Architecture β
Understanding how Minepanel works under the hood.
Overview β
Minepanel is a web-based Minecraft server management panel built with modern technologies. It uses a microservices architecture where each component is containerized and communicates through well-defined interfaces.
Components β
1. Frontend (Next.js) β
Technology Stack:
- Next.js 14 - React framework
- React 18 - UI library
- TypeScript - Type safety
- TailwindCSS - Styling
- shadcn/ui - UI components
- React Query - Data fetching
Responsibilities:
- Render the web interface
- Handle user interactions
- Manage application state
- Make API calls to backend
- Display real-time data
- Route management
Key Features:
- Server-side rendering (SSR) for fast initial load
- Static generation for optimal performance
- Client-side routing for smooth navigation
- Real-time updates without page refresh
- Responsive design for all devices
Directory Structure:
frontend/
βββ src/
β βββ app/ # Next.js 14 App Router
β β βββ page.tsx # Home page
β β βββ layout.tsx # Root layout
β β βββ dashboard/ # Dashboard pages
β βββ components/ # React components
β β βββ ui/ # Base UI components
β β βββ molecules/ # Composite components
β β βββ organisms/ # Complex components
β βββ lib/ # Utilities
β β βββ hooks/ # Custom React hooks
β β βββ translations/ # i18n files
β β βββ types/ # TypeScript types
β βββ services/ # API clients
βββ public/ # Static assets2. Backend (NestJS) β
Technology Stack:
- NestJS - Node.js framework
- TypeScript - Type safety
- Dockerode - Docker API client
- bcrypt - Password hashing
- Passport.js - Authentication
Responsibilities:
- Expose REST API
- Authenticate users
- Manage Docker containers
- Execute server commands
- Monitor resources
- Handle file operations
- Manage server lifecycle
Key Features:
- RESTful API design
- JWT authentication
- Docker integration via socket
- Real-time log streaming
- Error handling and validation
- Type-safe with TypeScript
Directory Structure:
backend/
βββ src/
β βββ main.ts # Application entry point
β βββ app.module.ts # Root module
β βββ auth/ # Authentication module
β β βββ auth.controller.ts
β β βββ auth.service.ts
β β βββ jwt.strategy.ts
β β βββ local.strategy.ts
β βββ server-management/ # Server management module
β β βββ server-management.controller.ts
β β βββ server-management.service.ts
β β βββ dto/
β β βββ server-config.model.ts
β βββ docker-compose/ # Docker Compose integration
β βββ docker-compose.service.ts
β βββ docker-compose.service.spec.ts
βββ test/ # TestsAPI Endpoints:
typescript
// Authentication
POST /auth/login # Login
POST /auth/logout # Logout
GET /auth/profile # Get current user
// Servers
GET /servers # List all servers
POST /servers # Create new server
GET /servers/:id # Get server details
PUT /servers/:id # Update server
DELETE /servers/:id # Delete server
// Server Control
POST /servers/:id/start # Start server
POST /servers/:id/stop # Stop server
POST /servers/:id/restart # Restart server
// Server Data
GET /servers/:id/logs # Stream logs
POST /servers/:id/command # Execute command
GET /servers/:id/stats # Get resource stats
GET /servers/:id/players # Get online players3. Filebrowser β
Technology:
- Filebrowser - File management
Responsibilities:
- Browse server files
- Edit configuration files
- Upload/download files
- Manage permissions
- View file contents
Integration:
- Runs as separate container
- Accessed via iframe in frontend
- Independent authentication
- Direct file system access
4. Docker Engine β
Role:
- Container runtime
- Resource isolation
- Network management
- Volume management
Docker Socket: Minepanel communicates with Docker via /var/run/docker.sock:
yaml
volumes:
- /var/run/docker.sock:/var/run/docker.sockThis allows Minepanel to:
- Create containers
- Start/stop containers
- Monitor containers
- Read logs
- Execute commands
- Manage networks/volumes
Data Flow β
Creating a Server β
User Frontend Backend Docker
β β β β
β Fill form β β β
ββββββββββββββββββββ β β β
β β POST /servers β β
β βββββββββββββββββββββββ β
β β β Validate input β
β β β Create config β
β β β Build compose β
β β β docker compose β
β β βββββββββββββββββββββ
β β β β Pull image
β β β β Create container
β β β β Start container
β β βββββββββββββββββββββ€
β βββββββββββββββββββββββ€ β
βββββββββββββββββββββββ β β
β Server created! β β βViewing Logs β
User Frontend Backend Docker
β β β β
β View logs β β β
ββββββββββββββββββββ β β β
β β GET /logs β β
β βββββββββββββββββββββββ β
β β β docker logs -f β
β β βββββββββββββββββββββ
β β βββββββββββββββββββββ€
β β WebSocket stream β Stream logs β
β βββββββββββββββββββββββ€ β
ββββββββββββββββββββββββ β β
β Real-time logs β β βServer Container Structure β
Each Minecraft server runs in its own Docker container using itzg/docker-minecraft-server.
