Skip to content

Deployment Overview of aaPanel on Server

Prerequisites and Basic Requirements

The deployment of aaPanel requires a Linux server environment, specifically Ubuntu, with root privileges. The following components and conditions are necessary for a successful installation:

  • Operating System: Ubuntu (supported by the apt package manager tasks).

  • Privileges: Root access is required to install system packages, manage systemd services, and configure network ports.

  • Network Connectivity: The server must have outbound internet access to download the installer script and dependencies.

  • Dependencies: The installation process ensures the presence of curl, wget, and python3-pexpect.

FQDN of the Final Panel

The aaPanel interface is accessible via a Fully Qualified Domain Name (FQDN) constructed using the server identifier. The standard format for the panel address is:

aaPanel<Server ID>.hostkey.in:443

If a custom domain is configured, the panel will be accessible via that specific domain name over HTTPS (port 443).

File and Directory Structure

The application and its associated proxy configuration are distributed across specific directories on the host system.

  • aaPanel Installation Directory: /www/server/panel

  • aaPanel Binary: /usr/bin/bt

  • Nginx Configuration Directory: /data/nginx/user_conf.d

  • Nginx Compose File: /root/nginx/compose.yml

  • Nginx Environment File: /data/nginx/nginx-certbot.env

  • SSL Certificates: /etc/letsencrypt (mounted via Docker volume nginx_secrets)

  • ACME Challenge Directory: /var/www/letsencrypt (inside the Nginx container)

Application Installation Process

The aaPanel application is installed using the official developer installer script. The process involves downloading the script, executing it, and configuring the initial administrative credentials.

  1. System Preparation:

    • Stale apt processes are terminated to release locks.

    • Required packages (curl, wget, python3-pexpect) are installed via apt.

  2. Installer Execution:

    • The installer script is downloaded from https://www.aapanel.com/script/install_7.0_en.sh to /root/install_7.0_en.sh.

    • The script is executed with the aapanel argument and automatic confirmation (-y).

    • The service bt is enabled and started via systemd.

  3. Initial Configuration:

    • The panel port is changed to 3000 using the bt command interface.

    • The administrator password is set to aaPanel123.

    • The administrator username is set to aaPanel.

    • The admin path is generated and stored in /www/server/panel/data/admin_path.pl.

Access Rights and Security

Security measures are implemented through port configuration, user authentication, and reverse proxy settings.

  • Authentication:

    • Username: aaPanel

    • Password: aaPanel123

    • Admin Path: A unique path is generated during installation and stored in /www/server/panel/data/admin_path.pl. Access to the root path / redirects to this admin path.

  • Firewall and Ports:

    • The internal aaPanel service listens on port 3000 (localhost only).

    • External access is provided via Nginx on port 443 (HTTPS).

    • HTTP traffic on port 80 is redirected to HTTPS.

  • Proxy Security Headers:

    • The Nginx reverse proxy forwards headers including X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port to ensure correct client identification and protocol handling.

Databases

The provided configuration data does not contain specific information regarding database installation, connection strings, or storage locations for aaPanel. aaPanel typically manages databases internally via its web interface, but explicit database configuration details are not present in the source files.

Docker Containers and Their Deployment

A Docker container is deployed to handle reverse proxying and SSL certificate management using Certbot.

  • Container Image: jonasal/nginx-certbot:latest

  • Compose File Location: /root/nginx/compose.yml

  • Deployment Command: docker compose up -d executed in the /root/nginx directory.

  • Network Mode: host

  • Restart Policy: unless-stopped

Docker Compose Configuration

The compose.yml file defines the following services and volumes:

Parameter Value Description
Service Name nginx The Nginx reverse proxy service.
Image jonasal/nginx-certbot:latest Image containing Nginx and Certbot.
Environment [email protected] Email for Let's Encrypt notifications.
Env File /data/nginx/nginx-certbot.env Contains RENEWAL_INTERVAL=8d.
Volume 1 nginx_secrets:/etc/letsencrypt External volume for SSL certificates.
Volume 2 /data/nginx/user_conf.d:/etc/nginx/user_conf.d Host directory for Nginx site configurations.

Proxy Servers

Nginx acts as a reverse proxy for aaPanel, handling SSL termination and request forwarding.

Standard Domain Configuration (aaPanel<Server ID>.hostkey.in)

  • Configuration File: /data/nginx/user_conf.d/aaPanel<Server ID>.hostkey.in.conf

  • SSL Handling:

    • SSL verification is disabled for the upstream connection (proxy_ssl_verify off).

    • The proxy connects to https://127.0.0.1:3000.

    • proxy_ssl_server_name is enabled.

  • Redirects:

    • Requests to / and the admin path with a trailing slash are redirected (301) to the correct admin path without the trailing slash.

    • ACME challenge requests (/.well-known/acme-challenge/) are served from /var/www/letsencrypt.

Custom Domain Configuration

If a custom domain is specified, a separate configuration file is generated at /data/nginx/user_conf.d/<final_domain>.conf.

  • HTTP to HTTPS Redirect: Port 80 traffic is redirected to HTTPS.

  • SSL Certificates:

    • Certificate: /etc/letsencrypt/live/<final_domain>/fullchain.pem

    • Key: /etc/letsencrypt/live/<final_domain>/privkey.pem

  • Certbot Integration:

    • Certbot is executed inside the Nginx container to obtain certificates using the webroot method (/var/www/letsencrypt).

    • The RENEWAL_INTERVAL is set to 8d in the environment file.

Permission Settings

File and directory permissions are explicitly set during the deployment process.

  • Nginx Directory: /root/nginx is owned by root:root with mode 0755.

  • Compose File: /root/nginx/compose.yml is owned by root:root with mode 0644.

  • Environment File: /data/nginx/nginx-certbot.env is owned by root:root with mode 0644.

  • Nginx Config Files: Files in /data/nginx/user_conf.d/ are owned by root:root with mode 0644.

  • ACME Directory: Inside the container, /var/www/letsencrypt is owned by nginx:nginx or nobody:nogroup to allow Certbot to write challenge files.

Location of Configuration Files and Data

Component Path Description
aaPanel Binary /usr/bin/bt Main control script for aaPanel.
aaPanel Data /www/server/panel/data Contains runtime data including admin_path.pl.
Nginx Configs /data/nginx/user_conf.d Directory for virtual host configurations.
Docker Compose /root/nginx/compose.yml Docker service definition for Nginx/Certbot.
Nginx Env /data/nginx/nginx-certbot.env Environment variables for the Nginx container.
SSL Certs /etc/letsencrypt Let's Encrypt certificate storage (Docker volume).

Available Ports for Connection

Port Protocol Service Access
443 HTTPS Nginx Reverse Proxy External
80 HTTP Nginx Redirect External (Redirects to 443)
3000 HTTPS aaPanel Internal Service Internal (127.0.0.1 only)

Starting, Stopping, and Updating

The aaPanel service is managed via the bt command-line tool and systemd.

  • Service Management:

    • The underlying service is named bt.

    • It is enabled to start on boot via systemd.

  • aaPanel Control Commands:

    • Restart Panel: /usr/bin/bt 1

    • View Panel Info: /usr/bin/bt 14 (Displays login URL, username, and password).

    • Change Port: /usr/bin/bt 8

    • Change Password: /usr/bin/bt 5

    • Change Username: /usr/bin/bt 6

  • Docker Service Management:

    • Start/Update Nginx Proxy: docker compose up -d executed in /root/nginx.

    • Validate Nginx Config: docker exec nginx-nginx-1 nginx -t

    • Reload Nginx: docker exec nginx-nginx-1 nginx -s reload

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×