Skip to content

Deployment Overview of Akaunting on Server

Prerequisites and Basic Requirements

Before deploying Akaunting, ensure the server meets the following requirements:

  • Operating System: Linux distribution compatible with APT package manager (e.g., Ubuntu, Debian).

  • Privileges: Root or sudo access to execute commands.

  • Domain Configuration: A domain pointing to the server IP address.

  • Ports: Ports 80 (HTTP), 443 (HTTPS), and 22 (SSH) must be accessible.

  • Docker Engine: Required for running Akaunting containers.

  • Nginx: Used as a reverse proxy and SSL terminator.

  • Certbot: Required for obtaining and managing SSL certificates.

FQDN of the Final Panel

The fully qualified domain name (FQDN) for accessing the Akaunting panel follows the format:

  • akaunting<Server ID>.hostkey.in

The application is accessible via HTTPS on port 443 and redirects all HTTP traffic on port 80.

File and Directory Structure

The application files, configurations, and data are organized as follows:

  • Installation Directory: /opt/akaunting

  • Database Environment File: /opt/akaunting/env/db.env

  • Application Environment File: /opt/akaunting/env/run.env

  • Nginx Configuration: /etc/nginx/sites-available/akaunting

  • Certbot Directories:

  • Configuration: /opt/akaunting/data/certbot/conf

  • Webroot: /opt/akaunting/data/certbot/www

  • SSL Certificates: /etc/letsencrypt/live/akaunting<Server ID>.hostkey.in/

Application Installation Process

Akaunting is deployed using Docker Compose from the official repository:

  • Repository: https://github.com/akaunting/docker.git

  • Installation Path: /opt/akaunting

  • PHP Version: 8.3

The deployment process involves:

  1. Cloning the repository into /opt/akaunting.

  2. Creating environment configuration files (db.env and run.env).

  3. Initializing Docker containers via docker-compose up --detach.

  4. Configuring Nginx as a reverse proxy.

  5. Obtaining SSL certificates using Certbot.

  6. Updating the application configuration for production mode with HTTPS.

Access Rights and Security

The firewall is configured using UFW (Uncomplicated Firewall) to restrict access to essential ports only:

  • Port 22 (SSH): Allowed for administrative access.

  • Port 80 (HTTP): Allowed for temporary access during SSL provisioning and redirection.

  • Port 443 (HTTPS): Allowed for secure web traffic.

The firewall is enabled to block all other incoming connections by default.

Databases

Akaunting uses an internal MySQL database managed within the Docker environment:

  • Database Name: akaunting

  • Database User: admin

  • Database Host: akaunting-db

  • Database Port: 3306

  • Database Prefix: asd_

The database is accessible only via the internal Docker network. External direct access is not configured.

Docker Containers and Their Deployment

The application runs as a set of Docker containers orchestrated by Docker Compose:

  • Execution Command: docker-compose up --detach located in /opt/akaunting.

  • Restart Command: docker-compose restart akaunting used after configuration updates.

  • Container Names: Managed automatically by the Compose file, with the main service named akaunting.

The deployment waits 30 seconds after starting services and verifies accessibility on port 8080 before proceeding to the next steps.

Proxy Servers

Nginx is configured as a reverse proxy to handle incoming web traffic and SSL termination:

  • HTTP Server (Port 80):

  • Listens on port 80.

  • Handles ACME challenge requests for Let's Encrypt via the /.well-known/acme-challenge/ directory.

  • Redirects all traffic to HTTPS (301 redirect).

  • HTTPS Server (Port 443):

  • Listens on port 443 with SSL enabled.

  • Uses certificates located at /etc/letsencrypt/live/<domain>/fullchain.pem and privkey.pem.

  • Proxies requests to http://127.0.0.1:8080 (the internal Akaunting container).

  • Sets headers Host, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host.

  • Certbot:

  • Installed via APT with python3-certbot-nginx.

  • Certificates are obtained non-interactively using the Nginx plugin.

Permission Settings

The following permission settings apply to the deployed components:

  • Nginx Configuration Files: Mode 0644, owned by root:root.

  • Certbot Directories: Owned by root:root.

  • Application Environment Files: Owned by the user running the deployment (typically root).

  • SSL Certificates: Managed by Certbot with restricted read permissions for Nginx.

Location of Configuration Files and Data

The primary configuration files are located as follows:

File Path Description
/opt/akaunting/env/db.env MySQL database credentials for the container.
/opt/akaunting/env/run.env Application runtime settings including URL and debug flags.
/etc/nginx/sites-available/akaunting Nginx server block configuration.
/etc/letsencrypt/live/<domain>/ Let's Encrypt SSL certificate files.

Available Ports for Connection

The server exposes the following ports for external access:

  • 22: SSH (Administrative access).

  • 80: HTTP (Redirects to HTTPS).

  • 443: HTTPS (Secure web access to Akaunting).

  • 8080: Internal Akaunting service (accessible only via Nginx proxy).

Starting, Stopping, and Updating

Service management is handled via Docker Compose and Nginx systemd services:

  • Start Akaunting Containers: 

    docker-compose up --detach

  • Restart Akaunting Containers: 

    docker-compose restart akaunting

  • Start Nginx: 

    systemctl start nginx

  • Reload Nginx Configuration: 

    systemctl reload nginx

  • Enable Nginx on Boot: 

    systemctl enable nginx

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×