# Deploy Portainer via docker swarm

## Installation Guide

1. Copy the portainer stack on the master node

```bash
curl -L https://downloads.portainer.io/portainer-ee-agent-stack.yml -o portainer-agent-stack.yml
```

2\. Modify the <mark style="color:green;">`portainer-agent-stack.yml`</mark> file with the community edition & remove versions

```bash
# By default
  portainer:
    image: portainer/portainer-ee:<version>
	
# Modify to:
  portainer:
    image: portainer/portainer-ce
```

{% hint style="info" %}
**Note:**

If you have already deployed this it will deploy the EE Database edition that is not compatible with CE

* You will have to delete the portainer data:

#### By Default:

```bash
/var/lib/docker/volumes/portainer_data
```

To avoid this issue modify the volume to be in <mark style="color:purple;">`current working directory`</mark> in <mark style="color:green;">`portainer-agent-stack.yml`</mark>

```yaml
volumes:
      - ./portainer_data:/data
```

{% endhint %}

3\. Deploy the stack

```bash
docker stack deploy -c portainer-agent-stack.yml portainer
```

{% hint style="info" %}
By Default this will install the portainer agent on all the subnodes and should be available on port <mark style="color:orange;">`9000`</mark>
{% endhint %}

4\. Secure with SSL

* Create overlay network

```bash
docker network create --driver overlay portainer
```

* Generate Certificate

```bash
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout portainer.key -out portainer.crt
```

* Create Secrets for Key and CRT

```bash
# Syntax:
# docker secret create <secret_name> <file_name>
docker secret create portainer.cer portainer.crt
docker secret create portainer.key portainer.key
```

* Modify Swarm file

Example:

```yaml
version: '3.2'

services:
  agent:
    image: portainer/agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer-ce
    command: -H tcp://tasks.agent:9001 --tlsskipverify --ssl --sslcert /run/secrets/portainer.cer --sslkey /run/secrets/portainer.key
    ports:
      - "9000:9000"
      - "8000:8000"
    volumes:
      - portainer_data:/data
    networks:
      - agent_network
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
    secrets:
      - portainer.cer
      - portainer.key

networks:
  agent_network:
    driver: overlay
    attachable: true
  portainer:
    external: true

volumes:
  portainer_data:

secrets:
  portainer.cer:
    external: true
  portainer.key:
    external: true
```

* Run deployment again

```bash
docker stack deploy -c portainer-agent-stack.yml portainer
```

## Resources:

* [Official Portainer installation guide](https://docs.portainer.io/v/be-2.12/start/install/server/swarm)
* [Secure Portainer with SSL](https://documentation.portainer.io/v2.0-be/deploy/ssl/)