Deployment Overview of OpenLiteSpeed Node.js on Server¶
Prerequisites and Basic Requirements¶
The following requirements must be met on the server before or during the deployment process:
-
Operating System: Ubuntu (Debian-based)
-
Privileges: Root access is required for all installation and configuration steps
-
Domain Zone:
hostkey.in -
Required Ports:
-
Internal port:
7080(OpenLiteSpeed WebAdmin) -
External port:
443(HTTPS via Nginx proxy) -
Required Packages:
-
curl,wget,gnupg -
docker-ce,docker-ce-cli,containerd.io,docker-buildx-plugin,docker-compose-plugin -
openlitespeed -
nodejs(Node.js 20.x) -
python3-pexpect(required for administrative tasks)
FQDN of the Final Panel¶
The final administrative panel is accessible via the following FQDN format:
openlitespeed-nodejs<Server ID>.hostkey.in:443
Replace <Server ID> with the actual identifier assigned to the server instance.
File and Directory Structure¶
The deployment utilizes the following directories for configurations, data, and certificates:
-
Nginx Project Directory:
/root/nginx -
Nginx User Configuration:
/data/nginx/user_conf.d -
Docker Data:
-
/var/lib/docker -
/var/lib/containerd -
OpenLiteSpeed Installation:
/usr/local/lsws -
SSL Certificates:
/etc/letsencrypt/live -
Docker Daemon Configuration:
/etc/docker/daemon.json -
Docker Secrets Volume:
nginx_secrets(mapped to/etc/letsencrypt)
Application Installation Process¶
The application stack includes OpenLiteSpeed, Node.js, and a Nginx reverse proxy with Certbot. The installation involves the following steps:
-
OpenLiteSpeed Installation:
-
Add the LiteSpeed repository using the official installer script.
-
Install the
openlitespeedpackage. -
Ensure the
lswsservice is started and enabled. -
Configure the WebAdmin credentials (Username:
admin, Password: defined by variable).
-
-
Node.js Installation:
-
Add the NodeSource repository for Node.js 20.x.
-
Install the
nodejspackage. -
Verify the installation by checking the version.
-
-
Docker Installation:
-
Install required packages (
ca-certificates,curl,gnupg,lsb-release). -
Add the Docker GPG key and repository.
-
Install Docker Engine components (
docker-ce,docker-ce-cli,containerd.io,docker-buildx-plugin,docker-compose-plugin). -
Enable and start
containerdanddockerservices.
-
-
Nginx Proxy Deployment:
-
Create the Nginx project directory at
/root/nginx. -
Generate the Docker Compose configuration file.
-
Deploy the
nginx-certbotstack using Docker Compose.
-
Docker Containers and Their Deployment¶
The deployment utilizes a Docker Compose stack to run the Nginx proxy and Certbot services.
Docker Registry Mirrors: The Docker daemon is configured to use the following mirror:
http://dockerhub.hostkey.ru
Docker Compose Configuration: The stack is defined in /root/nginx/compose.yml and includes:
-
Service:
nginx -
Image:
jonasal/nginx-certbot:latest -
Restart Policy:
unless-stopped -
Network Mode:
host -
Environment Variables:
-
CERTBOT_EMAIL:[email protected] -
Volumes:
-
nginx_secretsmounted to/etc/letsencrypt -
Host path
/data/nginx/user_conf.dmounted to/etc/nginx/user_conf.d
Deployment Command: The stack is launched using the following command from the project directory:
Execution Context:Proxy Servers¶
A Nginx reverse proxy is deployed to handle incoming traffic and manage SSL certificates for the OpenLiteSpeed WebAdmin interface.
Configuration Details:
-
Software: Nginx with Certbot (via
jonasal/nginx-certbotimage) -
Server Name:
<prefix><Server ID>.hostkey.in(e.g.,openlitespeed-nodejs123.hostkey.in) -
Listening Ports:
-
443(SSL/TLS) -
[::]:443(IPv6 SSL/TLS) -
SSL Certificates:
-
Full Chain:
/etc/letsencrypt/live/<prefix><Server ID>.hostkey.in/fullchain.pem -
Private Key:
/etc/letsencrypt/live/<prefix><Server ID>.hostkey.in/privkey.pem -
Trusted Certificate:
/etc/letsencrypt/live/<prefix><Server ID>.hostkey.in/chain.pem -
DH Params:
/etc/letsencrypt/dhparams/dhparam.pem
Proxy Settings: The Nginx server blocks all traffic on port 443 to the internal OpenLiteSpeed instance:
-
Proxy Target:
https://127.0.0.1:7080 -
SSL Verification: Disabled (
proxy_ssl_verify off) -
Headers Preserved:
-
Host,X-Forwarded-Host,X-Forwarded-Server,X-Real-IP,X-Forwarded-For,X-Forwarded-Proto -
WebSockets: Supported via
UpgradeandConnectionheaders mapping. -
Buffering: Disabled (
proxy_buffering off).
Permission Settings¶
The following file and directory permissions are enforced during the deployment:
-
Nginx Project Directory (
/root/nginx): -
Owner:
root:root -
Mode:
0755 -
Docker Compose File (
/root/nginx/compose.yml): -
Owner:
root:root -
Mode:
0644 -
Nginx Vhost Configuration (
/data/nginx/user_conf.d/<prefix><server_id>.hostkey.in.conf): -
Owner:
root:root -
Mode:
0644 -
Docker Daemon Configuration (
/etc/docker/daemon.json): -
Owner:
root:root -
Mode:
0644
Location of Configuration Files and Data¶
Critical configuration files and data locations are as follows:
-
Docker Compose Definition:
/root/nginx/compose.yml -
Nginx Vhost Configuration:
/data/nginx/user_conf.d/openlitespeed-nodejs<Server ID>.hostkey.in.conf -
Nginx Environment File:
/data/nginx/nginx-certbot.env -
Docker Daemon Configuration:
/etc/docker/daemon.json -
OpenLiteSpeed Admin Pass Script:
/usr/local/lsws/admin/misc/admpass.sh -
SSL Certificate Data:
/etc/letsencrypt/live/openlitespeed-nodejs<Server ID>.hostkey.in/
Available Ports for Connection¶
The system exposes the following ports for external and internal communication:
-
Port 443: External access to the Nginx reverse proxy (HTTPS).
-
Port 7080: Internal access to the OpenLiteSpeed WebAdmin interface (localhost only).
Starting, Stopping, and Updating¶
Service Management:
-
Docker Services:
-
Start:
systemctl start dockerandsystemctl start containerd -
Stop:
systemctl stop dockerandsystemctl stop containerd -
Enable:
systemctl enable dockerandsystemctl enable containerd -
OpenLiteSpeed Service:
-
Service Name:
lsws -
Start:
systemctl start lsws -
Stop:
systemctl stop lsws -
Enable:
systemctl enable lsws
Docker Compose Operations:
-
To start the Nginx/Certbot stack:
-
To stop the stack:
-
To update the stack (pull latest images and restart):