Skip to content

Deployment Overview of aaPanel on Server

Prerequisites and Basic Requirements

  • Operating System: Ubuntu (compatible with apt package manager).

  • Privileges: Root access is required to install the panel, manage Docker containers, and configure system services.

  • Network Ports:

  • Port 80 (HTTP) and Port 443 (HTTPS) must be open for the Nginx reverse proxy and SSL certificate validation.

  • Port 3000 is configured as the default internal port for the aaPanel service.

  • Dependencies: The system requires curl, wget, and python3-pexpect to be installed prior to the panel installation.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates:

  • /root/nginx: Contains the Docker Compose configuration file (compose.yml) for the Nginx and Certbot services.

  • /data/nginx/user_conf.d: Stores custom Nginx server block configurations, including domain-specific files (e.g., {{ final_domain }}.conf) and hostkey configurations.

  • /etc/letsencrypt: Mounted volume containing SSL certificates managed by Certbot.

  • /www/server/panel/data: Contains aaPanel internal data files, including admin_path.pl which stores the administrative path.

  • /var/www/certbot: Webroot directory inside the Nginx container used for ACME challenge validation.

Application Installation Process

The aaPanel application is installed via a shell script installer provided by the vendor.

  • The installer script is downloaded from https://www.aapanel.com/script/install_7.0_en.sh to /root/install_7.0_en.sh.

  • The installation is executed using the command bash /root/install_7.0_en.sh aapanel -y.

  • Upon completion, the bt service is started and enabled to run on system boot.

  • The system waits for the panel to fully initialize before proceeding with configuration changes.

Access Rights and Security

  • User Credentials: The default administrative username is set to aaPanel and the password is set to aaPanel123.

  • Service Management: The bt service is managed via systemd and is configured to start automatically.

  • Port Configuration: The panel port is explicitly changed to 3000 using the bt command-line interface.

  • Firewall: While not explicitly configured in the provided scripts, the Nginx proxy listens on standard ports 80 and 443, requiring these ports to be accessible from the network.

Docker Containers and Their Deployment

A Docker container running Nginx with Certbot integration is deployed to handle reverse proxying and SSL management.

  • Image: The container uses the image jonasal/nginx-certbot:latest.

  • Deployment Method: The container is managed via Docker Compose located at /root/nginx/compose.yml.

  • Network Mode: The container runs in host network mode.

  • Volumes:

  • nginx_secrets: An external volume mounted to /etc/letsencrypt for certificate storage.

  • /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d to load custom Nginx configurations.

  • Startup Command: The container is started using docker compose up -d from the /root/nginx directory.

  • Validation: The Nginx configuration is validated inside the container using docker exec nginx-nginx-1 nginx -t to ensure syntax correctness before traffic is served.

Proxy Servers

Nginx acts as a reverse proxy for the aaPanel application, handling both standard and custom domain configurations.

  • Standard Domain Configuration:

  • Configured in /data/nginx/user_conf.d/{{ prefix }}{{ server_id }}.hostkey.in.conf.

  • Redirects root paths (/) and the admin path to the internal aaPanel service.

  • Proxies requests to https://127.0.0.1:{{ internal_port }}.

  • Headers such as Host, X-Forwarded-Host, X-Forwarded-Proto, X-Real-IP, and X-Forwarded-For are set to preserve client information.

  • SSL verification is disabled for the upstream connection (proxy_ssl_verify off).

  • Custom Domain Configuration:

  • Configured in /data/nginx/user_conf.d/{{ final_domain }}.conf.

  • Supports both HTTP (port 80) and HTTPS (port 443) server blocks.

  • HTTP Block: Handles ACME challenges at /.well-known/acme-challenge/ and redirects traffic to the admin path.

  • HTTPS Block: Uses SSL certificates located at /etc/letsencrypt/live/{{ final_domain }}/.

  • Both blocks proxy traffic to the internal aaPanel service with the same header configuration as the standard domain.

  • SSL Certificate Generation:

  • Certificates are obtained using Certbot within the Nginx container via the webroot method.

  • The command certbot certonly --webroot -w /var/www/certbot -d {{ final_domain }} is executed inside the container.

  • After certificate generation, the Nginx service is reloaded to apply the HTTPS configuration.

Permission Settings

  • Nginx Directory: The /root/nginx directory is owned by root:root with permissions 0755.

  • Compose File: The compose.yml file is set to 0644 permissions.

  • Configuration Files: Nginx configuration files in /data/nginx/user_conf.d are owned by root:root with 0644 permissions.

  • Certbot Webroot: Inside the Nginx container, the /var/www/certbot directory is owned by nginx:nginx or nobody:nogroup to allow Certbot to write challenge files.

Starting, Stopping, and Updating

  • aaPanel Service:

  • Start/Enable: Managed via systemctl start bt and systemctl enable bt.

  • Restart: Executed using the command /usr/bin/bt 1.

  • Status Check: The admin path and status can be retrieved using bt 14.

  • Nginx Container:

  • Start: docker compose up -d executed from /root/nginx.

  • Reload: Configuration changes are applied using docker exec nginx-nginx-1 nginx -s reload.

  • Validation: Configuration syntax is checked using docker exec nginx-nginx-1 nginx -t.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×