Managing User Containers from the Terminal
In OpenPanel, each user has their own Docker context running in rootless mode. If you are familiar with Docker, you can manage a userโs files and services directly from the terminal.
SSH access as the root user on the server is required to switch between Docker contexts.
Compose Setupโ
Each userโs environment is based on:
docker-compose.yml
โ defines services, networks, and volumes..env
โ defines CPU/memory limits, Docker image tags, and custom ports.
โ ๏ธ Always edit these files via the OpenAdmin interface. The interface validates your changes. Editing directly from the terminal bypasses validation and can break services. Make a backup before any modifications.
File Structureโ
Each userโs home directory is located at:
/home/USERNAME/
It contains configuration files and user data. Example structure:
โโโ .env # Environment variables: versions, ports, CPU/memory limits
โโโ backup.env # Backup configuration
โโโ crons.ini # Cron jobs
โโโ custom.cnf # MySQL configuration
โโโ default.vcl # Varnish cache configuration
โโโ docker-compose.yml # Service definitions
โโโ docker-data # Docker storage
โ โโโ containerd # Container runtime data
โ โโโ containers # Individual container data
โ โโโ image # Docker images
โ โโโ network # Docker networks
โ โโโ overlay2 # Overlay filesystem storage
โ โโโ plugins # Docker plugins
โ โโโ volumes # Persistent data volumes
โ โโโ <USERNAME>_html_data # Website files (/var/www/html/)
โ โโโ <USERNAME>_mysql_data # MySQL database files (/var/lib/mysql/)
โโโ httpd.conf # Apache configuration
โโโ my.cnf # MySQL root credentials for service commands
โโโ nginx.conf # NGINX configuration
โโโ openlitespeed.conf # OpenLiteSpeed configuration
โโโ openresty.conf # OpenResty configuration
โโโ php.ini/ # PHP configuration files
โโโ pma.php # phpMyAdmin entry point
โโโ sockets # Sockets (MySQL, Redis, PostgreSQL, etc.)
- Website files are stored in the Docker volume
USERNAME_html_data
and physically located at:
/home/USERNAME/docker_data/volumes/USERNAME_html_data/_data/
- File ownership should match the OpenPanel user ID. Check with:
id -u USERNAME
Docker runs in rootless mode, mapping the user UID to
root
inside containers. This avoids permission issues while giving the user root-level permissions in their services.Disk quotas are enforced using the quota tool. To check disk and inodes usage for user:
quota -u USERNAME
Managing Servicesโ
Services are defined in /home/USERNAME/docker-compose.yml
. You can extend this file with custom services, but to maintain compatibility with the OpenPanel UI, follow the guidelines.
Use the userโs Docker context to manage their services. Examples:
- List running services:
docker --context=USERNAME ps -a
- Stop a service:
docker --context=USERNAME stop mysql
- Restart a service:
cd /home/USERNAME && \
docker --context=USERNAME compose down mysql && \
docker --context=USERNAME compose up -d mysql
- Exec into a service:
docker --context=USERNAME exec -it mysql bash
- View resource usage:
docker --context=USERNAME stats --no-stream
Domainsโ
Domain configuration files are stored in:
- Caddy configuration:
/etc/openpanel/caddy/domains/<DOMAIN>.conf
Each domain has its own Caddyfile. Caddy handles SSL certificates and acts as a reverse proxy to the userโs web server. For more information, see: How Web Traffic Flows with User Containers
- BIND9 zone file:
/etc/bind/zones/<DOMAIN>.db
Contains the DNS records for the domain.
Backupsโ
OpenPanel uses offen/docker-volume-backup for backups. Configuration is stored in backup.env
.
- Administrators can schedule automatic backups for users.
- Users can also enable and manage their own backups if permitted.
- Only Docker volumes are backed up, which include the actual user data (website files and databases).
For detailed instructions, see: Configuring OpenPanel Backups
Portsโ
Ports are defined in the userโs .env
file:
root@vagabundo:/# grep _PORT home/mysqlbaja/.env
HTTP_PORT="127.0.0.1:32780:80"
HTTPS_PORT="127.0.0.1:32781:443"
PROXY_HTTP_PORT="127.0.0.1:32782:80"
MYSQL_PORT="127.0.0.1:32777:3306"
PMA_PORT="32779:80"
POSTGRES_PORT="0:5432"
PGADMIN_PORT="0:80"
- Ports are generated during user creation but can be modified by the administrator. After changes, run
compose down && compose up
for the changes to take effect. - โ ๏ธ Docker rootless mode prevents the use of ports under 1024.
- Services should not expose ports externally unless remote access is required (e.g., phpMyAdmin, remote MySQL, or pgAdmin).