Deployment Overview of LinuxPatch Appliance on Server¶

Prerequisites and Basic Requirements¶

To deploy the LinuxPatch Appliance, the host server must meet the following requirements:

Operating System: Linux-based distribution compatible with Docker Engine.
Privileges: Root or sudo access is required to execute installation scripts and manage Docker containers.
Domain Configuration: The server must be configured to resolve the hostkey.in domain zone.
Ports: Ports 80 (HTTP) and 443 (HTTPS) must be open and accessible externally to allow the Nginx proxy and Let's Encrypt certificate issuance.

FQDN of the Final Panel¶

Once deployed, the LinuxPatch Appliance panel is accessible via the following Fully Qualified Domain Name (FQDN):

<linuxpatch> <server_id>.hostkey.in:443

The final URL structure follows the format: https://linuxpatch<server_id>.hostkey.in.

File and Directory Structure¶

The application components, configuration files, and data are organized in the following directory locations:

Application Root: /root/linuxpatch
Application Data and Configuration: /root/linuxpatch/data
SSL Certificates (Managed by Nginx/Certbot): /etc/letsencrypt (mounted volume nginx_secrets)
Nginx User Configuration: /data/nginx/user_conf.d/linuxpatch<server_id>.hostkey.in.conf
Environment Variables: /root/linuxpatch/data/.env

Docker Containers and Their Deployment¶

The LinuxPatch Appliance is deployed using Docker Compose. The deployment consists of four primary containers orchestrated via the docker-compose.yml file located in /root/linuxpatch.

Container Components¶

Nginx Proxy:
Image: jonasal/nginx-certbot:latest
Function: Handles SSL termination using Certbot and routes traffic to the application.
Ports: Exposes 80 and 443 on the host.
LinuxPatch Application:
Image: linuxpatch/appliance:latest
Function: The core application logic and web interface.
Command: ./web
Dependencies: Waits for database and Redis health checks before starting.
Database (MySQL):
Image: percona/percona-server:8.0
Function: Stores application data.
Service Name: linuxpatch-db
Cache (Redis):
Image: redis:6
Function: Handles caching and session management.
Service Name: linuxpatch-redis

Docker Volumes¶

The following volumes are utilized for data persistence and configuration:

linuxpatch-mysql-data: Persists MySQL database files.
linuxpatch-redis-data: Persists Redis cache data.
nginx_secrets: Stores Let's Encrypt SSL certificates and keys.
./data:/app/data: Mounts the local application data directory to the container.

Deployment Network¶

All containers operate within a custom bridge network named linuxpatch-app-network.

Proxy Servers¶

The deployment utilizes an Nginx proxy server with integrated Certbot for SSL management.

Proxy Image: jonasal/nginx-certbot:latest
SSL Configuration:
Automatically requests and renews SSL certificates via Let's Encrypt.
Certbot Email: [email protected]
Routing:
The Nginx configuration is located at /data/nginx/user_conf.d/linuxpatch<server_id>.hostkey.in.conf.
Traffic is proxied to the application service using proxy_pass http://linuxpatch-app.
Ports:
HTTP: 80
HTTPS: 443

Databases¶

The application relies on two internal data storage services managed as Docker containers:

Service	Type	Image	Host Reference	Port
Primary Database	MySQL (Percona)	`percona/percona-server:8.0`	`linuxpatch-db`	`3306`
Cache Server	Redis	`redis:6`	`linuxpatch-redis`	`6379`

Database Configuration Details¶

Database Name: linuxpatch (defined in environment variables).
Authentication: Credentials (DB_USERNAME, DB_PASSWORD) are generated dynamically and stored in the .env file.
Connection: The application connects to the database using the internal Docker service name linuxpatch-db.

Starting, Stopping, and Updating¶

Service management is handled through Docker Compose commands executed within the /root/linuxpatch directory.

Start Services:
```
docker compose up -d
```
Stop Services:
```
docker compose stop
```
Restart Services:
```
docker compose restart
```
Update Application Image: Since the linuxpatch-app container is configured with pull_policy: always, running the start command will automatically pull the latest image version:
```
docker compose up -d
```

Access Rights and Security¶

Directory Permissions:
The root application directory /root/linuxpatch is owned by root with mode 0644.
The execution script configure.sh is set to mode 0744.
Data subdirectories (data/certs, data/logs) are created with mode 755.
Firewall Requirements:
External access is restricted to ports 80 and 443.
Internal container communication occurs over the isolated linuxpatch-app-network.
User Credentials:
Administrative credentials are generated automatically during the configuration phase.
The default administrative username follows the format: admin@<hostname>.
Passwords are randomly generated and stored in the data/.env file.

Location of Configuration Files and Data¶

The primary configuration and data files are located as follows:

File / Directory	Purpose	Path
Docker Compose	Container orchestration definition	`/root/linuxpatch/docker-compose.yml`
Configuration Script	Generates environment variables and credentials	`/root/linuxpatch/configure.sh`
Environment Variables	Stores DB credentials, secrets, and app settings	`/root/linuxpatch/data/.env`
Application Logs	Stores runtime logs	`/root/linuxpatch/data/logs`
SSL Certificates (App)	Internal TLS certificates for the app	`/root/linuxpatch/data/certs`
Nginx Config	Custom proxy configuration	`/data/nginx/user_conf.d/linuxpatch<server_id>.hostkey.in.conf`

Available Ports for Connection¶

The following ports are exposed and available for external connection:

Port	Protocol	Description
80	TCP	HTTP (redirects to HTTPS or used for Certbot validation)
443	TCP	HTTPS (Secure access to the LinuxPatch panel)

Internal ports such as 3306 (MySQL) and 6379 (Redis) are not exposed to the host network and are only accessible within the Docker network.