← Back to library
Panel Practice

The panel in 15 minutes: Remnawave and your first subscription

I've stood this panel up dozens of times — in production, on test, on other people's servers four hands at a time. Below is the route by which you'll have a working panel and your first live subscription in one evening. Copy the commands in order and enter your own data in the builder above — it'll substitute them into every block for you.

Read the theory

This material covers the engineering of your own network infrastructure and is educational in nature. Complying with the laws of your own jurisdiction is on you.

What you'll need

Nothing exotic. The minimal kit the panel lives on without whining:

  • A VPS with a white IP, 1–2 vCPU / 2 GB RAM, Ubuntu 22.04 or 24.04. Location — outside the zone where your traffic gets examined under a magnifying glass.
  • A domain (or subdomain) whose A record points to this server's IP.
  • SSH access and five free minutes without distractions.

The first thing 90% of beginners get wrong is grabbing a "cheap" IP from a dirty subnet that's been on blacklists for six months. You can layer as much Reality on it as you like afterward — it'll work every other time. There's a separate breakdown on IP whiteness; for now just get an address from a decent provider.

Preparing the server

Log in over SSH and get the system in order. Docker is our entire runtime — the panel lives in containers, so install it right away:

bash
# update the system
apt update && apt -y upgrade

# docker in one command (official script)
curl -fsSL https://get.docker.com | sh

# folder for the panel
mkdir -p /opt/remnawave && cd /opt/remnawave

While it downloads — open DNS at your registrar and make sure your-domain.com really resolves to the server's IP. You can check right from it:

bash
# should return your server's IP
dig +short your-domain.com

If it's empty here or a stranger's address — going further is pointless, TLS won't be issued. DNS first, everything else after.

Installing the panel

Grab the official docker-compose.yml and the .env template from the Remnawave repo — without a compose file docker compose up simply won't start:

bash
curl -o docker-compose.yml https://raw.githubusercontent.com/remnawave/backend/refs/heads/main/docker-compose-prod.yml
curl -o .env https://raw.githubusercontent.com/remnawave/backend/refs/heads/main/.env.sample

In the downloaded .env set your own values: the panel domain, the Let's Encrypt email, and be sure to generate secrets instead of the placeholders — openssl rand -hex 64 for each JWT_* secret and a strong POSTGRES_PASSWORD. Leaving the default secrets is a straight hole into your panel.

Now bring up the stack. Compose will pull the images itself, issue the certificate, and wire up the services:

bash
# bring the panel up in the background
docker compose up -d

# check that all containers took off
docker compose ps

In a minute or two the panel will be at https://your-domain.com. The first login creates the super-admin — set a long password; it's the key to the whole service, not "admin123."

The first node and subscription

The panel is the brain, but traffic flows through nodes. Even if you have only one server, you still register it as a node: the panel hands it config, the node brings up xray.

  1. Nodes → Add node: name, server IP, daemon port. The panel will issue a SECRET_KEY — the token by which the node authenticates.
  2. You install the node agent on the server with this key — it connects to the panel and waits for config.
  3. Users → Create: you create a client, the panel generates them a CLIENT_UUID and a subscription link.

The client pastes the subscription link into their app (Happ, v2rayTun, any xray client) — and gets a list of servers. That's it, you have your first user.

Verification

Don't take the panel's word for it — check by hand. Grab the test user's subscription, drop it into a client, connect, and look at the real exit:

bash
# from a device under the VPN — should show the node's IP, not your home one
curl -s https://api.ipify.org

If the node's IP came back, the chain is assembled: client → node → internet. If the connection hangs, first check the node's logs (docker logs) and the firewall: outbound 443 must be open.

Next — we hang a proper protocol on this node so it doesn't get cut down on DPI's first breath. That's in the VLESS + Reality breakdown.

Next guide What Remnawave is and why you need a panel at all → Article unclear or something off? Message me and I will help or fix it. @notrealvpn →
This material is educational and covers network-infrastructure engineering. You are responsible for complying with the laws of your jurisdiction.