Skip to content

Deployment Overview of aaPanel on Server

Prerequisites and Basic Requirements

To ensure a successful deployment of aaPanel, the following requirements must be met:

  • Operating System: Ubuntu (implied by apt package management).

  • Privileges: Root or sudo access is required for installation and service management.

  • Domain: A valid domain name configured to point to the server IP is required for SSL certificate acquisition via Certbot.

  • Required Packages: curl, wget, and python3-pexpect.

FQDN of the final panel on the hostkey.in domain if avalible in format 'Server ID'.hostkey.in:

The default access point for the panel is configured as follows: aaPanel<ServerID>.hostkey.in:3000

File and Directory Structure

The deployment utilizes several specific directories for configuration, logs, and SSL management:

Path Description
/root/install_7.0_en.sh aaPanel installation script
/root/aapanel_install.log Installation log file
/data/nginx/user_conf.d/ Nginx user configuration directory
/data/nginx/nginx-certbot.env Environment variables for the Nginx container
/www/server/panel/data/admin_path.pl Script containing the admin login path

Application installation process

The application is installed using the official aaPanel installer script (version 7.0). The installation process involves:

  1. Downloading the install_7.0_en.sh script to /root.

  2. Executing the script with the aapanel parameter.

  3. Configuring default credentials:

    • Username: aaPanel

    • Password: aaPanel123

  4. Changing the management port to 3000.

Access Rights and Security

Security is managed through several layers:

  • Firewall/Port Management: The panel's internal management port is set to 3000, while standard web traffic is routed via port 443 (HTTPS) or 80 (HTTP).

  • User Credentials: Default credentials are modified during the installation process for security.

  • SSL/TLS: SSL certificates are managed via Certbot within a Docker container to secure custom domain connections.

Proxy Servers

A reverse proxy setup is implemented using Nginx in a Docker container (jonasal/nginx-certbot:latest) to handle incoming traffic and provide SSL termination.

Nginx Configuration Details

The proxy configuration includes:

  • ACME Challenge Support: A specific location block for .well-known/acme-challenge/ is configured to allow automated SSL renewals.

  • Redirection: Automatic HTTP to HTTPS redirection is implemented for the root path and the admin login path.

  • Proxy Headers: The following headers are passed to the backend:

    • Host, X-Forwarded-Host, X-Forwarded-Proto, X-Forwarded-Port, X-Real-IP, and X-Forwarded-For.

Docker Containers and Their Deployment

The Nginx reverse proxy is deployed using Docker Compose.

Container Configuration

The deployment uses a compose.yml file located in /root/nginx/ with the following specifications:

Component Value
Image jonasal/nginx-certbot:latest
Network Mode host
Restart Policy unless-stopped
Volumes nginx_secrets (external), /data/nginx/user_conf.d

Available ports for connection

The following ports are utilized by the system:

Port Purpose
80 HTTP traffic and ACME challenges
443 HTTPS (Secure Web Traffic)
3000 aaPanel Management Interface
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×