Has anyone using VPSSIM ( a Bash script auto setup Nginx, PHP-FPM, MariaDB and Manage VPS) here?

WebGuru

Testing it right now it looks very effective with many tools and simple interface to use. Good job @teppeikun

Fritz

teppeikun said: VPSSIM do not support email but i think you can choose google email or Yandex service. I am using Yandex because it is free and very good. Maybe it is better than build a webmail. And maybe it is more security. You can view more free email hosting at: https://www.lowendtalk.com/discussion/comment/1725660

ahh, okay but I hope you will support it someday

sonic

Does your script auto optimize VPS depend on resources?

utama

Can I request Let's Encrypt support? thanks.

WebGuru

.

WebGuru

VPSSIM is a really great tool i am enjoying it but i have an issue after installing VPSSIM i can't run one of my program that needs different ports to run. Although all those required ports are available i checked none of them are in use but still i am getting this error when i try to start that program. Even if i change the port number in program to something else i still get same error so basically not able to use any port and getting this error.

failed: The tcp port 63327 already in use.

I never had this issue used this program on centos with cpanel and also on fresh centos without anything installed and it was working perfectly. Don't know why i am facing this issue after installing VPSSIM i even tried another vps and installed VPSSIM there and got same error port in use so the issue is coming because of VPSSIM for me.

Any help? I will appreciate it. Thanks

WebGuru

Any suggestion to fix this issue without removing VPSSIM?

MikePT

Please move this to their topic...

Amitz

Merged.

charos

Great script!
Please consider adding the option for btsync version selection. A lot of users (including myself) ,really hate the direction btsync took with version 2 , so 1.4 is still used a lot.
Or maybe add syncthing instead?

Taoron

Man, this is really awesome. I was looking at everything it can do-- might try it later on a test VPS. Looks like a lot of time and effort went into it!!!

Tinku

This is actually really simple for beginners and effective if you compare it with centmin that takes a lot more time and effort to setup.

One suggestion please get a good language translation contributor for this tool and for your website that will really help.

WebGuru

The common MariaDB starting issue on CentOS7 is there you should fix it in next update. Also there some big in timezone setting.

eva2000

Tinku said: This is actually really simple for beginners and effective if you compare it with centmin that takes a lot more time and effort to setup.

centmin mod install takes longer as i auto optimise all configurations based on detected vps specs and hardware + lock down and secure everything out of the box.

I just played with vpssim and security, feature and performance wise there can be improvements.

@teppeikun here's a list of observations, suggestions etc that I gathered from the first 30 minutes using vpssim. Please correct me if any of my statements are incorrect or if i overlooked some things.

vpssim took 10 minutes to install vs centmin mod 22 minutes on same virtualbox local server. However, to manually lock down vpssim security wise and the time and steps to modify/update for equivalent performance and software versions and optimised configurations on vpssim compared to centmin mod lemp stack install, it would take me an extra + 45-90 minutes post vpssim install to complete whereas centmin mod is ready to hit the ground running post install optimisation wise.

1. vpssim.com site itself is vulnerable to openssl CVE-2016-2107 security flaw https://dev.ssllabs.com/ssltest/analyze.html?d=vpssim.com&hideResults=on&latest and nginx uses system openssl so only supports Chrome deprecated NPN protocol which will no longer work in Chrome 51+ browsers, and needs ALPN protocol support from openssl 1.0.2+. This would be the same issue for any site setup on a vpssim server that uses HTTPS/SSL. Basically, nginx HTTP/2 is partially broken with vpssim's installed nginx 1.10.0 has there's no underlying support for ALPN protocol only for NPN protcol so Chrome and Opera 38+ at least would fallback from HTTP/2 to HTTP/1.1 for HTTPS connections for sites served on vpssim's nginx 1.10.0 web server and loose all HTTP/2 benefits for performance and speed
2. outdated and insecure nginx 1.10.0 and ngx_pagespeed 1.11.33.0 - both have security vulnerabilities
3. csf firewall is not installed or configured out of the box - only iptables used so no lfd daemon etc. You can install it later via menu system but if you don't, you're not as secure as you can be out of the box
4. mariadb 5.5.47 out of the box instead of mariadb 10.x though can update to mariadb 10 via the menu system
5. no my.cnf settings set so uses mysql defaults which are not optimal at all
6. mariadb 5.5.47 upgrade to 10.0.25 menu option doesn't properly account for removed dependency packages from 5.5.47 removal after upgrade
7. redis server is installed and running out of the box - is it properly optimised configuration wise ?
8. nginx compiled with minimal set of nginx modules out of the box so to get some nginx module features folks require, they'd need to spend time recompiling and extending nginx. Alot of nginx modules I use wouldn't be available in the vpssim installed nginx version like nginx lua, redis, redis2, headersmore, setmisc, echo modules which would be used for redis nginx level caching for wordpress etc
9. imagemagick system package gets installed but php doesn't have the corresponding imagick php extension installed so php can't use imagemagick anyway. However there is a mneu option to install it later
10. nginx isn't configured optimally and doesn't use any performance enhanced settings that are available within recent nginx 1.9+ versions
11. no dynamic nginx module support which was added in nginx 1.9.11+ already https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ so forced to use nginx modules which you don't need and have no control over disabling/re-enabling etc
12. nginx ssl uses weak Diffie-Hellman (DH) key exchange parameters and weak key exchange for forward secrecy according to ssllabs
13. wordpress auto install is fully wide open with no security lock down precautions or addons in place
14. cloudflare set_real_ip_from is enabled even if you do not use cloudflare out of the box in /etc/nginx/nginx.conf

