Skip to content

Deployment Overview of FASTPANEL on Server

Prerequisites and Basic Requirements

To ensure a successful deployment, the following requirements must be met:

  • Operating System: Debian or RHEL-based distributions.

  • Privileges: Root access or sudo privileges are required for installation and package management.

  • Network/Ports:

    • Port 8888 (Internal)

    • Port 443 (External HTTPS)

FQDN of the final panel on the hostkey.in domain

The panel is accessible via the following format: fastpanel<Server ID>.hostkey.in

File and Directory Structure

The deployment utilizes specific directories for configuration, SSL certificates, and Nginx management:

Path Description
/root/nginx Contains Docker Compose files and orchestration data
/data/nginx Main directory for Nginx configurations and environment variables
/data/nginx/user_conf.d Directory containing site-specific Nginx configuration files
/data/nginx/letsencrypt Webroot directory for Let's Encrypt ACME challenges

Application installation process

The application is installed using the official FASTPANEL installer script:

  1. The system package cache is updated (via apt or yum).

  2. The wget utility is installed if not present.

  3. The installation script is executed via: 

    wget http://repo.fastpanel.direct/install_fastpanel.sh -O - | bash -

Access Rights and Security

  • User Management: A system user named fastuser is created to manage the application environment.

  • Password Security: The password for fastuser is automatically set during installation using a secure hash.

  • Proxy Security: Nginx is configured as a reverse proxy, forwarding traffic from port 443 to the internal service on port 8888 with SSL termination and header preservation (X-Forwarded-For, X-Real-IP, etc.).

Proxy Servers

The deployment utilizes a Dockerized Nginx instance combined with Certbot for automated SSL management.

  • Image: jonasal/nginx-certbot:latest

  • SSL Management:

    • Uses Let's Encrypt via Certbot.

    • Automated renewal is configured with an interval of 8d.

    • The configuration utilizes a webroot method for ACME challenges located at /var/www/letsencrypt.

  • Nginx Configuration:

    • A two-stage deployment process: first, an HTTP-only configuration is applied to facilitate the ACME challenge; second, an HTTPS block is applied once certificates are obtained.

    • The proxy configuration includes support for WebSockets (Upgrade and Connection headers).

Docker Containers and Their Deployment

The Nginx reverse proxy runs as a Docker container with the following characteristics:

services:
  nginx:
    image: jonasal/nginx-certbot:latest
    restart: unless-stopped
    network_mode: host
    env_file:

      - /data/nginx/nginx-certbot.env
    volumes:

      - nginx_secrets:/etc/letsencrypt

      - /data/nginx/user_conf.d:/etc/nginx/user_conf.d

      - /data/nginx/letsencrypt:/var/www/letsencrypt

Location of configuration files and data

The following files manage the operational state of the proxy:

File Path Purpose
/root/nginx/compose.yml Docker Compose orchestration file
/data/nginx/nginx-certbot.env Environment variables for the Nginx container (e.g., RENEWAL_INTERVAL)
/data/nginx/user_conf.d/{domain}.conf Specific Nginx server blocks for the domain

Available ports for connection

The following ports are utilized by the system:

  • 443: External HTTPS access via Nginx proxy.

  • 80: HTTP redirection to HTTPS and ACME challenge handling.

  • 8888: Internal service communication (Fastpanel backend).

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×