Skip to content

Deployment Overview of OutlineVPN on Server

Prerequisites and Basic Requirements

The following requirements must be met before deploying OutlineVPN on the server:

  • Operating System: Ubuntu (implied by package manager usage in installation tasks).

  • Privileges: Root access is required to execute installation scripts and manage Docker containers.

  • Domain: The server must be configured to resolve the hostkey.in zone.

  • Ports: Port 8080 is used internally for the OutlineVPN manager, while ports 80 and 443 are required for the Nginx proxy and SSL termination.

FQDN of the Final Panel

The OutlineVPN management panel is accessible via the following Fully Qualified Domain Name (FQDN) format:

  • OutlineVPN<Server ID>.hostkey.in

The service listens on the standard HTTP/HTTPS ports managed by the Nginx proxy.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates:

  • /root/nginx/: Contains the Docker Compose configuration for the proxy.

  • /root/install_outline.sh: The installation script downloaded from the official repository.

  • /root/outline_api_key.txt: Stores the generated API key and server IP address.

  • /data/nginx/user_conf.d/: Contains custom Nginx configuration files for the specific server instance.

  • /data/nginx/nginx-certbot.env: Environment file for the Nginx-Certbot container.

  • /etc/letsencrypt/: Mount point for SSL certificates managed by the Docker volume nginx_secrets.

Application Installation Process

The OutlineVPN server is installed using the official installation script provided by Jigsaw. The process involves the following steps:

  1. Install the curl package using the system package manager.

  2. Download the installation script from https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh to /root/install_outline.sh.

  3. Execute the script with root privileges: 

    /root/install_outline.sh

  4. Upon successful execution, the script outputs the API key and server IP, which are automatically saved to /root/outline_api_key.txt.

Docker Containers and Their Deployment

The reverse proxy and SSL certificate management are handled by Docker containers defined in a Compose file.

Docker Compose Configuration

The configuration file is located at /root/nginx/compose.yml. It defines a single service named nginx using the jonasal/nginx-certbot:latest image.

Service Parameters

Parameter Value
Image jonasal/nginx-certbot:latest
Restart Policy unless-stopped
Network Mode host
Email for Certbot [email protected]
Environment File /data/nginx/nginx-certbot.env

Volume Mounts

  • nginx_secrets: Mounted to /etc/letsencrypt inside the container (external volume).

  • /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d inside the container.

Deployment Command

To start the proxy services, execute the following command from the configuration directory: 

docker compose up -d
This command is executed from the /root/nginx directory.

Proxy Servers

Nginx acts as the reverse proxy for the OutlineVPN manager, handling SSL termination via Certbot.

Configuration Details

  • Proxy Target: The Nginx configuration forwards traffic to the OutlineVPN manager running locally on port 8080.

  • Configuration File: The specific server configuration is located at /data/nginx/user_conf.d/OutlineVPN<Server ID>.hostkey.in.conf.

  • Routing Rule: The location / block contains the directive proxy_pass http://127.0.0.1:8080;.

  • SSL: Certificates are automatically managed by the nginx-certbot container and stored in the nginx_secrets volume.

Permission Settings

The following permissions are applied to critical files and directories:

  • /root/nginx/: Mode 0755, owned by root:root.

  • /root/nginx/compose.yml: Mode 0644, owned by root:root.

  • /root/outline_api_key.txt: Mode 0600, owned by root.

  • /root/install_outline.sh: Mode 0755.

Location of Configuration Files and Data

Key configuration and data files are stored in the following locations:

  • Docker Compose: /root/nginx/compose.yml

  • Nginx Custom Config: /data/nginx/user_conf.d/OutlineVPN<Server ID>.hostkey.in.conf

  • Certbot Environment: /data/nginx/nginx-certbot.env

  • API Credentials: /root/outline_api_key.txt

  • SSL Certificates: Managed within the Docker volume nginx_secrets (mounted at /etc/letsencrypt in the container).

Available Ports for Connection

The following ports are utilized by the deployment:

  • 8080: Internal port for the OutlineVPN Manager API (proxied by Nginx).

  • 80: HTTP traffic for the Nginx proxy (used for SSL redirection and Let's Encrypt validation).

  • 443: HTTPS traffic for the Nginx proxy (secure access to the OutlineVPN Manager).

Starting, Stopping, and Updating

The proxy services are managed via Docker Compose.

Start Services

To start the Nginx and Certbot containers: 

cd /root/nginx
docker compose up -d

Stop Services

To stop the containers: 

cd /root/nginx
docker compose down

Update Services

To update the containers to the latest image version: 

cd /root/nginx
docker compose pull
docker compose up -d

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×