Skip to content

Overview of Deploying CloudPanel on Server

Prerequisites and Basic Requirements

  • The server must run a Debian‑based distribution (Ubuntu 20.04 or newer is supported).
  • Free ports 80, 443, and 3306 are required for HTTP, HTTPS, and MySQL, respectively.
    The deployment process checks that no other services are listening on these ports before proceeding.
  • Docker must be available. The installation routine automatically installs Docker if it is not present.
  • Internet connectivity is required to download the CloudPanel installer, Docker images, and system updates.

File and Directory Structure

After installation the following key directories and files are created:

  • /root/nginx
    Contains the Docker Compose configuration for the Nginx‑Certbot container.
    Permissions: 0644, owned by root:root.

  • /root/nginx/compose.yml
    The Docker Compose file that defines the Nginx‑Certbot service.
    Uses the external Docker volume nginx_secrets to store Let’s Encrypt data and mounts the user configuration directory.

  • /data/nginx
    Stores Nginx user configuration and environment variables.

  • /data/nginx/user_conf.d
    Holds individual site configuration snippets.
    One file is automatically modified to replace location /django_client with location / for the CloudPanel application.

  • /data/nginx/nginx-certbot.env
    Environment file passed to the Nginx‑Certbot container (e.g., CERTBOT_EMAIL).

  • /etc/cloudpanel
    Directory created by the CloudPanel installer that contains all application configuration, SSL keys, and runtime files.

  • /var/lib/mysql (or the configured MySQL data directory)
    Holds the MySQL 8.0 database used by CloudPanel.

Access Rights and Security

  • All critical directories and configuration files are owned by root:root with read/write permissions for the owner only (0644).
  • Docker volumes (nginx_secrets) are managed by Docker and are accessible only to the Docker daemon.
  • The Nginx container runs on the host network and listens on ports 80/443; the SSL certificates are stored in the nginx_secrets volume, ensuring they are not exposed outside the container environment.

Databases

CloudPanel requires a MySQL 8.0 database. The installation:

  1. Ensures that any existing MySQL, MariaDB, or Percona installations are removed.
  2. Installs MySQL 8.0 as the database engine for CloudPanel.
  3. Configures the database to listen on port 3306.
  4. Creates the necessary CloudPanel schema during the installer run.

The database files reside in /var/lib/mysql (or the default MySQL data directory) and are protected by standard MySQL permissions.

Docker Containers and Deployment

The web front‑end is served by an Nginx‑Certbot container. Deployment steps:

  1. Docker Installation – Docker is installed and the Docker service is started.
  2. Compose File Creation/root/nginx/compose.yml is generated from a Jinja2 template.
    Key settings in the Compose file:
    services:
  nginx:
    image: jonasal/nginx-certbot:latest
    restart: unless-stopped
    environment:
      - [email protected]
    env_file:
      - /data/nginx/nginx-certbot.env
    network_mode: host
    volumes:
      - nginx_secrets:/etc/letsencrypt
      - /data/nginx/user_conf.d:/etc/nginx/user_conf.d
  3. Running the Container – The container is launched with docker compose up -d in /root/nginx.
    The host network mode allows the container to listen directly on ports 80 and 443.

The container pulls the latest jonasal/nginx-certbot image, automatically obtains/renewal HTTPS certificates via Certbot, and serves the CloudPanel application through the configured Nginx reverse proxy.

Proxy Servers

  • Nginx‑Certbot serves as the reverse proxy.
  • It handles TLS termination using Let’s Encrypt certificates.
  • The container’s configuration directory (/data/nginx/user_conf.d) contains site‑specific settings.

  • The configuration file for the CloudPanel domain is automatically edited to forward the root URL (/) to the application.

  • No additional proxy services (e.g., Traefik) are installed as part of this deployment.

Permission Settings

  • The /root/nginx directory and its contents are set to 0644 to allow read access while preventing write changes by non‑root users.
  • Docker volumes and host directories are mounted with root ownership inside the container, ensuring the container runs with the necessary privileges to bind to low‑numbered ports.

Starting, Stopping, and Updating

  • Start:

    cd /root/nginx
docker compose up -d

  • Stop:

    cd /root/nginx
docker compose down

  • Update:

  • Pull the newest Nginx‑Certbot image:
    docker pull jonasal/nginx-certbot:latest

  • Restart the container to apply the new image:

    cd /root/nginx
docker compose up -d

  • CloudPanel Application Updates
    The CloudPanel installer script can be re‑run to upgrade the application. The installer will perform necessary migrations and restart services as needed.

This deployment provides a fully functional CloudPanel instance, with Docker‑based Nginx reverse proxy, automated TLS management, and a clean MySQL 8.0 backend, all configured to run on a standard Ubuntu server.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×