Skip to content

Get immediate

Dev Support

on our community forums

Services

OpenPanel uses the following services:

Nginx

Nginx is used as a reverse proxy to redirect traffic from and to user websites in their docker containers.

Nginx main configuration file location: /etc/openpanel/nginx/nginx.conf

This file is generated at the time of OpenPanel installation and remains unchanged during updates, allowing for the addition of custom configurations without the risk of them being overwritten by subsequent updates.

The /var/log/nginx/domlogs/ directory serves as the repository for access logs of all domains. Within this folder, each domain is allocated its own file for logging purposes. For instance, the access logs for the domain pejcic.rs are stored in the file named /var/log/nginx/domlogs/pejcic.rs.log.

The /etc/openpanel/nginx/vhosts/default.conf file acts as the default configuration file, which restricts access to domains that are not hosted on the server. It is recommended not to modify this file.

default vhost file template

Virtual host files for each domain are situated within the /etc/nginx/sites-enabled/ directory. For example, the virtual host file for the domain pejcic.rs can be found at /etc/nginx/sites-enabled/pejcic.rs.conf.

VrutalHosts template for domains

/etc/openpanel/nginx/vhosts/openpanel_proxy.conf allows users to access /phpmyadmin and /openpanel from their domains.

default penpanel_proxy.conf

This can be changed by the Administrator from OpenAdmin > General Settings

/etc/openpanel/nginx/error_pages directory is used to store configuration and templates for Nginx error pages.

Each domain has a configuration file where user can block IP addresses per domain: /etc/openpanel/openpanel/core/users/<USERNAME>/domains/<DOMAIN_NAME>-block_ips.conf.

Nginx service uses the following log files:

  • error log: /var/log/nginx/error.log
  • access log: /var/log/nginx/access.log

There is a known issue with the Nginx service on servers operating behind NAT (such as those on Azure, AWS, etc.) that do not have a public IP assigned directly to them, which can cause the Nginx service to fail to start. To circumvent this problem, the OpenPanel installation procedure includes a check for this scenario and, if necessary, applies an additional configuration as advised. This step ensures that Nginx can successfully start and operate even in environments where the server is behind NAT and lacks a public IP address.

Docker

Docker is used to isolate user accounts and provide them a VPS-like experience.

During OpenPanel installation process, defualt storage driver for Docker is set to either overlay2 or devicemapper.

Difference between devicemapper and overlay2 docker storage engines:

devicemapperoverlay2
Disk limitsAllows you to set disk limits per userDoes not allow disk limits per user
Speedslower creation speed and startup on server restartfaster account creation and server startup
Resizingpossible to downgrade account disk sizedisk size can not bw downgraded
Recommendedfor shared hosting servers with 10+ usersfor VPS where you manage all users

Configuration file /etc/docker/daemon.json is not modified on update.

MySQL

INFO

Starting 0.1.7 OpenPanel uses MySQL docker container and data is stored inside openpanel_mysql_data volume. Info

MySQL is used as a database to store all user related information:

  • Users
  • Plans
  • Domains
  • Websites

MySQL login information is stored in file: /etc/openpanel/mysql/db.conf. This file is used by the OpenAdmin and OpenPanel services. This file is also symlinked to the /etc/my.cnf that is used when running mysql commands on the terminal or OpenCLI.

SQLite

SQLite database is used by the OpenAdmin panel in order to completely separate the Admin and end-user interface.

Database file: /etc/openpanel/openadmin/users.db

Named

Named (BIND9) service is used for DNS.

Administrators can set custom nameservers on OpenAdmin > OpenPanel Settings to be used for OpenPanel websites.

default named.conf.options` configuration file

GoAccess

OpenPanel uses GoAccess to generate beautiful HTML reports from Nginx access logs for each domain.

Starting with OpenPanel version 0.1.7, goaccess is no more installed on the server. Instead, it's executed within Docker containers when required to parse domain access logs.

OpenPanel also downloads GeoIPLite2 City and Country databases in order to display location info for each IP address in reports.

To customize these reports edit the /etc/openpanel/goaccess/goaccess.conf file.

ModSecurity

OpenPanel installation does not setup ModSecurity. Installation of ModSecurity is optional.

Certbot

OpenPanel employs Certbot, a free, open-source software tool, for generating, renewing, and configuring Let's Encrypt SSL certificates for all domains added by users. This integration facilitates the secure encryption of web traffic by providing and managing SSL/TLS certificates for websites hosted on the panel, ensuring that all communications between the server and its visitors are securely encrypted.

UFW

UncomplicatedFirewall (UFW) is utilized by OpenPanel to manage access to users' services and websites. OpenPanel configures UFW to open only the necessary ports for each user.

Upon installation of OpenPanel, all access is initially blocked, with exceptions made for the following ports:

22/tcp                    # for SSH
80/tcp                    # for HTTP websites via Nginx
53                        # for DNS services using Named service
443/tcp                   # for HTTPS websites via Nginx
2083/tcp                  # as the default port for OpenPanel
2087/tcp                  # as the default port for OpenAdmin

On installation, OpenPanel whitelists the IP address of the admin user who installs OpenPanel, ensuring they retain access.

For each user created, OpenPanel configures UFW to open necessary random ports for their specific services, such as remote MySQL access, SSH, and phpMyAdmin. This ensures users have the required access while maintaining security by not using standard ports for these services.

Here's an example of random ports opened for a user, each accompanied by a comment for identification:

Example random ports opened for a user:

32772/tcp                  ALLOW       Anywhere                   # stefan
32770/tcp                  ALLOW       Anywhere                   # stefan
32769/tcp                  ALLOW       Anywhere                   # stefan
32768/tcp                  ALLOW       Anywhere                   # stefan

These ports are uniquely assigned and are indicated in the firewall settings with a comment (e.g., # stefan) to identify the specific user they are associated with.

If you are using external firewall, open the following port range:

32768:60999               # Docker range

NOTE: If you have other docker containers not run by OpenPanel, be cautious when opening the docker range, as it will expose those containers as well.

OpenPanel

openpanel/openpanel docker image is used to provide access to the OpenPanel interface that allows users to manage their accounts.

OpenPanel is a Flask-based application that uses MySQL to store user data and operates on the Gunicorn web server. This configuration ensures that OpenPanel remains functional even if the Nginx service is down, thereby providing complete isolation between user websites and the admin panel.

OpenPanel operates in production mode by default, logging only errors and access logs. For developers needing more detailed logs for troubleshooting or development purposes, it is possible to switch to a more verbose logging mode by stopping the OpenPanel service and running the Flask application directly with specific commands.

To temporarily stop the OpenPanel service for this purpose, use the following command: docker stop openpanel

OpenAdmin

admin service is used by the OpenAdmin interface.

OpenAdmin is a Flask application that utilizes SQLite for its database and runs on a separate Gunicorn instance. It operates independently from the OpenPanel and Nginx services.

Released under the MIT License.