm browser terminal and Portainer's web UI together make managing a Docker-based server entirely browser-accessible — useful when you're away from your main development machine and need to restart a container or check logs quickly.
- Key Takeaways
| Feature | What you can do |
|---|---|
| Container management | Start, stop, restart, remove containers |
| Image management | Pull, remove, inspect images |
| Stack deployment | Deploy Docker Compose stacks via UI |
| Log viewer | View container logs in the browser |
| Console access | Web-based terminal into any running container |
| Volume management | Create, browse, and remove volumes |
| Network management | Inspect and manage Docker networks |
| Resource usage | CPU, memory, network stats per container |
| Requirement | Notes |
|---|---|
| Cloud server | Tencent Cloud Lighthouse Ubuntu 22.04 |
| Docker installed | `curl -fsSL https://get.docker.com |
| Domain name | For HTTPS |
ssh ubuntu@YOUR_SERVER_IP
sudo apt update && sudo apt upgrade -y
# Install Docker if not already installed
curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker $USER
newgrp docker
sudo apt install -y nginx
sudo ufw allow ssh
sudo ufw allow 'Nginx Full'
sudo ufw enable
Create the Portainer data volume and start the container:
# Create persistent volume for Portainer data
docker volume create portainer_data
# Run Portainer CE
docker run -d \
--name portainer \
--restart unless-stopped \
-p 8000:8000 \
-p 9443:9443 \
-p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce:latest
Port explanation:
9000: HTTP UI (we'll proxy via Nginx)9443: HTTPS UI (Portainer's built-in SSL, optional)8000: Portainer Agent communication (for remote management)Verify it's running:
docker ps | grep portainer
# Should show portainer container as Up
sudo nano /etc/nginx/sites-available/portainer
server {
listen 80;
server_name portainer.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
sudo ln -s /etc/nginx/sites-available/portainer /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d portainer.yourdomain.com
Visit https://portainer.yourdomain.com.
You have 5 minutes to complete the initial setup (see Gotcha section). Don't navigate away.
You're now in the Portainer dashboard.
Home → local → Containers
Shows all running and stopped containers with:
Click on any container → Logs tab. You can:
Click on container → Console tab → Connect. This opens a web-based terminal — no SSH required. Useful for debugging without leaving your browser.
Images → click any image → Inspect shows the full image configuration, environment variables, exposed ports, and layer sizes.
Volumes → click any volume → Browse (CE has limited browse functionality; most useful for seeing size and creation date).
A "Stack" in Portainer is a Docker Compose deployment.
uptime-kumadocker-compose.yml:version: '3'
services:
uptime-kuma:
image: louislam/uptime-kuma:1
container_name: uptime-kuma
restart: unless-stopped
ports:
- "3001:3001"
volumes:
- uptime-kuma_data:/app/data
volumes:
uptime-kuma_data:
Portainer runs docker compose up -d with your configuration. You can update the stack by editing the compose file in Portainer and clicking Update the stack.
If you have multiple servers and want to manage them all from one Portainer instance, deploy the Portainer Agent on each additional server:
# On the remote server
docker run -d \
--name portainer_agent \
--restart always \
-p 9001:9001 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/lib/docker/volumes:/var/lib/docker/volumes \
portainer/agent:latest
Then in Portainer UI: Environments → Add environment → Agent → enter the remote server's IP and port 9001.
Portainer requires you to set the admin password within 5 minutes of the container first starting. If you don't, Portainer shows this error:
Your Portainer instance timed out for security purposes.
To re-enable your Portainer instance, you will need to restart Portainer.
Fix by restarting the container:
docker restart portainer
Then immediately visit https://portainer.yourdomain.com and complete the admin setup. Don't wait this time.
Portainer has full access to your Docker daemon — anyone who can log into Portainer can run arbitrary containers, mount host filesystems, and effectively get root access to the server.
Recommended security measures:
location / {
allow YOUR_IP;
deny all;
proxy_pass http://127.0.0.1:9000;
# ... other proxy settings
}
| Issue | Likely Cause | Fix |
|---|---|---|
| Connection refused | Service not running or wrong port | Check systemctl status SERVICE and verify firewall rules |
| Permission denied | Wrong file ownership or permissions | Check file ownership with ls -la and use chown/chmod to fix |
| 502 Bad Gateway | Backend service not running | Restart the backend service; check logs with journalctl -u SERVICE |
| SSL certificate error | Certificate expired or domain mismatch | Run sudo certbot renew and verify domain DNS points to server IP |
| Service not starting | Config error or missing dependency | Check logs with journalctl -u SERVICE -n 50 for specific error |
| Out of disk space | Logs or data accumulation | Run df -h to identify usage; clean logs or attach CBS storage |
| High memory usage | Too many processes or memory leak | Check with htop; consider upgrading instance plan if consistently high |
| Firewall blocking traffic | Port not open in UFW or Lighthouse console | Open port in Lighthouse console firewall AND sudo ufw allow PORT |
When should I use Portainer instead of managing Docker directly?
Use Portainer when you want a visual management layer on top of Docker, simplified deployment workflows, or to manage Docker for users who aren't familiar with the CLI.
Is Portainer suitable for production use?
For small to medium deployments, yes. Large-scale production typically uses orchestration platforms like Kubernetes. Portainer is well-suited for individual developers, small teams, and homelab environments.
How do I back up container data?
Back up named volumes (where persistent data lives), not containers themselves. The guide covers volume backup strategies and how to combine application-level backups with Lighthouse snapshots.
What happens if I need to migrate to a different server?
Export your Docker volumes and compose files, provision a new Lighthouse instance with Docker CE image, and restore the data. Container-based deployments are designed to be portable.
docker stats for real-time monitoring, or deploy Netdata or Prometheus + Grafana for historical metrics and alerts. Portainer's web interface also shows per-container resource usage.Set up your Docker management dashboard:
👉 Tencent Cloud Lighthouse — Docker-ready Ubuntu VPS
👉 View current pricing and promotions
👉 Explore all active deals and offers