Deployment Overview of DeepSeek on Server¶

Prerequisites and Basic Requirements¶

• Operating System: Linux-based server.

• Privileges: Root or sudo access is required for configuration and service management.

• Domain: hostkey.in.

• Ports:

  • Port 80: HTTP traffic and ACME challenge validation.

  • Port 443: HTTPS traffic for secure access.

  • Port 3000: Internal application service port.

  • Port 8080: Internal proxy target port.

Final Panel Access¶

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

• FQDN: deepseek<Server ID>.hostkey.in

• Port: 443 (HTTPS)

File and Directory Structure¶

The deployment utilizes the following directory structure for configuration and data:

• Nginx Configuration: /data/nginx/user_conf.d/

  • Contains specific server block configurations for the application.

• Nginx Certbot Environment: /data/nginx/nginx-certbot.env

• Docker Compose Configuration: /root/nginx/compose.yml

• Docker Secrets: Mounted externally as nginx_secrets (mapped to /etc/letsencrypt inside the container).

Application Installation Process¶

The application is deployed using Docker containers. The installation involves preparing the configuration directory and executing a Docker Compose stack:

• Container Image: jonasal/nginx-certbot:latest

• Configuration Script: The primary orchestration is handled via a compose.yml file located at /root/nginx/compose.yml.

• Directory Setup: The /root/nginx directory is created to host the Docker Compose file.

Docker Containers and Their Deployment¶

The system runs a single container stack managed by Docker Compose.

Container Configuration¶

• Service Name: nginx

• Image: jonasal/nginx-certbot:latest

• Restart Policy: unless-stopped

• Network Mode: host

• Environment Variables:

  • CERTBOT_EMAIL: Set to [email protected]

Volume Mounts¶

The container utilizes the following volume mappings:

• nginx_secrets (external) -> /etc/letsencrypt

• /data/nginx/user_conf.d -> /etc/nginx/user_conf.d

Deployment Command¶

To deploy or update the container stack, the following command is executed from the /root/nginx directory:

docker compose up -d

Proxy Servers¶

Access to the application is managed via an Nginx reverse proxy with SSL termination.

Nginx Configuration Files¶

• HTTPS Configuration: /data/nginx/user_conf.d/deepseek<Server ID>.hostkey.in.conf

  • Handles HTTPS traffic on port 443.

  • Configured to forward requests to http://127.0.0.1:8080.

  • Includes proxy_set_header Host $host to pass the original host header.

• HTTP Configuration: /data/nginx/user_conf.d/deepseek<Server ID>.hostkey.in.http.conf

  • Listens on port 80.

  • Redirects all traffic to HTTPS.

  • Serves ACME challenges for certificate issuance at /.well-known/acme-challenge/.

SSL and Certificate Management¶

• Certificate Authority: Let's Encrypt.

• Validation Method: HTTP-01 challenge served via the Nginx container.

• Webroot Path: /var/www/certbot (inside the container).

Permission Settings¶

File permissions are set as follows to ensure security and proper access:

• Directory: /root/nginx

  • Owner: root

  • Group: root

  • Mode: 0755

• File: /root/nginx/compose.yml

  • Owner: root

  • Group: root

  • Mode: 0644

• Nginx Config Files: /data/nginx/user_conf.d/*.conf

  • Mode: 0644

Starting, Stopping, and Updating¶

Service management is performed using Docker Compose commands within the /root/nginx directory.

• Start or Update:

  docker compose up -d
  

• Stop:

  docker compose down
  

• Verify Nginx Configuration (inside container):

  docker exec nginx-nginx-1 nginx -t
  

• Reload Nginx (inside container):

  docker exec nginx-nginx-1 nginx -s reload