Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hardened VestaCP ? ( Tutorial )
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hardened VestaCP ? ( Tutorial )

MridulMridul Member
edited February 2018 in General

Just came across this resource :

https://github.com/SS88UK/VestaCP-Server-Installer

What This VestaCP Server Installer Does:

  • Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.

  • Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.

  • Installs CSF as a Firewall with common settings.

-Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).

-Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to reduce more spam. It also prevents the server from editing the file.

-Hardens the /etc/sysctl.conf file for security.

-Enables Dovecot quotas and configures Dovecot performance.

-Installs SpamAssassin rules to help prevent further spam.

-Updates the file /etc/exim/dnsbl.conf to further reduce spam.

-Updates Exim to make sure there is no delay accepting email.

-Fixes NGINX and secures it even further so you receive a A (A+ requires you enable HSTS) at Quality SSL Labs.

  • Fixes PHP-FPM to use less memory and crash less often.

-Installs and configures Monit to monitor your server.

-Asks you if you want to install PHP 7. WordPress supports PHP 7.

-Makes websites use HTTP2 instead of HTTP1.1

Install :

wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7.sh -O ./CentOS7.sh
chmod 777 ./CentOS7.sh
sudo ./CentOS7.sh

Anybody has used it ?

Thanked by 1Plioser

Comments

  • No

    Thanked by 1desperand
  • I’ve used it to on a test vps a while back. Installed fine. Don't remember having any issues

    Thanked by 1Mridul
  • cazrzcazrz Member

    @Mridul said:
    Just came across this resource :

    https://github.com/SS88UK/VestaCP-Server-Installer

    What This VestaCP Server Installer Does:

    • Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.

    Last updated: Jan 18,2018

    Remi - will be good if you can learn how to do PHP from source.
    CSF - will be better to check out from CSF site directly on how to setup and configure it in vestacp. They officially support vestacp now.
    Exim, Dovecot and SpamAssasin - I really dont think are necessary. Why do you want to host your email in the same server? There are lots of better solution to do email.

    • Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.

    IIRC this feature is already added.

    • Installs CSF as a Firewall with common settings.

    CSF - will be better to check out from CSF site directly on how to setup and configure it in vestacp. They officially support vestacp now.

    -Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).

    Not really ideal to host your email. After you have setup the hostname properly you may encounter thousands of headaches maintaining Exim, Dovecot, SpamAssassin, and Roundcube.

    -Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to reduce more spam. It also prevents the server from editing the file.

    I wouldn't recommend to also setup DNS/Bind in your server. Same headaches in email hosting.

    • Fixes PHP-FPM to use less memory and crash less often.

    Web servers are not a one setup fit for all solution. You need to tweak it. Will be better if you learn how to do it manually so you can tweak again later when needed.

    -Installs and configures Monit to monitor your server.

    Good, but I recommend to just use offsite monitoring tools like hetrixtools.
    You dont want another thing to maintain in your server.

    -Asks you if you want to install PHP 7. WordPress supports PHP 7.

    Default is PHP 7 now.

    -Makes websites use HTTP2 instead of HTTP1.1

    This feature is already added in the panel iirc.

    Thanked by 1Mridul
  • dpecadpeca Member
    edited May 2020

    It's not updated 2 years.
    It has security issues for sure, so I'm not recommending this fork.

    Use www.myVestaCP.com or www.HestiaCP.com - those forks are under active development.

Sign In or Register to comment.