Skip to content

Deployment Overview of EasyPanel on Server

Prerequisites and Basic Requirements

To successfully deploy EasyPanel on the server, the following conditions must be met:

  • Operating System: Ubuntu (verified via tasks/ubuntu.yml).

  • Privileges: Root access is required to execute installation scripts and manage Docker containers.

  • Domain Configuration: The server must be configured to resolve the specific FQDN for the EasyPanel instance.

  • Port Availability: Ports 80 and 443 must be available for the reverse proxy and SSL termination. Ports 3000 is used internally for the EasyPanel application.

  • Docker: Docker Engine must be installed and running on the host.

FQDN of the Final Panel

The fully qualified domain name (FQDN) for accessing the EasyPanel interface follows the format:

easypanel<Server ID>.hostkey.in:443

Where <Server ID> is the unique identifier assigned to the specific server instance. The application is accessible via HTTPS on port 443.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates:

  • /root/nginx/: Contains the Docker Compose configuration for the Nginx/Certbot proxy.

  • /data/nginx/user_conf.d/: Stores custom Nginx configuration files, including the specific proxy pass rule for EasyPanel.

  • /data/nginx/nginx-certbot.env: Environment file for the Nginx Certbot container.

  • /etc/traefik/: Contains the main Traefik configuration files.

  • /etc/traefik/dynamic/: Directory for dynamic routing configurations.

  • /etc/traefik/acme.json: Storage file for Let's Encrypt SSL certificates managed by Traefik.

  • /etc/letsencrypt/: Volume mount point for SSL certificates managed by the Nginx Certbot container.

Application Installation Process

EasyPanel is installed using the official installation script provided by the developers. The process involves the following steps:

  1. Stop any existing web servers (Nginx or Apache) that may conflict with ports 80 or 443.

  2. Stop any existing Docker containers occupying ports 80 or 443.

  3. Leave any active Docker Swarm to ensure a standalone Docker environment.

  4. Execute the official installation script:

curl -sSL https://get.easypanel.io | sh

This script installs the EasyPanel application and its required dependencies, typically running the application within a Docker container on port 3000.

Access Rights and Security

Security measures implemented during deployment include:

  • Firewall and Port Management: Existing services on ports 80 and 443 are stopped to prevent conflicts. The reverse proxy handles external traffic.

  • User Privileges: Installation and configuration management require root privileges.

  • Service Isolation: The application runs within Docker containers, isolating it from the host OS.

  • SSL/TLS: All external traffic is redirected to HTTPS using Let's Encrypt certificates.

Docker Containers and Their Deployment

The deployment utilizes multiple Docker containers to manage the application and proxy services:

  • EasyPanel Container:

  • Deployed via the official installation script.

  • Listens internally on port 3000.

  • Service name: easypanel.

  • Nginx Certbot Container:

  • Image: jonasal/nginx-certbot:latest.

  • Managed via Docker Compose located at /root/nginx/compose.yml.

  • Network mode: host.

  • Volumes:

    • nginx_secrets mounted to /etc/letsencrypt.

    • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.

  • Environment: Uses [email protected] and loads variables from /data/nginx/nginx-certbot.env.

  • Traefik Container:

  • Acts as the primary reverse proxy and load balancer.

  • Manages dynamic routing and SSL termination.

  • Configuration is split between static and dynamic files.

Proxy Servers

The architecture employs a dual-proxy setup involving Nginx and Traefik to handle routing and SSL:

  • Nginx:

  • Used for specific custom configurations and SSL certificate management via Certbot.

  • Custom configuration file: /data/nginx/user_conf.d/easypanel<Server ID>.hostkey.in.conf.

  • Includes a proxy_pass directive forwarding traffic to http://127.0.0.1:3000.

  • Traefik:

  • Static Configuration: Located in /etc/traefik/traefik.yml (or similar static file).

    • Defines entry points web (port 80) and websecure (port 443).

    • Configures automatic redirection from HTTP to HTTPS.

    • Sets up the letsencrypt certificate resolver using the email [email protected].

    • Stores certificates in /etc/traefik/acme.json.

  • Dynamic Configuration: Located in /etc/traefik/dynamic/.

    • Defines the easypanel router rule: Host(easypanel<Server ID>.hostkey.in).

    • Routes traffic to the easypanel service on http://easypanel:3000.

    • Enables TLS with the letsencrypt resolver.

Permission Settings

File and directory permissions are set as follows to ensure proper operation:

  • /root/nginx/:

  • Owner: root:root.

  • Mode: 0755 (Directory).

  • /root/nginx/compose.yml:

  • Owner: root:root.

  • Mode: 0644.

  • /data/nginx/user_conf.d/:

  • Mounted into the Nginx container; host permissions must allow the container to read/write.

  • /etc/traefik/:

  • Standard system configuration permissions (typically root:root).

Location of Configuration Files and Data

The following table summarizes the critical configuration files and their locations:

File Path Description
/root/nginx/compose.yml Docker Compose definition for Nginx Certbot.
/data/nginx/user_conf.d/easypanel<Server ID>.hostkey.in.conf Custom Nginx proxy configuration for EasyPanel.
/data/nginx/nginx-certbot.env Environment variables for the Nginx Certbot container.
/etc/traefik/traefik.yml Main Traefik static configuration.
/etc/traefik/dynamic/easypanel.yml Dynamic routing configuration for EasyPanel.
/etc/traefik/acme.json Let's Encrypt certificate storage for Traefik.
/etc/letsencrypt/ Let's Encrypt certificate storage for Nginx Certbot.

Available Ports for Connection

The following ports are utilized in the deployment:

  • Port 80: HTTP entry point for Traefik (redirects to HTTPS).

  • Port 443: HTTPS entry point for Traefik (serves the EasyPanel interface).

  • Port 3000: Internal port for the EasyPanel application (not exposed directly to the public internet).

Starting, Stopping, and Updating

Service management is handled via Docker commands and the EasyPanel internal mechanisms:

  • Nginx Certbot Service:

  • Start/Restart: docker compose up -d executed from /root/nginx/.

  • Stop: docker compose down executed from /root/nginx/.

  • EasyPanel Service:

  • Managed as a Docker container.

  • Start/Stop/Restart commands depend on the container name assigned by the installation script (typically easypanel).

  • Update: Run the official installation script again to update the application version.

  • Traefik Service:

  • Managed as a Docker container.

  • Configuration changes in /etc/traefik/dynamic/ are automatically watched and applied by Traefik due to the watch: true setting in the static configuration.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×