Overview of Deploying EasyPanel on Server¶

Prerequisites and Basic Requirements¶

• Operating System – A recent Ubuntu release (tested on 20.04 LTS and newer).
• Root Access – All installation steps must be performed as the root user.
• Docker – Docker Engine 19.03+ is required. The installer script pulls the official EasyPanel image, so Docker must be installed before running the installation script.
• Network – Ports 80 and 443 must be free (no other web servers or containers exposing those ports).
• Domain and DNS – A fully‑qualified domain name that resolves to the server’s public IP. The domain will be used for HTTPS with Let’s Encrypt certificates.
• Email – An email address that can receive Let’s Encrypt renewal notifications (used by the Nginx‑Certbot container).

File and Directory Structure¶

After the installation script has finished, the following key directories are created on the server:

The EasyPanel installation script creates its own Docker environment, typically placing the main container under /data/easypanel (the exact path is not exposed in the configuration files, but the container is named easypanel and listens on port 3000 internally).

Access Rights and Security¶

All critical configuration directories are owned by the root user.
- The Nginx‑Certbot container runs with network_mode: host, so it listens directly on the host’s 80/443 ports.
- The Nginx‑Certbot image stores certificates in the nginx_secrets Docker volume, which is an external volume mounted to /etc/letsencrypt.
- Traefik’s ACME storage file (acme.json) is created with 0600 permissions, limiting read/write access to root only.

No user‑level processes are exposed to the network; all traffic to the application is forwarded through the HTTPS proxy.

Databases¶

EasyPanel itself does not expose or require a separate database service. All data is stored inside the EasyPanel Docker container’s persistent volumes, which the installation script mounts under /data/easypanel. There is no external database server configuration in the provided templates.

Docker Containers and Their Deployment¶

Nginx‑Certbot¶

The Nginx‑Certbot container is deployed via Docker‑Compose:

cd /root/nginx
docker compose up -d

Container details

• Image – jonasal/nginx-certbot:latest
• Ports – Inherited from the host (80 / 443) because of network_mode: host.
• Environment – CERTBOT_EMAIL is set from the nginx-certbot.env file.
• Volumes –
• nginx_secrets:/etc/letsencrypt – stores Let’s Encrypt certificates.
• /data/nginx/user_conf.d:/etc/nginx/user_conf.d – holds per‑domain config snippets.

The script automatically modifies the user configuration file to forward / traffic to the EasyPanel service on http://127.0.0.1:3000.

EasyPanel¶

The EasyPanel installation script pulls and runs an official Docker image (the exact image tag is chosen automatically). The container is named easypanel and internally listens on port 3000. No further Docker‑Compose files are required for EasyPanel; the script handles the creation of a dedicated Docker environment.

Optional Traefik¶

If you prefer Traefik over the Nginx‑Certbot container, the following configuration files are supplied:

• traefik_static.yml.j2 – static Traefik configuration (entry points, providers).
• traefik_dynamic_easypanel.yml.j2 – dynamic router and service definition for EasyPanel.
• traefik.yml.j2 – main Traefik configuration template (used for generating traefik.yml).

Place the rendered files under /etc/traefik and start Traefik in a container with those volumes mounted. Traefik will then forward HTTPS traffic to the EasyPanel service on http://easypanel:3000.

Proxy Servers¶

Two proxy solutions are included in the template set:

1. Nginx‑Certbot – A single‑container solution that combines Nginx and Certbot. It serves HTTPS, obtains Let’s Encrypt certificates, and forwards traffic to the EasyPanel container.
2. Traefik – A modern reverse‑proxy that can be configured with the provided static and dynamic YAML files. It also handles Let’s Encrypt certificates and can expose the EasyPanel service via HTTPS.

Choose the proxy that best matches your environment. If you use the Nginx‑Certbot container, no additional proxy configuration is needed.

Permission Settings¶

• Directories and files under /root, /data, and /etc are owned by root with read/write/execute permissions limited to the owner.
• The acme.json file for Traefik is set to 0600 to prevent non‑root users from reading or modifying the certificate storage.
• Docker containers run as non‑root users inside the images (except when explicitly overridden by the container runtime).

Starting, Stopping, and Updating¶

Nginx‑Certbot¶

# Start or resume the proxy
cd /root/nginx
docker compose up -d

# Stop the proxy
docker compose down

EasyPanel¶

The installation script creates a Docker systemd service named easypanel. Use the following commands:

# Start EasyPanel
systemctl start easypanel
systemctl enable easypanel

# Stop EasyPanel
systemctl stop easypanel

# Restart EasyPanel
systemctl restart easypanel

# Update EasyPanel
# Re‑run the installation script or pull a newer image:
docker pull easypanel/easypanel:latest
docker compose -f /path/to/easypanel-compose.yml up -d

Traefik (if used)¶

# Start Traefik
docker run -d \
  -p 80:80 -p 443:443 \
  -v /etc/traefik/traefik.yml:/etc/traefik/traefik.yml \
  -v /etc/traefik/dynamic:/etc/traefik/dynamic \
  -v /etc/traefik/acme.json:/etc/traefik/acme.json \
  traefik:v2.10

# Stop Traefik
docker stop <container_id_or_name>

When updating, replace the Traefik image tag in the run command, pull the new image, and restart the container.

The server is now ready to serve the EasyPanel web interface over HTTPS on the configured domain. No additional services should be listening on ports 80 or 443, and all traffic is securely terminated by the chosen reverse‑proxy.