Deployment Overview of aaPanel on Server¶
Prerequisites and Basic Requirements¶
The deployment process requires a server running the Ubuntu operating system. The installation and configuration must be executed with root privileges. The application is installed using the official aaPanel installer script, version 7.0, which configures the necessary system dependencies.
The deployment establishes a proxy layer using Nginx and Certbot managed within a Docker container to handle SSL termination and domain routing.
Final Access URL¶
The aaPanel interface is accessible via a reverse proxy on the hostkey.in domain. The Fully Qualified Domain Name (FQDN) follows the format:
aaPanel<Server ID>.hostkey.in:443
Where <Server ID> is the unique identifier for the specific server instance. For custom domain deployments, the URL will match the configured custom domain on port 443.
Application Installation Process¶
The aaPanel application is installed using the official shell script provided by the vendor. The installer is downloaded directly from https://www.aapanel.com/script/install_7.0_en.sh and executed with specific parameters to automate the setup.
The installation performs the following actions:
-
Downloads and executes
install_7.0_en.shwith theaapanelargument. -
Installs the
btservice and enables it to start on boot. -
Configures the panel to listen on the internal port
3000. -
Sets the default administrative username to
aaPanel. -
Sets the default administrative password to
aaPanel123. -
Generates a unique admin path for the login interface.
The installation log is stored at /root/aapanel_install.log.
Docker Containers and Their Deployment¶
A Docker container serves as the reverse proxy and SSL manager. It is deployed using Docker Compose.
The container image used is jonasal/nginx-certbot:latest. The configuration is defined in the file /root/nginx/compose.yml.
The deployment specifies the following volume mounts:
-
nginx_secrets: An external volume mapped to/etc/letsencryptfor SSL certificate storage. -
/data/nginx/user_conf.d: Host directory mapped to/etc/nginx/user_conf.dfor custom Nginx configuration files.
The container is started and managed via the command:
This command is executed from the/root/nginx directory. Proxy Servers¶
The Nginx container acts as a reverse proxy for the aaPanel application, running locally on 127.0.0.1:3000. It terminates HTTPS connections on port 443 and forwards traffic to the internal application port.
The proxy configuration handles the following:
-
Redirection: Requests to the root path
/are redirected with a301status code to the unique admin path. -
Proxy Settings:
-
proxy_pass:https://127.0.0.1:3000 -
proxy_ssl_verify: Set tooffto bypass self-signed certificate verification for the internal aaPanel service. -
Headers such as
Host,X-Forwarded-Host,X-Forwarded-Proto,X-Real-IP, andX-Forwarded-Forare passed to the backend. -
HTTP/1.1 is used with
proxy_buffering off.
For custom domains, the configuration is stored in /data/nginx/user_conf.d/<final_domain>.conf. For standard hostkey domains, the configuration is applied to /data/nginx/user_conf.d/aaPanel<Server ID>.hostkey.in.conf.
SSL Certificate Management¶
SSL certificates are managed by Certbot within the Docker container.
-
Email: The certificate is registered under
[email protected]. -
Method: The ACME webroot challenge is used.
-
Webroot: The container mounts the directory
/var/www/certbot(created inside the container) to serve challenge files. -
Storage: Certificates are stored in the
nginx_secretsvolume at/etc/letsencrypt. -
Renewal: The
jonasal/nginx-certbotimage handles automatic renewal.
File and Directory Structure¶
The deployment utilizes the following key directories:
-
/root/nginx: Contains the Docker Compose definition and environment files. -
/data/nginx/user_conf.d: Stores Nginx server block configurations for both standard and custom domains. -
/www/server/panel/data: The internal aaPanel data directory containing system configurations and user data. -
/etc/letsencrypt: Mount point for SSL certificates (via Docker volume).
Location of Configuration Files and Data¶
The primary configuration and data files are located in the following paths:
| File / Directory | Description |
|---|---|
/www/server/panel/data/admin_path.pl | Contains the generated unique admin login path. |
/root/nginx/compose.yml | Docker Compose configuration for the proxy. |
/root/nginx/nginx-certbot.env | Environment variables for the Certbot service. |
/data/nginx/user_conf.d/*.conf | Nginx server block configurations. |
/usr/bin/bt | The aaPanel management executable. |
/root/aapanel_install.log | Installation log file. |
Available Ports for Connection¶
The system utilizes the following ports for internal and external communication:
| Port | Protocol | Description |
|---|---|---|
| 3000 | HTTP/HTTPS | Internal port used by aaPanel. Accessible only on localhost. |
| 443 | HTTPS | External port for the Nginx reverse proxy. |
| 80 | HTTP | Used for ACME challenges and redirection to HTTPS. |
Starting, Stopping, and Updating¶
The aaPanel service is managed by the systemd init system under the service name bt.
To manage the service, use the following commands:
-
Start the service:
-
Stop the service:
-
Restart the service:
-
Check status:
The Docker proxy container is managed via Docker Compose from the /root/nginx directory:
-
Start the container:
-
Restart the container:
Access Rights and Security¶
The default credentials for the aaPanel interface are:
-
Username:
aaPanel -
Password:
aaPanel123
Access to the panel is secured via a unique, non-guessable path appended to the domain (e.g., domain.com/adminpath). Direct access to the root path / is redirected to this unique path.
The Nginx configuration disables SSL verification for the internal proxy connection (proxy_ssl_verify off) to accommodate the self-signed certificate used by aaPanel on port 3000. External clients connect over HTTPS, ensuring encrypted traffic between the browser and the proxy.