Skip to main content
Get 17% off the OpenPanel Enterprise Annual License with a lifetime fixed price guarantee.Get Started Now
OpenPanelDocumentation
Version: 1.6.1

Managing User Containers from the Terminal

In OpenPanel, each user has their own Docker context running in rootless mode. If you are familiar with Docker, you can manage a user’s files and services directly from the terminal.

SSH access as the root user on the server is required to switch between Docker contexts.

Compose Setup

Each user’s environment is based on:

  • docker-compose.yml – defines services, networks, and volumes.
  • .env – defines CPU/memory limits, Docker image tags, and custom ports.

⚠️ Always edit these files via the OpenAdmin interface. The interface validates your changes. Editing directly from the terminal bypasses validation and can break services. Make a backup before any modifications.

File Structure

Each user’s home directory is located at:

/home/USERNAME/

It contains configuration files and user data. Example structure:

├── .env                 # Environment variables: versions, ports, CPU/memory limits
├── backup.env           # Backup configuration
├── crons.ini            # Cron jobs
├── custom.cnf           # MySQL configuration
├── default.vcl          # Varnish cache configuration
├── docker-compose.yml   # Service definitions
├── docker-data          # Docker storage
│   ├── containerd       # Container runtime data
│   ├── containers       # Individual container data
│   ├── image            # Docker images
│   ├── network          # Docker networks
│   ├── overlay2         # Overlay filesystem storage
│   ├── plugins          # Docker plugins
│   └── volumes          # Persistent data volumes
│       ├── <USERNAME>_html_data   # Website files (/var/www/html/)
│       └── <USERNAME>_mysql_data  # MySQL database files (/var/lib/mysql/)
├── httpd.conf           # Apache configuration
├── my.cnf               # MySQL root credentials for service commands
├── nginx.conf           # NGINX configuration
├── openlitespeed.conf   # OpenLiteSpeed configuration
├── openresty.conf       # OpenResty configuration
├── php.ini/             # PHP configuration files
├── pma.php              # phpMyAdmin entry point
└── sockets              # Sockets (MySQL, Redis, PostgreSQL, etc.)
  • Website files are stored in the Docker volume USERNAME_html_data and physically located at:
/home/USERNAME/docker_data/volumes/USERNAME_html_data/_data/
  • File ownership should match the OpenPanel user ID. Check with:
id -u USERNAME

  • Docker runs in rootless mode, mapping the user UID to root inside containers. This avoids permission issues while giving the user root-level permissions in their services.

  • Disk quotas are enforced using the quota tool. To check disk and inodes usage for user:

quota -u USERNAME

Managing Services

Services are defined in /home/USERNAME/docker-compose.yml. You can extend this file with custom services, but to maintain compatibility with the OpenPanel UI, follow the guidelines.

Use the user’s Docker context to manage their services. Examples:

  • List running services:
docker --context=USERNAME ps -a
  • Stop a service:
docker --context=USERNAME stop mysql
  • Restart a service:
cd /home/USERNAME && \
docker --context=USERNAME compose down mysql && \
docker --context=USERNAME compose up -d mysql
  • Exec into a service:
docker --context=USERNAME exec -it mysql bash
  • View resource usage:
docker --context=USERNAME stats --no-stream

Domains

Domain configuration files are stored in:

  • Caddy configuration:
/etc/openpanel/caddy/domains/<DOMAIN>.conf

Each domain has its own Caddyfile. Caddy handles SSL certificates and acts as a reverse proxy to the user’s web server. For more information, see: How Web Traffic Flows with User Containers

  • BIND9 zone file:
/etc/bind/zones/<DOMAIN>.db

Contains the DNS records for the domain.

Backups

OpenPanel uses offen/docker-volume-backup for backups. Configuration is stored in backup.env.

  • Administrators can schedule automatic backups for users.
  • Users can also enable and manage their own backups if permitted.
  • Only Docker volumes are backed up, which include the actual user data (website files and databases).

For detailed instructions, see: Configuring OpenPanel Backups

Ports

Ports are defined in the user’s .env file:

root@vagabundo:/# grep _PORT home/mysqlbaja/.env 
HTTP_PORT="127.0.0.1:32780:80"
HTTPS_PORT="127.0.0.1:32781:443"
PROXY_HTTP_PORT="127.0.0.1:32782:80" 
MYSQL_PORT="127.0.0.1:32777:3306"
PMA_PORT="32779:80"
POSTGRES_PORT="0:5432"
PGADMIN_PORT="0:80"
  • Ports are generated during user creation but can be modified by the administrator. After changes, run compose down && compose up for the changes to take effect.
  • ⚠️ Docker rootless mode prevents the use of ports under 1024.
  • Services should not expose ports externally unless remote access is required (e.g., phpMyAdmin, remote MySQL, or pgAdmin).
Previous
Hard Limits
Next
User Isolation
Was this helpful?