CLI configuration options

--admin-password

Specifies a bcrypt hashed password for the admin user. This can only be used when first creating the admin user (such as during installation) and not to change the admin user's password after installation.

--admin-password-file

Specifies the path to the file containing the password for the admin user. This can only be used when first creating the admin user (such as during installation) and not to change the admin user's password after installation.

--base-url

Specifies the path that Portainer is running under if you are running Portainer within a subpath behind a reverse proxy (for example use --base-url /portainer if you are running Portainer at https://yourdomain/portainer). Defaults to /. Note: when using this option you will still need to ensure your reverse proxy configuration will strip the specified subpath.

--bind

-p

Specifies the address and port from which to serve Portainer (default: :9000).

--bind-https

Specifies the address and port from which to serve Portainer via HTTPS (default: :9443).

--data

-d

Specifes the directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows).

--edge-compute

Automatically enables Edge Compute features.

--hide-label

-l

Hides containers with a specific label in the UI.

--http-disabled

Serve Portainer only on HTTPS. Overrides --http-enabled. Ensure your HTTPS configuration is fully working and any agents are configured for HTTPS before enabling this.

--http-enabled

Serve Portainer on HTTP. If used in combination with --http-disabled, this is ignored.

--host

-H

Specifies the Docker daemon endpoint.

--license-key

Specifies the license key to use. Only applicable to Portainer Business Edition.

--log-level

Set the log level of the Portainer application, for example --log-level DEBUG. This is useful when troubleshooting.

--log-mode

Set the formatting for the Portainer log output, for example --log-mode NOCOLOR. Options are: PRETTY (default), NOCOLOR (disables color codes), JSON (JSON-formatted logs).

--logo

Specifies the URL to the image to be displayed as a logo in the UI. If not specified, the Portainer logo is used instead.

--mtlscacert

Specifies the path to the certificate authority (CA) certificate used for mTLS communication. (BE only)

--mtlscert

Specifies the path to the certificate used for mTLS communication. (BE only)

--mtlskey

Specifies the path to the certificate key used for mTLS communication. (BE only)

--snapshot-interval

Specifies the time interval between two environment snapshot jobs expressed as a string. For example 30s, 5m, 1h… Supported by the time.ParseDuration method (default: 5m).

--sslcacert

--sslcert

Specifies the path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt on Linux, C:\certs\portainer.crt on Windows).

--sslkey

Specifies the path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key on Linux, C:\certs\portainer.key on Windows).

--syslog-*

--templates

-t

Specifies the URL to the templates (apps) definitions.

--tlscacert

Specifies the path to the CA used for Docker daemon connections (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows).

--tlscert

Specifies the path to the TLS certificate file used for Docker daemon connections (default: /certs/cert.pem, C:\certs\cert.pem on Windows).

--tlskey

Specifies the path to the TLS key used for Docker daemon connections (default: /certs/key.pem, C:\certs\key.pem on Windows).

--tlsverify

TLS support (default: false).

--tlsskipverify

Disable TLS server verification.

--tunnel-addr

Specifies the tunnel address to listen on for use with the Edge Agent. Defaults to 0.0.0.0 (all interfaces).

--tunnel-port

Specifies an alternate tunnel port to use with the Edge Agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge Agent communicate on port 8001.

--version

Display the version of Portainer.