Skip to content

Deployment Overview of OpenLiteSpeed Node.js on Server

Prerequisites and Basic Requirements

The deployment requires a Linux server running a Debian-based distribution (e.g., Ubuntu) with the following specifications:

  • Operating System: Debian or Ubuntu.

  • Privileges: Root access or sudo privileges are required to install packages, configure Docker, and manage services.

  • Domain: A valid domain name is required for the FQDN configuration.

  • Ports:

  • Port 443 (HTTPS) for external access via the Nginx proxy.

  • Port 7080 for the internal OpenLiteSpeed WebAdmin interface.

  • Software Dependencies:

  • Docker Engine and Docker Compose plugin.

  • OpenLiteSpeed web server.

  • Node.js version 20.x.

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

  • Format: openlitespeed-nodejs<Server ID>.hostkey.in:443

  • Example: If the Server ID is 123, the address is openlitespeed-nodejs123.hostkey.in.

The system automatically provisions SSL certificates for this domain using Certbot.

File and Directory Structure

The deployment utilizes the following directory structure for configuration files, data storage, and certificates:

  • Docker Configuration: /etc/docker/daemon.json

  • Docker Data Storage:

  • /var/lib/docker

  • /var/lib/containerd

  • Nginx Project Directory: /root/nginx

  • Nginx User Configuration: /data/nginx/user_conf.d

  • SSL Certificates: /etc/letsencrypt/live/openlitespeed-nodejs<Server ID>.hostkey.in

  • OpenLiteSpeed Installation: /usr/local/lsws

Application Installation Process

The installation involves setting up the underlying operating system packages, Docker, and the specific application stack.

  1. Install System Prerequisites: The system installs essential packages including curl, wget, gnupg, ca-certificates, and lsb-release.

  2. Install OpenLiteSpeed:

    • The LiteSpeed repository is added to the system.

    • The openlitespeed package is installed.

    • The lsws service is started and enabled to run on boot.

    • The WebAdmin password is configured using the admpass.sh script with the username admin.

  3. Install Node.js:

    • The NodeSource repository for Node.js 20.x is added.

    • The nodejs package is installed.

  4. Install Docker:

    • The official Docker GPG key and repository are added.

    • The following Docker packages are installed:

    • docker-ce

    • docker-ce-cli

    • containerd.io

    • docker-buildx-plugin

    • docker-compose-plugin

    • The containerd and docker services are started and enabled.

  5. Deploy Nginx and Certbot:

    • A Docker Compose stack is deployed to handle SSL termination and reverse proxying.

    • The stack includes the jonasal/nginx-certbot image.

Access Rights and Security

Security is enforced through the following mechanisms:

  • Firewall: The Nginx proxy listens on port 443 (HTTPS) for external traffic. Internal communication occurs over port 7080 on the localhost interface (127.0.0.1).

  • SSL/TLS: Secure connections are enforced using Let's Encrypt certificates managed by the Certbot container.

  • User Credentials:

  • OpenLiteSpeed WebAdmin:

    • Username: admin

    • Password: Configured during installation (variable password_litespeed_web).

  • Proxy Security:

  • The Nginx configuration disables SSL verification for the upstream connection (proxy_ssl_verify off) to allow communication with the internal OpenLiteSpeed instance.

  • Headers such as X-Forwarded-For, X-Real-IP, and X-Forwarded-Proto are forwarded to preserve client information.

Docker Containers and Their Deployment

The deployment utilizes Docker Compose to manage the Nginx and Certbot services.

  • Compose File Location: /root/nginx/compose.yml

  • Container Image: jonasal/nginx-certbot:latest

  • Network Mode: host

  • Volumes:

  • nginx_secrets (external volume) mounted to /etc/letsencrypt.

  • Host directory /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.

  • Environment Variables:

  • CERTBOT_EMAIL: [email protected]

  • Restart Policy: unless-stopped

The Docker daemon is configured with the following settings in /etc/docker/daemon.json:

Parameter Value
registry-mirrors http://dockerhub.hostkey.ru
storage-driver overlay2 (default) or vfs (if size validation fails)

Proxy Servers

Nginx acts as the reverse proxy and SSL terminator for the OpenLiteSpeed WebAdmin interface.

  • Proxy Server: Nginx (running inside a Docker container).

  • SSL Provider: Certbot (integrated into the Nginx container).

  • Custom Domain: The system is configured for the hostkey.in zone with the prefix openlitespeed-nodejs.

  • Configuration Details:

  • Listen Ports: 443 (IPv4 and IPv6) with SSL.

  • Server Name: openlitespeed-nodejs<Server ID>.hostkey.in.

  • Upstream Target: https://127.0.0.1:7080.

  • SSL Configuration:

    • Certificate: /etc/letsencrypt/live/<FQDN>/fullchain.pem

    • Key: /etc/letsencrypt/live/<FQDN>/privkey.pem

    • Chain: /etc/letsencrypt/live/<FQDN>/chain.pem

    • DH Parameters: /etc/letsencrypt/dhparams/dhparam.pem

Permission Settings

The following permissions are applied to critical directories and files:

  • Nginx Project Directory (/root/nginx):

  • Owner: root

  • Group: root

  • Mode: 0755

  • Docker Compose File (/root/nginx/compose.yml):

  • Owner: root

  • Group: root

  • Mode: 0644

  • Nginx Virtual Host Config (/data/nginx/user_conf.d/<FQDN>.conf):

  • Owner: root

  • Group: root

  • Mode: 0644

  • Docker Daemon Config (/etc/docker/daemon.json):

  • Owner: root

  • Group: root

  • Mode: 0644

Location of Configuration Files and Data

Key configuration files and data locations are as follows:

  • Docker Daemon Configuration: /etc/docker/daemon.json

  • Docker Compose Definition: /root/nginx/compose.yml

  • Nginx Virtual Host Configuration: /data/nginx/user_conf.d/openlitespeed-nodejs<Server ID>.hostkey.in.conf

  • Nginx Environment File: /data/nginx/nginx-certbot.env

  • OpenLiteSpeed Configuration: /usr/local/lsws/conf (standard installation path)

  • SSL Certificates: /etc/letsencrypt/live/openlitespeed-nodejs<Server ID>.hostkey.in

Available Ports for Connection

The following ports are utilized by the deployed application:

Port Protocol Description
443 TCP External HTTPS access via Nginx proxy.
7080 TCP Internal OpenLiteSpeed WebAdmin interface (localhost only).

Starting, Stopping, and Updating

Service management is handled via systemctl for system services and docker compose for containerized components.

  • Manage Docker Services:

  • Start Docker: systemctl start docker

  • Stop Docker: systemctl stop docker

  • Enable Docker on boot: systemctl enable docker

  • Start Containerd: systemctl start containerd

  • Stop Containerd: systemctl stop containerd

  • Manage OpenLiteSpeed Service:

  • Start: systemctl start lsws

  • Stop: systemctl stop lsws

  • Restart: systemctl restart lsws

  • Enable: systemctl enable lsws

  • Manage Nginx/Certbot Stack:

  • Start/Update: docker compose up -d (executed from /root/nginx)

  • Stop: docker compose down (executed from /root/nginx)

  • View Logs: docker compose logs -f (executed from /root/nginx)

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×