Docker – How to Properly Monitor and Manage Your Containers

Docker is great for application development and deployment. Though, managing multiple containers can become time consuming without the right tools. This article will explore how to effectively monitor and manage your Docker containers using Portainer, while also highlighting equivalent CLI commands for those familiar with the command line and to help build an understanding of what Portainer does, which is simply to give an easier way to visualise the info we can already obtain from related commands.

What is Portainer?

Portainer is a web-based dashboard that simplifies the management of Docker environments. It allows you to easily view, manage, and troubleshoot your containers, images, volumes, and networks through an easy-to-use web interface.

Dashboards are heavily used in the enterprise world for quick visualisation, you can absolutely get all of that information without a nice looking web based UI, but unless you know exactly what you are looking for and how to find it, a dashboard will make that job simpler. It’s also incredibly useful when presenting data to colleagues, management or even clients depending on context.

Installing Portainer

The official documentation provides detailed installation instructions, but generally involves creating a Docker volume for data persistence and then running the portainer/portainer-ce (Community Edition) image. Once running, access Portainer through your browser (typically http://localhost:9443 ) and follow the on-screen prompts to set up an administrator account.

The easiest way to install Portainer and keep it up-to-date: Docker Compose

Installing portainer through Docker Compose means that updates are much easier and you do not need to remember what configuration options were used at the time of the install.

1. This tutorial uses Ubuntu 24.04 but should work on other versions of Linux (including Windows Subsystem for Linux) and assumes you already have docker installed, otherwise, see the following pages for installation instructions based on your OS:
   • Windows: https://docs.docker.com/desktop/setup/install/windows-install/
   • MacOS: https://docs.docker.com/desktop/setup/install/mac-install/
   • Linux CLI (Docker Engine): https://docs.docker.com/engine/install/ <== This is what we use here
   • Linux Desktop Environment (Docker Desktop): https://docs.docker.com/desktop/setup/install/linux/
2. Start by creating a docker-compose.yml file on your machine in a directory of your choice

nano docker-compose.yml

3. Add the following content to the file, then save it

services:
  portainer:
    image: portainer/portainer-ce
    container_name: portainer
    restart: unless-stopped
    ports:
      - 8000:8000
      - 9443:9443
    security_opt:
      - no-new-privileges:true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - portainer_data:/data

volumes:
    portainer_data:
        external: true
        name: portainer_data

• image: We are using the Community Edition of Portainer available from DockerHub
• container_name: This is the container’s name which we will be able to use in our docker commands, for example, “docker logs portainer”
• restart: unless-stopped: We always want the container to automatically start if we reboot the server, unless we had previously stopped it ourselves or if it had already malfunctionned
• no-new-privileges: This prevents processes inside our container to gain additional privileges. In our case, Portainer does not need aditional rights, it simply needs to be able to display information about our containers
• volumes: These allow portainer to
  • Use the local machine’s timezone
  • Communicate with docker to get data from other controllers and manage them
  • And finally, to store its data in a docker volume called “portainer_data“. That way we can update the container and keep all of our changes, new users, etc

4. Create the container using the following commands, running them in the same directory as your docker-compose.yml file

docker volume create portainer_data
docker compose up -d

• docker volume: This creates the portainer_data volume which will store Portainer’s data like users, docker environments (if managing multiple docker machines, etc.)
• docker compose up -d: This launches the “docker compose” stack consisting of a single service, portainer
  • The “-d” flag launches it in detached mode, which means it will run in the background and will not prevent us from using the machine. Without this flag, we would see a live view of Portainer’s logs (which can be useful for troubleshooting, otherwise we can see the same logs using “docker compose logs portainer“

5. Connect to Portainer using the IP of your server (or 127.0.0.1 if running it on your local machine), followed by :9443 for HTTPs (recommended) or :8000 for HTTP
   • If you plan to always use HTTPs (recommended), you can safely remove the mapping for port 8000 and restart your container:
     • Remove the line: “8000:8000” from docker-compose.yml
     • Restart the service using docker compose restart
   • If you get the following error: “Your Portainer instance timed out for security purposes. To re-enable your Portainer instance, you will need to restart Portainer.” run the following command to restart the service
     • docker compose restart
6. Connect your docker environment:
   • Simply click “Get Started” to connect your local Docker environment to Portainer

