Skip to content

Deployment Overview of Hiddify on Server

Prerequisites and Basic Requirements

The following requirements must be met before deploying the Hiddify application:

  • Operating System: Ubuntu (Debian-based)
  • Privileges: Root access is mandatory for all installation and configuration steps
  • Network: Access to the internet for downloading packages and scripts
  • Domain: A custom domain is configured via the MAIN_DOMAIN variable in the environment file
  • Ports: The application utilizes standard web ports for the proxy and management interface

File and Directory Structure

The deployment creates specific directories and files to manage the application, configurations, and certificates:

  • /root/nginx: Directory containing the Docker Compose configuration for the Nginx proxy and Certbot
  • /root/nginx/compose.yml: Docker Compose file defining the Nginx service
  • /root/download.sh: The initial download script for the Hiddify Manager
  • /opt/hiddify-config: The primary installation directory for the Hiddify application
  • /opt/hiddify-config/config.env: Environment file containing the main domain configuration
  • /data/nginx/user_conf.d: Directory for user-specific Nginx configuration files
  • /data/nginx/nginx-certbot.env: Environment file for the Nginx-Certbot service
  • /etc/letsencrypt: Volume mount point for SSL certificates managed by Certbot

Application Installation Process

The Hiddify application is installed using a shell script that downloads the latest release and configures the environment. The process involves the following steps:

  1. Update the system package list and upgrade existing packages using apt.
  2. Install required utilities such as curl and unzip.
  3. Create the target directory at /opt/hiddify-config.
  4. Download the latest release archive from the Hiddify GitHub repository.
  5. Extract the archive contents into the target directory.
  6. Generate the config.env file with the specific domain configuration.
  7. Execute the install.sh script included in the release to finalize the setup.

The installation script is executed with the following command structure:

curl -L -o hiddify-config.zip https://github.com/hiddify/hiddify-config/releases/latest/download/hiddify-config.zip
unzip -o hiddify-config.zip
rm hiddify-config.zip

The environment variable MAIN_DOMAIN is set in the config.env file to define the host identifier, for example:

MAIN_DOMAIN={{ hostid }}.hostkey.in

Docker Containers and Their Deployment

The deployment utilizes Docker to run the Nginx reverse proxy and SSL certificate management. The container is defined in the /root/nginx/compose.yml file.

The Docker Compose configuration includes the following service:

  • Service Name: nginx
  • Image: jonasal/nginx-certbot:latest
  • Restart Policy: unless-stopped
  • Network Mode: host
  • Environment Variables:
  • CERTBOT_EMAIL: Set to [email protected]
  • Additional variables loaded from /data/nginx/nginx-certbot.env
  • Volumes:
  • nginx_secrets: Mounted to /etc/letsencrypt for certificate storage
  • /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d for custom configurations

To start the container, the following command is executed from the /root/nginx directory:

docker compose up -d

Proxy Servers

The Nginx container acts as a reverse proxy and handles SSL certificate generation via Certbot.

  • Proxy Configuration: Custom Nginx configurations are stored in /data/nginx/user_conf.d and mounted into the container.
  • SSL Certificates: Managed automatically by the nginx-certbot image. Certificates are stored in the nginx_secrets volume.
  • Domain Handling: The MAIN_DOMAIN variable in the application configuration determines the domain served by the proxy.
  • Email Configuration: The CERTBOT_EMAIL environment variable is set to [email protected] for certificate renewal notifications.

Access Rights and Security

Security and access control are enforced through the following mechanisms:

  • Root Privileges: The installation script and Docker commands require root privileges. The script explicitly checks for root access and exits if not running as root.
  • Directory Permissions:
  • /root/nginx: Owned by root with mode 0755.
  • /root/nginx/compose.yml: Owned by root with mode 0644.
  • Package Management: Unused packages are purged, and the system is upgraded to the latest safe versions to minimize vulnerabilities.
  • Network Isolation: The Nginx container runs in host network mode, relying on the host's firewall and network configuration for external access control.

Starting, Stopping, and Updating

The application and its associated services are managed via Docker Compose and the Hiddify installation scripts.

  • Starting the Proxy: 
    cd /root/nginx
docker compose up -d
  • Updating the System: The system packages are updated using apt upgrade with the --force-confdef and --force-confold options to handle configuration file prompts non-interactively.
  • Updating the Application: To update Hiddify, the download script (download.sh) or the manual download process described in the installation section must be re-executed to fetch the latest release from the GitHub repository.
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×