Deployment Overview of Akaunting on Server¶

Prerequisites and Basic Requirements¶

To successfully deploy Akaunting on the server, the following requirements must be met:

Operating System: Linux distribution compatible with Ansible and Docker.
Privileges: Root or sudo access is required to configure the firewall, install services, and manage system files.
Domain Configuration: A valid domain name must be configured to point to the server's IP address.
Ports: The following TCP ports must be open and accessible:
Port 22 for SSH access.
Port 80 for HTTP traffic and SSL certificate validation.
Port 443 for HTTPS traffic.
Software Dependencies: Docker and Docker Compose must be installed to run the application containers.

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

The deployment utilizes the following directory structure for configuration, data, and certificates:

The application is deployed using Docker containers based on the official Akaunting repository.

Repository Source: https://github.com/akaunting/docker.git
Installation Location: The application files and Docker configuration are located in /opt/akaunting.
PHP Version: The environment is configured to use PHP version 8.3.

Security is enforced through the Uncomplicated Firewall (UFW) and user privileges.

Firewall Rules: UFW is enabled and configured to allow traffic only on specific ports:
Port 22 (SSH)
Port 80 (HTTP)
Port 443 (HTTPS)
All other incoming connections are blocked by default.

The application uses a MySQL database with the following configuration:

Database Name: akaunting_db
Database User: akaunting_user
Database Password: Configured via the system's SSH password variable.
Connection Method: The application connects to the database service running within the Docker network.

The application runs inside Docker containers managed via the installation script in /opt/akaunting.

The container exposes the application on port 8080 internally.
The deployment utilizes the official Akaunting Docker image from the GitHub repository.

Nginx acts as the reverse proxy and SSL terminator for the application.

Configuration File: /etc/nginx/sites-available/akaunting
HTTP Handling:
Listens on port 80.
Handles ACME challenges for Let's Encrypt at /.well-known/acme-challenge/.
Redirects all HTTP traffic to HTTPS (301 redirect).
HTTPS Handling:
Listens on port 443 with SSL enabled.
Uses TLSv1.2 and TLSv1.3 protocols.
Proxies requests to the Akaunting container at http://127.0.0.1:8080.
SSL Certificates: Managed by Let's Encrypt and stored in /etc/letsencrypt/live/.
Proxy Headers: Nginx forwards the following headers to the backend:
Host
X-Real-IP
X-Forwarded-For
X-Forwarded-Proto
X-Forwarded-Host

The following ports are available for external and internal connections:

Port 22: SSH access for server administration.
Port 80: HTTP (redirects to HTTPS).
Port 443: HTTPS (secure access to the Akaunting web interface).
Port 8080: Internal port used by the Akaunting Docker container (not exposed externally).

Service management is handled through Docker commands targeting the containers defined in /opt/akaunting.

Start: Use docker compose up -d within the /opt/akaunting directory.
Stop: Use docker compose down within the /opt/akaunting directory.
Update: Pull the latest images using docker compose pull and restart the services with docker compose up -d.
Nginx Reload: After configuration changes, reload Nginx using nginx -s reload.