Updating Portainer

To update Portainer, simply open the location of the docker-compose.yml file and run the following commands:

docker compose pull
docker compose up -d

• Docker compose pull: This will pull the latest image of Portainer from Dockerhub
  • This works since we did not specify an image tag on the “image:” line of our docker-compose.yml file. If we had, it would download that specific version.

Launching Docker Stacks with Portainer directly

Many, myself included, prefer managing docker compose stacks (each stack is a pack of services that are all run from the same docker-compose.yml file) directly on the server (by creating the files manually and launching them using “docker compose up -d“, especially for ones that might have extra files or configurations. A good option is to create a single folder for each stack in a common directory. For example, /home/username/docker/service1

Though if you prefer, similar to how single or multiple services can be deployed using the command “Docker Compose up“, Portainer allows you to deploy single or multi-container applications defined in a docker-compose.yml file from the web interface directly:

1. Upload your docker-compose.yml: In the Portainer UI, navigate to “Stacks” and click “Add stack“
2. Give your stack a name: Enter a name for the stack at the top of the page, lowercase only
3. Select “Web Editor” or “Upload”: Choose “Web Editor” to manually paste your docker-compose.yml file’s contents or “Upload” to upload the entire file to the server.
4. Deploy: Click “Deploy the stack” to launch your application.
   • Some large applications may require some time to properly start, give it some time

Portainer will handle creating the different services defined in your Compose file, making it easy to manage complex applications. See “How to use docker compose and why use it. – Bytiful” for some more information about Docker Compose.

Great ressource for Docker Compose examples

The following Github repository contains multiple great examples of services that can be deployed using Docker Compose, including example files that can be used to test those services. Some of those might need some configurations to be done. Note that we are not affiliated with the owner(s) of that repository, you are responsible for the services that you decide to run on your machine:
https://github.com/Haxxnet/Compose-Examples

For example, to launch Excalidraw, a collaborative whiteboard server, you could simply copy the contents of the docker-compose.yml file available here, paste it in Portainer and launch it (step 2 and 3 of the current section)

Monitoring Containers with Portainer

Viewing Container Logs

Portainer provides a convenient way to view container logs directly from the UI. Simply click the name of the container you want to monitor (from the “Containers” tab from the left menu) and click on “Logs” inside the “Container status” block. This allows you to quickly identify issues and troubleshoot problems.

CLI Equivalent: To view container logs using the command line, use docker logs <container_id_or_name>.

Managing Containers

Portainer offers a range of management options for containers:

• Start/Stop/Restart: Easily start, stop, or restart containers with a single click.
• Resource Monitoring: View real-time resource usage (CPU, memory) for each container.
  • This can be seen by opening a container’s details page, then clicking on “Stats” in the “Container status” section
• Configuration: Access and modify container configurations.
  • Open the container’s details page, then click the “Duplicate/Edit” button at the top of the page
• Shell access: Access a shell inside the container which allows you to browse files, launch commands and configure some services
  • Open the container’s details page then click “Console” in the “Container status” section. The default options should work for most containers
  • Note that some containers need specific commands for this to work, this should be checked on a case-by-case basis

CLI Equivalents:

• docker start <container_id or name>: Starts a stopped container.
• docker stop <container_id or name>: Stops a running container.
• docker restart <container_id or name>: Restarts a container.
• docker exec -it <container_id or name> bash: Provides access to the container’s shell for troubleshooting or debugging.
  • Note that some containers need specific commands for this to work, this should be checked on a case-by-case basis

Further Exploration

• Volumes: Learn about volumes for persistent data storage
• Networking: Understand how containers communicate with each other and the outside world
• Security Best Practices: Implement security measures like using non-root users and regularly scanning for vulnerabilities