Deployment Overview of EasyPanel on Server¶

Prerequisites and Basic Requirements¶

Before deploying EasyPanel, ensure the server environment meets the following specifications:

• Operating System: Ubuntu (compatible with the provided installation script).

• Privileges: Root access is required to execute the official installation script and manage Docker containers.

• Domain Configuration: The server must be configured to resolve the FQDN under the hostkey.in zone.

• Port Availability: Ports 80 and 443 must be free for the proxy and SSL termination. Ports 3000 is used internally by the EasyPanel application.

• Existing Services: Any existing web servers (Nginx, Apache2) or Docker containers occupying ports 80 and 443 will be stopped or uninstalled to prevent conflicts.

FQDN of the Final Panel¶

The application is accessible via the following fully qualified domain name (FQDN) format:

• <prefix><Server ID>.hostkey.in:443

• Based on the configuration variables, the specific hostname pattern is easypanel<Server ID>.hostkey.in.

• The external access port is 443 (HTTPS), which is the standard port for the proxy gateway.

File and Directory Structure¶

The deployment utilizes specific directories for configuration files, data storage, and container secrets:

• /root/nginx: Directory containing the Docker Compose configuration for the Nginx-Certbot proxy.

• /root/nginx/compose.yml: The Docker Compose file defining the Nginx service.

• /data/nginx/user_conf.d/: Directory storing custom Nginx configuration files.

• /data/nginx/user_conf.d/easypanel<Server ID>.hostkey.in.conf: Specific configuration file for the EasyPanel proxy pass.

• /data/nginx/nginx-certbot.env: Environment file used by the Nginx container.

• /etc/traefik/dynamic/: Directory for Traefik dynamic configuration files.

• /etc/traefik/acme.json: Storage file for Let's Encrypt SSL certificates.

• /etc/letsencrypt: Volume mount point for Nginx-Certbot SSL secrets.

Application Installation Process¶

EasyPanel is installed using the official installation script provided by the developers. The deployment script performs the following actions:

1. Stops any existing Nginx or Apache2 services.

2. Stops Docker containers currently publishing on ports 80 and 443.

3. Leaves an active Docker Swarm if present to ensure a standalone environment.

4. Executes the official installer:

   curl -sSL https://get.easypanel.io | sh
   

   This script is executed in the /root directory with error checking enabled.

Docker Containers and Their Deployment¶

The deployment relies on two primary Docker-based components: the EasyPanel application and the reverse proxy stack.

Nginx-Certbot Proxy¶

The Nginx proxy is deployed via Docker Compose using the image jonasal/nginx-certbot:latest.

• Restart Policy: unless-stopped.

• Network Mode: host.

• Environment: Configured with the email [email protected] via the nginx-certbot.env file.

• Volumes:

  • nginx_secrets mounted at /etc/letsencrypt.

  • /data/nginx/user_conf.d mounted at /etc/nginx/user_conf.d.

Traefik Configuration¶

Traefik is configured as a dynamic router to manage traffic. The static configuration is stored in /etc/traefik/static (implied by standard paths) and dynamic configurations are placed in /opt/traefik/dynamic.

• Entry Points:

  • web listening on port 80.

  • websecure listening on port 443.

• Service Routing:

  • Router easypanel matches the host easypanel<Server ID>.hostkey.in.

  • Service easypanel loads balances traffic to the internal container easypanel on port 3000.

  • passHostHeader is enabled to ensure the application receives the original host header.

Proxy Servers and SSL Configuration¶

Traffic is routed through Nginx and Traefik to handle SSL termination and HTTP redirection.

Nginx Proxy¶

A custom Nginx configuration is generated at /data/nginx/user_conf.d/easypanel<Server ID>.hostkey.in.conf. This configuration includes:

• A location block for the root path /.

• A proxy_pass directive forwarding requests to http://127.0.0.1:3000.

Traefik and SSL¶

Traefik manages the SSL certificates using the Let's Encrypt ACME protocol.

• Certificate Resolver: letsencrypt.

• ACME Email: [email protected].

• Certificate Storage: /opt/traefik/acme.json.

• HTTP Challenge: Performed via the web entry point (port 80).

• Redirection: All HTTP traffic on port 80 is permanently redirected to HTTPS (websecure).

Permission Settings¶

The following permissions are applied to ensure the correct operation of the services and configuration files:

• /root/nginx: Directory created with 0755 permissions, owned by root:root.

• /root/nginx/compose.yml: File created with 0644 permissions, owned by root:root.

• Nginx configuration files in /data/nginx/user_conf.d/: Managed by the deployment process to ensure root ownership for modification.

Available Ports for Connection¶

The following ports are utilized by the deployed infrastructure:

• Port 80 (HTTP): Used for SSL certificate validation challenges and automatic redirection to HTTPS.

• Port 443 (HTTPS): Primary access port for the EasyPanel web interface.

• Port 3000 (TCP): Internal port used by the EasyPanel application container. It is not exposed directly to the public network but is reachable internally by the proxy.

Starting, Stopping, and Updating¶

Service management for the proxy and application is handled through Docker commands.

Managing the Proxy¶

To manage the Nginx-Certbot proxy service defined in /root/nginx:

• Start/Update:

  cd /root/nginx
  docker compose up -d
  

• Stop:

  cd /root/nginx
  docker compose down
  

Managing EasyPanel¶

EasyPanel is managed as a Docker container. Standard Docker commands apply:

• View Status:

  docker ps | grep easypanel
  

• Restart:

  docker restart easypanel
  

• Update:

  docker compose pull
  docker compose up -d
  

  (Note: Specific update commands may vary depending on the container orchestration method used by the official installer script.)