Skip to content

Deployment Overview of aaPanel on Server

Prerequisites and Basic Requirements

The deployment of aaPanel requires a Linux-based server environment with the following specifications:

  • Operating System: Ubuntu (verified via apt package manager).

  • Privileges: Root access is required to install system packages, manage services, and configure the firewall.

  • Network Access: The server must have outbound internet access to download the installer and retrieve SSL certificates.

  • Ports:

  • Port 3000: Internal aaPanel service port.

  • Port 443: External HTTPS port for the Nginx reverse proxy.

  • Port 80: HTTP port required for ACME challenge validation by Certbot.

FQDN of the Final Panel

The application is accessible via the hostkey.in domain using the following format:

  • Standard Domain: aaPanel<Server ID>.hostkey.in

  • Port: 443 (HTTPS)

  • Full URL Format: https://aaPanel<Server ID>.hostkey.in

If a custom domain is configured, the FQDN will be the specific custom domain provided during setup, also accessible via port 443.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates:

  • aaPanel Installation: /www/server/panel

  • aaPanel Data: /www/server/panel/data

  • Nginx Configuration Directory: /data/nginx/user_conf.d

  • Nginx Compose Directory: /root/nginx

  • SSL Certificates (Docker Volume): Mounted at /etc/letsencrypt inside the Nginx container.

  • Certbot Webroot: /var/www/certbot (inside the Nginx container).

Application Installation Process

The aaPanel application is installed using the official version 7.0 installer script. The process involves the following steps:

  1. System Preparation:

    • Ensure curl, wget, and python3-pexpect are installed.

    • Release any locks on the apt package manager to prevent installation conflicts.

  2. Installer Execution:

    • The installer script is downloaded from https://www.aapanel.com/script/install_7.0_en.sh to /root/install_7.0_en.sh.

    • The script is executed with the -y flag to accept defaults automatically: 

      bash /root/install_7.0_en.sh aapanel -y

  3. Service Initialization:

    • The bt service is started and enabled to run on system boot.

    • The system waits for the panel to fully initialize.

  4. Configuration:

    • The panel port is changed to 3000.

    • The default username is set to aaPanel.

    • The default password is set to aaPanel123.

    • The admin path is generated and stored in /www/server/panel/data/admin_path.pl.

Docker Containers and Their Deployment

A reverse proxy and SSL management container is deployed using Docker Compose.

  • Image: jonasal/nginx-certbot:latest

  • Compose File Location: /root/nginx/compose.yml

  • Deployment Command: 

    docker compose up -d
    This command is executed from the /root/nginx directory.

  • Container Configuration:

  • Network Mode: host

  • Restart Policy: unless-stopped

  • Environment Variables:

  • Volumes:

    • nginx_secrets (external) mounted to /etc/letsencrypt.

    • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.

Proxy Servers

Nginx acts as a reverse proxy to handle incoming traffic on port 443 and forward it to the internal aaPanel service on port 3000.

  • Configuration Location:

  • Standard Domain: /data/nginx/user_conf.d/aaPanel<Server ID>.hostkey.in.conf

  • Custom Domain: /data/nginx/user_conf.d/<custom_domain>.conf

  • Proxy Settings:

  • Target: https://127.0.0.1:3000

  • SSL Verification: Disabled (proxy_ssl_verify off).

  • Headers:

    • Host: $host:3000

    • X-Forwarded-Host: $host

    • X-Forwarded-Proto: https

    • X-Forwarded-Port: 443

    • X-Real-IP: $remote_addr

    • X-Forwarded-For: $proxy_add_x_forwarded_for

  • HTTP Version: 1.1

  • Buffering: Disabled (proxy_buffering off).

  • SSL/TLS:

  • Certificates are managed by Certbot within the Docker container.

  • For custom domains, the certificate is obtained via the webroot challenge at /var/www/certbot.

  • HTTP requests are redirected to the admin path or HTTPS.

Access Rights and Security

  • File Permissions:

  • Nginx configuration directory (/root/nginx): 0755 (Owner: root, Group: root).

  • Compose file (/root/nginx/compose.yml): 0644 (Owner: root, Group: root).

  • Nginx user configuration files: 0644 (Owner: root, Group: root).

  • User Configuration:

  • The aaPanel admin username is configured as aaPanel.

  • The default password is set to aaPanel123.

  • Firewall:

  • Ports 80 and 443 must be open to allow external access and SSL certificate validation.

  • Port 3000 is used internally and is not exposed directly to the public internet.

Available Ports for Connection

Port Protocol Description
80 HTTP Used for ACME challenge validation and redirection.
443 HTTPS Primary access port for the aaPanel interface via Nginx.
3000 HTTP/HTTPS Internal port for the aaPanel service (behind proxy).

Starting, Stopping, and Updating

The aaPanel service is managed via the bt command-line tool and systemd.

  • Service Management:

  • The service name is bt.

  • To ensure the service is running and enabled: 

    systemctl start bt
systemctl enable bt

  • Restarting the Panel:

  • To restart the panel and apply configuration changes: 

    /usr/bin/bt 1

  • Viewing Admin Path:

  • To retrieve the current admin login path: 

    bt 14

  • The path is also stored in the file /www/server/panel/data/admin_path.pl.

  • Docker Container Management:

  • To restart the Nginx proxy container: 

    docker compose restart

  • To reload Nginx configuration inside the container: 

    docker exec nginx-nginx-1 nginx -s reload

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×