External Panel

Last update: June 04 2026

The external panel is a separate control panel for working with only one project.

The following products can be managed in the external panel:

• Cloud servers;
• Managed Kubernetes;
• Managed databases;
• File storage;
• Cloud load balancer;
• Container Registry;
• Secrets manager;
• Certificates manager.

Access to the external panel can be granted to service users or user groups. Users will be able to work with project resources within the assigned role. For example, they can view, create, modify, and delete project resources. Users will not be able to manage tickets or view resource consumption.

The external panel can be branded:

• change the default domain to your own domain;
• customize the appearance of the external panel.

The external panel is not subject to account access restrictions. Access to the panel is always allowed from any IP address.

How it works

The external panel is created automatically for each project and is available at a separate address. By default, a domain of the type <project_number>.selvpc.ru is used, where <project_number> is the project number. The domain is accessible over HTTPS with a *.selvpc.ru certificate. You can change the default domain to your own domain.

To allow an end user, such as an employee of your company, to work in the external panel, you need to grant them access to the external panel. To do this, you create a service user with the required role that defines the available operations on the panel products. Then you provide the end user with the service user's login and password, which they can use to log in to the external panel.

Granting access to the external panel

1. Optional: set project quotas and limits.
2. Add a service user.
3. Provide login credentials for the external panel.

1. Optional: set project quotas and limits

You can set project quotas and limits to restrict the creation of resources in the external panel. Panel users will not be able to manage these restrictions.

2. Add a service user

Users can be added by the Account Owner or users with the iam.admin role.

We recommend that you add a separate service user for each end user of the external panel.

The capabilities of a service user in the external panel are determined by their role.

1. In the control panel, in the top menu, click IAM.

2. Go to the Service users section.

3. Click Add service user.

4. In the Service user details block:

   4.1. Enter a username. It will be used for authorization.

   4.2. Enter a password for the user or generate one. After the user is created, the password cannot be viewed — it can only be changed. The password must be at least 20 characters long and include at least:

   • one uppercase and one lowercase Latin letter (A-Z, a-z);
   • one digit (0-9);
   • one special character from the ASCII Printable 7-Bit Special Characters list:
     !"#$%&'()*+,-./:;<=>?@[]^_{|}~.

   4.3. Optional: enter a description for the user.

5. In the Account access block:

   5.1. Configure permissions by selecting:

   • access scope. If you selected the Projects access scope, select the required projects;
   • role. To add users with the member role, your account balance must be at least 100 ₽.

   5.2. Optional: to assign an additional permission to the user, click Add permission and repeat step 5.1.

   5.3. Optional: select a group for the user.

6. Click Add user. They will be added to the list on the Service users page. The account will be active immediately.

3. Provide login credentials for the external panel

Provide the end user with the login credentials:

• the login and password of the service user you added in step 1;
• and the address of the external panel, which can be copied in the control panel: in the top menu click IAM → Projects → External panel tab → Default domain field.

Changing the default domain to your own domain

You can only use a third-level subdomain for a main domain as your own domain, for example first.example.com for example.com. You cannot use the main domain.

You can configure access to the external panel through your own domain:

• via HTTP — without a TLS(SSL) certificate;
• or HTTPS — using a TLS(SSL) certificate.

HTTP

1. Open the resource record settings for the domain you will use to log in to the external panel:

   • if you have delegated the domain to Selectel, go to the control panel: in the top menu click Products → DNS hosting → Domain zones section;
   • if domain management is handled by another DNS hosting provider, open the control panel of that provider.

2. Create a resource record. Specify:

   • record type — CNAME;
   • record name — a subdomain like first.example.com;
   • value — the default domain. The domain can be copied in the control panel: in the top menu click IAM → Projects → External panel tab → Default domain field.

3. Wait for the DNS records to update. It can take up to 72 hours for the update to complete.

4. In the control panel, on the top menu, click IAM.

5. Go to the Projects section.

6. Open the project page → External panel tab.

7. In the Panel address block, in the Your domain field, click Add CNAME record.

8. Enter the domain for which you created a resource record in step 2.

9. Click .

10. Verify that the external panel is accessible via your domain.

HTTPS

1. Ensure you have a TLS(SSL) certificate. If you don't, you can issue a free Let’s Encrypt® certificate when using Selectel DNS hosting.

2. Create a cloud server. You can select the lowest possible configuration, such as a fixed Shared Line configuration with 1 vCPU and 512 MB RAM.

3. Configure access to and from the internet via a public IP address of the cloud server.

4. Open the resource record settings for the domain you will use to log in to the external panel:

   • if you have delegated the domain to Selectel, go to the control panel: in the top menu click Products → DNS hosting → Domain zones section;
   • if domain management is handled by another DNS hosting provider, open the control panel of that provider.

5. Create a resource record. Specify:

   • record type — A;
   • record name — a subdomain like first.example.com;
   • value — the public IP address of the server you configured in step 3.

6. Wait for the DNS records to update. It can take up to 72 hours for the update to complete.

7. Install nginx on the cloud server. For more information, see the Selectel blog post Installing and configuring nginx.

8. Add a block to the nginx configuration file describing the reverse proxy server:

   server {
       listen              443 ssl;
       server_name         <first.example.com>;
       ssl_certificate     </etc/nginx/ssl/cert.pem>;
       ssl_certificate_key </etc/nginx/ssl/privkey.pem>;
   
       location / {
       proxy_pass <project_url>;
       }
   }

   Specify:

   • <first.example.com> — the name of the subdomain where the external panel will be opened;
   • </etc/nginx/ssl/cert.pem> — the path to the certificate file. If you use a Let’s Encrypt® TLS(SSL) certificate, the file is named cert.pem.
   • </etc/nginx/ssl/privkey.pem> — the path to the certificate private key file. If you use Let’s Encrypt®, the file is named privkey.pem.
   • <project_url> — login link for the external panel in the format https://<project_number>.selvpc.ru, where <project_number> is the project number. The domain can be copied in the control panel: in the top menu click IAM → Projects → External panel tab → Default domain field.

9. Upload the TLS(SSL) certificate and the certificate private key to the cloud server in the directories that you specified in the nginx configuration file in step 8.

10. In the control panel, on the top menu, click IAM.

11. Go to the Projects section.

12. Open the project page → External panel tab.

13. In the Panel address block, in the Your domain field, click Add CNAME record.

14. Enter the domain for which you created a resource record in step 5.

15. Click .

16. If the We could not locate the DNS record… warning appears when adding the domain, ignore it.

17. Verify that the external panel is accessible via your domain.

Changing the appearance of the external panel

You can change the appearance of the external panel to use your corporate colors and logos.

1. In the control panel, on the top menu, click IAM.
2. Go to the Projects section.
3. Open the project page → External panel tab.
4. In the Panel appearance block, click Change appearance.
5. If you want to change the panel fill color, specify the color in the Fill color field in #FFF or #ABC123 format.
6. If you want to add a logo, click Upload and select a file. The logo can be uploaded in JPEG, SVG or PNG format. The maximum logo size is 64 KB.
7. Click Save appearance.