Skip to content

Deployment Overview of MCS Manager Server on Server

Prerequisites and Basic Requirements

The deployment requires a Linux-based operating system, specifically Ubuntu, with root privileges to execute installation scripts and manage Docker containers. The system must have network access to download the installation script from https://script.mcsmanager.com/setup_cn.sh.

The following network ports are utilized by the proxy configuration: - {{ external_port }} for the primary service traffic. - {{ external_port_daemon }} for the daemon service traffic. - Ports 80 and 443 are implicitly required for SSL certificate validation and HTTPS traffic handling by the Nginx container.

File and Directory Structure

The application and its supporting services utilize the following directory structure on the host system: - /root/nginx: The working directory for the Nginx and Certbot Docker Compose configuration. - /data/nginx/user_conf.d: The directory containing the generated Nginx server configuration files, named {{ prefix }}{{ server_id }}.{{ zone }}.conf. - /data/nginx/nginx-certbot.env: The environment file containing configuration variables for the Nginx container. - /etc/letsencrypt: The mount point for SSL certificates and keys managed by the Certbot container. - /root/setup_cn.sh: The location of the downloaded installation script.

Application Installation Process

The installation is performed by downloading and executing a shell script provided by the developer. The process involves the following steps:

  1. Update the system package cache using the apt package manager.
  2. Download the installation script to /root/setup_cn.sh from the remote URL.
  3. Execute the script using the Bash shell to install the necessary components, including Docker and the application services.

The commands to perform this installation are: 

apt update
wget https://script.mcsmanager.com/setup_cn.sh -O /root/setup_cn.sh
chmod +x /root/setup_cn.sh
/bin/bash /root/setup_cn.sh

Docker Containers and Their Deployment

The application relies on Docker containers managed via Docker Compose. The primary container is an Nginx instance with integrated Certbot functionality for SSL management.

The Docker Compose configuration is located at /root/nginx/compose.yml. It defines the following service: - nginx: Uses the image jonasal/nginx-certbot:latest. - Restart Policy: Configured to unless-stopped. - Network Mode: Set to host to bind directly to host network interfaces. - Environment: Loads variables from /data/nginx/nginx-certbot.env and sets CERTBOT_EMAIL to [email protected]. - Volumes: - Mounts the external volume nginx_secrets to /etc/letsencrypt for certificate storage. - Mounts the host directory /data/nginx/user_conf.d to /etc/nginx/user_conf.d for custom server configurations.

To start or update the containers, the following command is executed from the /root/nginx directory: 

docker compose up -d

Proxy Servers

The deployment utilizes an Nginx container acting as a reverse proxy and SSL terminator. The configuration supports two distinct server blocks for different services:

  1. Primary Service Block:
  2. Listens on {{ external_port }} for both IPv4 and IPv6.
  3. Serves the domain {{ prefix }}{{ server_id }}.{{ zone }}.

  4. Proxies requests from {{ external_path }} to the internal service at {{ prefix }}{{ server_id }}.{{ zone }}:{{ internal_port }}{{ internal_path }}.

  5. Daemon Service Block:

  6. Listens on {{ external_port_daemon }} for both IPv4 and IPv6.
  7. Serves the same domain {{ prefix }}{{ server_id }}.{{ zone }}.
  8. Proxies requests from {{ external_path }} to the internal daemon service at {{ prefix }}{{ server_id }}.{{ zone }}:{{ internal_port_daemon }}{{ internal_path }}.

Both server blocks are configured with the following security and performance settings: - SSL Configuration: Uses certificates located in /etc/letsencrypt/live/{{ prefix }}{{ server_id }}.{{ zone }}/. - Buffering: Proxy buffering is disabled (proxy_buffering off) to support real-time data streams. - Client Limits: Maximum body size is set to 10240M. - WebSockets: Supports WebSocket upgrades via the Upgrade and Connection headers. - Headers: Forwards X-Forwarded-Host, X-Forwarded-Server, X-Real-IP, X-Forwarded-For, and X-Scheme to the backend services.

Permission Settings

The file system permissions for the deployment components are set as follows: - The directory /root/nginx is owned by root:root with mode 0755. - The Nginx configuration file at /data/nginx/user_conf.d/{{ prefix }}{{ server_id }}.{{ zone }}.conf is owned by root:root with mode 0644. - The Docker Compose file at /root/nginx/compose.yml is owned by root:root with mode 0644. - The installation script /root/setup_cn.sh is executed with executable permissions.

Starting, Stopping, and Updating

The services are managed using Docker Compose commands executed from the /root/nginx directory.

  • Start or Update: 
    cd /root/nginx
docker compose up -d
  • Stop: 
    cd /root/nginx
docker compose down
  • View Logs: 
    cd /root/nginx
docker compose logs -f
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×