Skip to content

Deployment Overview of LEMP on Server

Prerequisites and Basic Requirements

To successfully deploy the LEMP stack, the server must meet the following criteria:

  • Operating System: Ubuntu

  • Privileges: Root access or sudo privileges are required to install Docker and manage containers.

  • Domain Configuration: The hostkey.in zone is used for internal addressing.

  • Ports:

  • Port 88 is mapped to the internal web service port 80.

  • Port 3306 is exposed for MySQL database access.

  • Port 5432 is exposed for PostgreSQL database access.

  • Port 443 is configured as the external port for secure HTTPS traffic.

FQDN of the Final Panel

The fully qualified domain name (FQDN) for accessing the application is: lamp<Server ID>.hostkey.in:443

Note: Replace <Server ID> with the specific identifier assigned to your server instance.

File and Directory Structure

The deployment creates the following directories to store persistent data and web content:

  • /root/data: Stores database files and persistent application data.

  • /root/webroot: Contains the web server root directory for serving HTML and application assets.

  • /data/nginx: Contains Nginx configuration files and secrets for SSL management (used by the reverse proxy service).

Application Installation Process

The LEMP stack is deployed using Docker containers. The installation process involves:

  • Installing the Docker engine on the host system.

  • Pulling the adhocore/lemp Docker image with version 8.3.

  • Creating a dedicated Docker network named lemp-net.

  • Running the primary application container named lemp-stack with the image adhocore/lemp:8.3.

Access Rights and Security

Security and access control are managed through Docker network isolation and port exposure:

  • The application runs within the lemp-net Docker network, isolating internal traffic.

  • The MySQL root password is configured using the SSH password passed via environment variables during container initialization.

  • Direct database access is restricted to the exposed ports 3306 and 5432 on the host.

  • The Nginx reverse proxy handles external traffic and SSL termination.

Databases

The LEMP stack includes integrated database services accessible via the following configuration:

  • MySQL:

  • Port: 3306

  • Storage Location: Mounted volume at /root/data mapped to /var/lib/mysql.

  • Authentication: Root access requires the SSH password configured in the environment.

  • PostgreSQL:

  • Port: 5432

  • Storage: Handled internally by the container unless additional volumes are mounted.

Docker Containers and Their Deployment

Two primary container services are deployed:

  1. LEMP Stack Container:

  2. Container Name: lemp-stack

  3. Image: adhocore/lemp:8.3

  4. Network: lemp-net

  5. Restart Policy: always

  6. Volume Mounts:

    • /root/data:/var/lib/mysql

    • /root/webroot:/var/www/html

  7. Port Mappings:

    • 88:80

    • 3306:3306

    • 5432:5432

  8. Nginx Reverse Proxy Container:

  9. Image: jonasal/nginx-certbot:latest

  10. Restart Policy: unless-stopped

  11. Network Mode: host

  12. Environment Variables:

  13. Volume Mounts:

    • nginx_secrets:/etc/letsencrypt (External named volume)

    • /data/nginx/user_conf.d:/etc/nginx/user_conf.d

Proxy Servers

The deployment includes an Nginx-based reverse proxy with SSL support:

  • Software: Nginx with Certbot (jonasal/nginx-certbot:latest).

  • SSL/TLS: Managed automatically via Certbot using Let's Encrypt certificates.

  • Configuration:

  • User-defined configurations are stored in /data/nginx/user_conf.d.

  • SSL secrets are stored in the external named volume nginx_secrets mapped to /etc/letsencrypt.

  • Email: Certbot notifications are sent to [email protected].

Permission Settings

The host directories created for data persistence have the following permissions:

  • /root/data:

  • Owner: root

  • Group: root

  • Mode: 0755

  • /root/webroot:

  • Owner: root

  • Group: root

  • Mode: 0755

Location of Configuration Files and Data

  • Web Content: /root/webroot

  • Database Data: /root/data

  • Nginx Configurations: /data/nginx/user_conf.d

  • SSL Certificates: /etc/letsencrypt (inside the Nginx container via volume mount)

  • Nginx Environment File: /data/nginx/nginx-certbot.env

Available Ports for Connection

The following ports are available on the host server for connecting to services: | Port | Service | Description | | :--- | :--- | :--- | | 88 | Nginx (Internal) | HTTP traffic forwarded to the LEMP container. | | 443 | Nginx (External) | HTTPS traffic for the reverse proxy. | | 3306 | MySQL | Database connection for MySQL. | | 5432 | PostgreSQL | Database connection for PostgreSQL. |

Starting, Stopping, and Updating

The containers are managed using standard Docker commands:

  • Start/Restart Containers: 

    docker start lemp-stack
docker restart lemp-stack

  • Stop Containers: 

    docker stop lemp-stack

  • Update Application Image: 

    docker pull adhocore/lemp:8.3
docker rm lemp-stack
docker run -d --name lemp-stack --network lemp-net --restart always \
  -p 88:80 -p 3306:3306 -p 5432:5432 \
  -v /root/data:/var/lib/mysql \
  -v /root/webroot:/var/www/html \
  -e MYSQL_ROOT_PASSWORD=<ssh_password> \
  adhocore/lemp:8.3

  • Manage Nginx Proxy: The Nginx proxy container runs with network_mode: host. To manage it, use Docker commands targeting the container running the jonasal/nginx-certbot image, ensuring the /data/nginx directory is correctly mounted.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×