Container Configuration β
Example docker-compose.yml for a server:
yaml
services:
my-server:
image: itzg/minecraft-server:latest
container_name: minepanel-my-server
environment:
EULA: "TRUE"
TYPE: "PAPER"
VERSION: "1.20.1"
MEMORY: "2G"
MAX_PLAYERS: "20"
DIFFICULTY: "normal"
MODE: "survival"
PVP: "true"
ONLINE_MODE: "true"
ports:
- "25565:25565"
volumes:
- ./servers/my-server:/data
labels:
- "minepanel.server=true"
- "minepanel.name=my-server"
- "minepanel.type=PAPER"
- "minepanel.version=1.20.1"
restart: unless-stoppedVolume Mapping β
Host Container
βββ servers/
β βββ my-server/ β /data
β β βββ world/ World files
β β βββ plugins/ Plugins (Paper/Spigot)
β β βββ mods/ Mods (Forge/Fabric)
β β βββ server.properties Config
β β βββ ops.json Operators
β β βββ logs/ Server logs
β βββ another-server/Labels β
Minepanel uses Docker labels to track servers:
yaml
labels:
minepanel.server: "true" # Identifies as managed server
minepanel.name: "my-server" # Server identifier
minepanel.type: "PAPER" # Server type
minepanel.version: "1.20.1" # Minecraft version
minepanel.created: "2024-10-24" # Creation dateSecurity Architecture β
Authentication Flow β
User β Frontend β Backend
β
[Validate credentials]
β
[Generate JWT token]
β
[Return token]
β
[Store in httpOnly cookie]Security Measures:
- Passwords hashed with bcrypt (12 rounds)
- JWT tokens for stateless authentication
- httpOnly cookies prevent XSS
- CORS protection
- Input validation and sanitization
Docker Socket Access β
Risk: Direct access to Docker socket = root access
Mitigation:
- Minepanel container runs with minimal permissions
- Only necessary Docker operations allowed
- Can use Docker Socket Proxy for additional security
- Audit logs for all Docker operations
Optional: Docker Socket Proxy
yaml
services:
socket-proxy:
image: tecnativa/docker-socket-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
CONTAINERS: 1
IMAGES: 1
NETWORKS: 1
VOLUMES: 1
restart: always
minepanel:
environment:
DOCKER_HOST: tcp://socket-proxy:2375Network Isolation β
βββββββββββββββββββββββββββββββββββββββ
β Docker Network: bridge β
β β
β ββββββββββββ ββββββββββββ β
β β MinepanelββββββFilebrowserβ β
β ββββββββββββ ββββββββββββ β
β β
β ββββββββββββ ββββββββββββ β
β βServer 1 β βServer 2 β β
β β(isolated)β β(isolated)β β
β ββββββββββββ ββββββββββββ β
βββββββββββββββββββββββββββββββββββββββEach server runs in isolation:
- Cannot access other servers
- Limited network access
- Resource limits enforced
- Own filesystem namespace
Storage Architecture β
Directory Structure β
minepanel/
βββ docker-compose.yml # Main compose file
βββ .env # Environment variables
βββ servers/ # All server data
β βββ server-1/
β β βββ world/ # World save
β β βββ world_nether/
β β βββ world_the_end/
β β βββ plugins/ # Plugins (if applicable)
β β βββ mods/ # Mods (if applicable)
β β βββ config/ # Plugin/mod configs
β β βββ logs/ # Server logs
β β βββ server.properties
β β βββ server.jar
β β βββ ...
