Deployment Overview of EasyPanel on Server¶

Prerequisites and Basic Requirements¶

To deploy EasyPanel on the server, the following conditions must be met:

• Operating System: Ubuntu (verified via tasks/ubuntu.yml).

• Privileges: Root access is required to execute installation scripts and manage system services.

• Ports: Ports 80 and 443 must be available. Any existing services or containers occupying these ports will be stopped during the installation process.

• Domain: A valid domain name is required for the easypanel_domain variable to configure the reverse proxy and SSL certificates.

• Docker: The Docker engine must be installed and running on the server.

File and Directory Structure¶

The deployment utilizes specific directories for configuration files, data storage, and certificates:

• /root/nginx: Directory created to store the Nginx and Certbot Docker Compose configuration.

• /root/nginx/compose.yml: The Docker Compose file defining the Nginx and Certbot services.

• /data/nginx/user_conf.d: Directory containing user-specific Nginx configuration files, including host key configurations.

• /data/nginx/nginx-certbot.env: Environment file for the Nginx Certbot service.

• /etc/letsencrypt: Volume mount point for Let's Encrypt SSL certificates managed by the Nginx Certbot container.

• /etc/traefik: Directory containing Traefik static and dynamic configuration files (if Traefik is used as the proxy).

• /etc/traefik/acme.json: Storage file for Let's Encrypt certificates when using Traefik.

Application Installation Process¶

The EasyPanel application is installed using the official installation script provided by the developers. The process involves the following steps:

1. Stop any existing web servers such as nginx or apache2 to prevent port conflicts.

2. Stop any Docker containers currently publishing on ports 80 or 443.

3. If a Docker Swarm is active, it is forcefully left to ensure a clean environment.

4. Execute the official EasyPanel installation script via curl:

curl -sSL https://get.easypanel.io | sh

This script is executed in the /root directory and handles the core installation of the EasyPanel application.

Docker Containers and Their Deployment¶

The deployment utilizes Docker containers for both the application and the reverse proxy services.

Nginx and Certbot Container¶

A Docker Compose file located at /root/nginx/compose.yml defines the Nginx and Certbot service. The configuration includes:

• Image: jonasal/nginx-certbot:latest

• Restart Policy: unless-stopped

• Network Mode: host

• Volumes:

• nginx_secrets mapped to /etc/letsencrypt for SSL certificate storage.

• /data/nginx/user_conf.d mapped to /etc/nginx/user_conf.d for custom Nginx configurations.

• Environment:

• CERTBOT_EMAIL set to [email protected].

• Additional environment variables loaded from /data/nginx/nginx-certbot.env.

Traefik Configuration (Alternative Proxy)¶

If Traefik is used as the reverse proxy, the configuration is split into static and dynamic files:

• Static Configuration: Defines entry points for HTTP (:80) and HTTPS (:443), Docker provider settings, and Let's Encrypt resolver details.

• Dynamic Configuration: Defines the router and service for EasyPanel, mapping the easypanel_domain to the internal service URL http://easypanel:3000.

Proxy Servers¶

The deployment supports two proxy configurations: Nginx with Certbot or Traefik.

Nginx with Certbot¶

The Nginx container acts as a reverse proxy and handles SSL certificate generation via Certbot.

• Proxy Pass: The Nginx configuration file located at /data/nginx/user_conf.d/{{ prefix }}{{ server_id }}.hostkey.in.conf is modified to include the proxy pass directive:

  proxy_pass http://127.0.0.1:3000;
  

• SSL: Certificates are automatically managed by the jonasal/nginx-certbot container using the Let's Encrypt ACME protocol.

Traefik¶

If Traefik is configured, it manages the routing and SSL termination:

• Entry Points:

• web: Listens on port 80 and redirects all traffic to websecure (HTTPS).

• websecure: Listens on port 443 and handles TLS termination.

• Routing: The router rule Host(easypanel_domain) directs traffic to the EasyPanel service running on port 3000.

• SSL: Certificates are resolved via the letsencrypt resolver, storing data in /etc/traefik/acme.json.

Access Rights and Security¶

Security measures are implemented through service management and firewall considerations:

• Service Isolation: Existing web servers (nginx, apache2) are stopped and disabled to prevent conflicts.

• Port Management: Any Docker containers occupying ports 80 or 443 are stopped before the proxy services are started.

• Docker Swarm: If active, the Docker Swarm is left to ensure the deployment runs in a standalone mode.

• File Permissions:

• The /root/nginx directory is owned by root with permissions 0755.

• The compose.yml file is owned by root with permissions 0644.

• Configuration files in /data/nginx/user_conf.d are managed by the deployment process to ensure correct ownership for the Nginx container.

Starting, Stopping, and Updating¶

The management of the services depends on the chosen proxy and the EasyPanel application itself.

• EasyPanel Service: Managed by the installation script. The application runs as a Docker container or service as defined by the official installer.

• Nginx/Certbot Service: Managed via Docker Compose in the /root/nginx directory.

• To start or update the proxy:

  docker compose up -d
  

  (Note: The provided configuration includes a commented-out command for this action, indicating manual execution may be required depending on the final state).

• Traefik Service: If Traefik is used, it is typically managed as a Docker container or daemon based on the static and dynamic configuration files provided.

Updates to the EasyPanel application are handled through the official update mechanisms provided by the EasyPanel team, while proxy configurations are updated by modifying the respective compose.yml or Traefik configuration files and restarting the containers.