Deployment Overview of Hiddify on Server¶

Prerequisites and Basic Requirements¶

To successfully deploy Hiddify on the server, the following requirements must be met:

• Operating System: Ubuntu (compatible with apt package manager).

• Privileges: The deployment script and subsequent management tasks require root privileges (sudo or direct root access).

• Domain: The application utilizes the hostkey.in zone with a specific prefix.

• Ports:

• External Traffic: Port 443 (HTTPS).

• Internal Traffic: The internal port is configured dynamically or defaults to standard HTTP/HTTPS ports depending on the Nginx setup.

• Network: The server must have outbound internet access to download dependencies and certificates, and inbound access on port 443.

FQDN of the Final Panel¶

The fully qualified domain name (FQDN) for accessing the Hiddify panel follows the pattern defined in the configuration variables. The endpoint is constructed using the prefix hiddify and the server identifier:

• Format: hiddify<ServerID>.hostkey.in:443

• Note: The specific <ServerID> is substituted during the deployment process to form the unique domain name (e.g., hiddify123.hostkey.in).

File and Directory Structure¶

The deployment creates and utilizes the following directory structure for configurations, data, and certificates:

• /root/nginx: Contains the Docker Compose file for the reverse proxy and SSL management.

• /root/nginx/compose.yml: The Docker Compose configuration for the Nginx and Certbot services.

• /data/nginx/nginx-certbot.env: Environment variables for the Nginx/Certbot container.

• /data/nginx/user_conf.d: Directory for Nginx user configuration files (SSL and proxy settings).

• /data/nginx/nginx-certbot.env: Environment file containing configuration for the Let's Encrypt email and other Nginx settings.

• /opt/hiddify-config: The installation directory for the Hiddify application and its components.

• /opt/hiddify-config/config.env: Environment configuration file for Hiddify.

Application Installation Process¶

The Hiddify application is installed via a shell script that automates dependency installation, downloading the release archive, and configuring the environment.

1. System Preparation:

   • The system updates package lists and upgrades existing packages.

   • Essential tools such as curl and unzip are installed.

2. Download and Extraction:

   • The script downloads the latest release of hiddify-config from the official repository.

   • The archive is extracted to /opt/hiddify-config.

3. Configuration:

   • A config.env file is generated in /opt/hiddify-config with the MAIN_DOMAIN variable set to the specific server instance domain (e.g., {{ hostid }}.hostkey.in).

4. Execution:

   • The installer script located at /root/download.sh is executed with the release and --no-gui flags to install the core components.

   • The main application installer (install.sh) is run from the /opt/hiddify-config directory.

Docker Containers and Their Deployment¶

The deployment utilizes Docker to manage the reverse proxy and SSL termination. The containers are orchestrated using Docker Compose.

• Directory: /root/nginx

• Orchestration File: /root/nginx/compose.yml

• Service: nginx

• Image: jonasal/nginx-certbot:latest

• Restart Policy: unless-stopped

• Network Mode: host

• Volumes:

  • nginx_secrets: Mounted at /etc/letsencrypt (External volume).

  • /data/nginx/user_conf.d: Mounted at /etc/nginx/user_conf.d (Host directory).

• Environment:

  • CERTBOT_EMAIL: Set to [email protected].

Proxy Servers (Nginx, Traefik, SSL, Custom Domains, Certbot)¶

The application uses an Nginx container integrated with Certbot for SSL certificate management and reverse proxying.

• Proxy Type: Nginx with Certbot (jonasal/nginx-certbot).

• SSL/TLS: Handled automatically via Let's Encrypt certificates stored in the nginx_secrets volume.

• Reverse Proxy Configuration:

• The Nginx container maps incoming traffic on port 443 to the internal Hiddify service.

• Custom domain configurations are loaded from /data/nginx/user_conf.d.

• Environment: SSL certificates are issued for the domain hiddify<ServerID>.hostkey.in.

Permission Settings¶

File and directory permissions are set during the deployment to ensure secure operation:

• /root/nginx: Set to 0755 with owner root and group root.

• /root/nginx/compose.yml: Set to 0644 with owner root and group root.

• /opt/hiddify-config: Created by the installation script with default system permissions for the root user.

• /root/download.sh: Set to 0755 to allow execution.

Location of Configuration Files and Data¶

Key configuration and data files are located in the following paths:

• Hiddify Configuration: /opt/hiddify-config/config.env

• Nginx Compose File: /root/nginx/compose.yml

• Nginx Environment: /data/nginx/nginx-certbot.env

• SSL Certificates: Managed by the Docker volume nginx_secrets, mapped to /etc/letsencrypt inside the container.

• Nginx Site Configs: Located in /data/nginx/user_conf.d.

Available Ports for Connection¶

The following ports are utilized for external and internal communication:

• Port 443: External HTTPS traffic for accessing the Hiddify panel.

• Internal Path: Traffic is routed to the internal path / which maps to the Hiddify service.

• External Path: The external endpoint is accessed at /.

Starting, Stopping, and Updating¶

Management of the reverse proxy service is handled via Docker Compose within the /root/nginx directory.

• Start Service:

  cd /root/nginx
  docker compose up -d
  

• Stop Service:

  cd /root/nginx
  docker compose down
  

• Update Service: Since the Nginx image uses the latest tag, pulling the latest image and restarting the container applies updates:

  cd /root/nginx
  docker compose pull
  docker compose up -d
  

• Application Updates: To update the Hiddify application itself, the installation script located at /opt/hiddify-config must be re-executed or the specific update mechanism provided by the Hiddify package should be followed (typically re-running the install.sh script after downloading the latest release).