β βββ server-2/
β βββ backups/ # Backup storage
β βββ server-1/
β βββ server-2/
βββ filebrowser-data/ # Filebrowser config
βββ filebrowser.dbVolume Strategy β
Bind Mounts: Used for server data to allow easy access from host:
yaml
volumes:
- ./servers/my-server:/dataBenefits:
- Direct access from host filesystem
- Easy backups
- Simple file transfers
- Debug and inspect files
Named Volumes: Could be used for better isolation (future option):
yaml
volumes:
my-server-data:
services:
my-server:
volumes:
- my-server-data:/dataScaling Considerations β
Vertical Scaling β
Increase resources for existing servers:
- Allocate more RAM
- Add more CPU cores
- Upgrade disk to SSD
- Optimize JVM parameters
Horizontal Scaling β
Run more servers:
- Add more server containers
- Use different ports (25565, 25566, 25567...)
- Share resources efficiently
- Consider network proxies (BungeeCord, Velocity)
Multi-Node Setup β
Split services across machines (advanced):
Machine 1: Minepanel + Filebrowser
β
Machine 2: Docker Engine β Minecraft ServersUse Docker's remote API:
yaml
environment:
DOCKER_HOST: tcp://192.168.1.100:2376Performance Optimizations β
Backend Optimizations β
Caching
- Cache server list
- Cache resource stats
- Redis for distributed cache (future)
Connection Pooling
- Reuse Docker API connections
- Keep-alive for HTTP requests
Async Operations
- Non-blocking I/O
- Parallel container operations
- Background tasks for heavy operations
Frontend Optimizations β
Code Splitting
- Lazy load routes
- Dynamic imports for heavy components
Data Fetching
- React Query for caching
- Prefetch data on hover
- Stale-while-revalidate strategy
Static Generation
- Pre-render static pages
- ISR for dynamic content
Docker Optimizations β
Image Caching
- Keep frequently used images
- Pre-pull common versions
Resource Limits
- Prevent resource exhaustion
- Fair resource allocation
Network Optimization
- Custom bridge networks
- DNS caching
Monitoring & Observability β
Logs β
Minepanel Logs:
bash
docker compose logs -f minepanelIndividual Server Logs:
bash
docker logs -f minepanel-my-serverMetrics β
Container Stats:
bash
docker statsResource Usage:
- CPU percentage
- Memory usage / limit
- Network I/O
- Block I/O
Health Checks β
Docker health checks monitor container status:
yaml
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40sFuture Enhancements β
Planned Architecture Improvements β
Microservices Split
- Separate auth service
- Dedicated metrics service
- Queue for async operations
Database Integration
- PostgreSQL for persistent data
- Store server configs
- User management
- Audit logs
Message Queue
- RabbitMQ or Redis
- Async task processing
- Event-driven architecture
Orchestration
- Kubernetes support
- Docker Swarm mode
- Auto-scaling
Observability
- Prometheus metrics
- Grafana dashboards
- Loki for log aggregation
- Jaeger for tracing
Technology Choices β
Why Next.js? β
- β Server-side rendering for better SEO
- β File-based routing
- β API routes (not used, but available)
- β Great developer experience
- β Built-in optimizations
Why NestJS? β
- β TypeScript native
- β Modular architecture
- β Dependency injection
- β Similar to Angular (familiar patterns)
- β Extensive ecosystem
Why Docker? β
- β Isolation and security
- β Consistent environments
- β Easy deployment
- β Resource control
- β Portability
Why itzg/minecraft-server? β
- β Most popular MC Docker image
- β Supports all server types
- β Well-maintained
- β Extensive documentation
- β Active community
Next Steps β
- π οΈ Development Guide - Contribute to the project
- βοΈ Configuration - Customize your setup
- π Features - Explore what's possible