Skip to content

Deployment Overview of Akaunting on Server

Prerequisites and Basic Requirements

To successfully deploy Akaunting on the server, the following environment requirements must be met:

  • Operating System: Linux distribution compatible with Nginx and Docker.

  • Privileges: Root access or sudo privileges are required to configure the firewall, install services, and manage system files.

  • Domain Configuration: A valid domain name must be pointed to the server's public IP address.

  • Network Ports: The following TCP ports must be accessible:

  • 22: SSH for remote administration.

  • 80: HTTP for initial SSL certificate validation and redirection.

  • 443: HTTPS for secure application access.

Access Rights and Security

The server security is managed using the Uncomplicated Firewall (UFW). The firewall is configured to allow only essential traffic and is enabled by default.

  • Allowed Ports:

  • Port 22 (SSH)

  • Port 80 (HTTP)

  • Port 443 (HTTPS)

  • Firewall State: The UFW service is set to enabled, blocking all other incoming connections by default.

Proxy Servers

Nginx is deployed as a reverse proxy to handle incoming web traffic, manage SSL certificates, and forward requests to the Akaunting application running locally on port 8080.

SSL Certificate Management

The deployment utilizes Let's Encrypt via Certbot for SSL certificate issuance and renewal.

  • Challenge Directory: The ACME challenge files are served from /var/www/certbot.

  • Certificate Paths:

  • Full Chain: /etc/letsencrypt/live/{domain}/fullchain.pem

  • Private Key: /etc/letsencrypt/live/{domain}/privkey.pem

Nginx Configuration

The Nginx configuration consists of two logical server blocks:

  1. HTTP Server (Port 80):

  2. Listens on port 80 for the configured domain.

  3. Serves the /.well-known/acme-challenge/ directory to allow Certbot to validate domain ownership.

  4. Redirects all other requests to HTTPS using a 301 permanent redirect.

  5. HTTPS Server (Port 443):

  6. Listens on port 443 with SSL enabled.

  7. Enforces TLS protocols TLSv1.2 and TLSv1.3.

  8. Uses specific cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256.

  9. Proxies requests to the backend application at http://127.0.0.1:8080.

  10. Sets the following proxy headers to preserve client information:

    • Host

    • X-Real-IP

    • X-Forwarded-For

    • X-Forwarded-Proto

    • X-Forwarded-Host

File and Directory Structure

The following directories and files are utilized by the deployment:

  • Certbot Challenge Root: /var/www/certbot

  • SSL Certificates: /etc/letsencrypt/live/{domain}/

  • Nginx Configuration: Located in the standard Nginx configuration directory, utilizing the templates provided for HTTP and HTTPS handling.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×