15. nginx and php status pages are wide open to the public and can be a security issue

    location /nginx_status {
            stub_status on;
            access_log   off;
    }
    location /php_status {
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME  /home/sim.domain.com/public_html$fastcgi_script_name;
            include /etc/nginx/fastcgi_params;
    }
    

i.e.

curl -s http://sim.domain.com/php_status?full
pool:                 www
process manager:      ondemand
start time:           03/Jun/2016:04:40:17 +1000
start since:          423
accepted conn:        6
listen queue:         0
max listen queue:     0
listen queue len:     128
idle processes:       0
active processes:     1
total processes:      1
max active processes: 1
max children reached: 0
slow requests:        0

************************
pid:                  11281
state:                Running
start time:           03/Jun/2016:04:47:20 +1000
start since:          0
requests:             1
request duration:     265
request method:       GET
request URI:          /php_status?full
content length:       0
user:                 -
script:               /home/sim.domain.com/public_html/php_status
last request cpu:     0.00
last request memory:  0

Fritz

Then it would be good if both of you can work on the same project.

@teppeikun @eva2000

eva2000

Fritz said: Then it would be good if both of you can work on the same project.

Might be a bit harder to do as centmin mod features and development have different priorities. What I include in centmin mod is features that I use or am familiar with mainly

for example

• wordpress installer https://centminmod.com/nginx-wordpress-installer.html and
• phpmyadmin installer https://centminmod.com/addon_phpmyadmin.html

As I am familiar with them I can make sure to lock them down security wise and optimise performance wise. VPSSIM includes alot of web app/php apps which I am unfamiliar with so security and performance I would not be 100% sure and confident about. If I can't do a decent job of out of box security for the particular feature/web app, I wouldn't offer it natively in centmin mod.

Centmin Mod latest beta also has an addon called autoprotect.sh which tries to cover all web/php apps out of the box for some stuff with auto conversion of apache .htaccess deny from all rules to nginx location deny all rules https://community.centminmod.com/threads/autoprotect-sh-apache-htaccess-check-migration-to-nginx-deny-all.7308/

teppeikun

@eva2000 said:

Tinku said: This is actually really simple for beginners and effective if you compare it with centmin that takes a lot more time and effort to setup.

centmin mod install takes longer as i auto optimise all configurations based on detected vps specs and hardware + lock down and secure everything out of the box.

I just played with vpssim and security, feature and performance wise there can be improvements.

@teppeikun here's a list of observations, suggestions etc that I gathered from the first 30 minutes using vpssim. Please correct me if any of my statements are incorrect or if i overlooked some things.

vpssim took 10 minutes to install vs centmin mod 22 minutes on same virtualbox local server. However, to manually lock down vpssim security wise and the time and steps to modify/update for equivalent performance and software versions and optimised configurations on vpssim compared to centmin mod lemp stack install, it would take me an extra + 45-90 minutes post vpssim install to complete whereas centmin mod is ready to hit the ground running post install optimisation wise.

1. vpssim.com site itself is vulnerable to openssl CVE-2016-2107 security flaw https://dev.ssllabs.com/ssltest/analyze.html?d=vpssim.com&hideResults=on&latest and nginx uses system openssl so only supports Chrome deprecated NPN protocol which will no longer work in Chrome 51+ browsers, and needs ALPN protocol support from openssl 1.0.2+. This would be the same issue for any site setup on a vpssim server that uses HTTPS/SSL. Basically, nginx HTTP/2 is partially broken with vpssim's installed nginx 1.10.0 has there's no underlying support for ALPN protocol only for NPN protcol so Chrome and Opera 38+ at least would fallback from HTTP/2 to HTTP/1.1 for HTTPS connections for sites served on vpssim's nginx 1.10.0 web server and loose all HTTP/2 benefits for performance and speed
2. outdated and insecure nginx 1.10.0 and ngx_pagespeed 1.11.33.0 - both have security vulnerabilities
3. csf firewall is not installed or configured out of the box - only iptables used so no lfd daemon etc. You can install it later via menu system but if you don't, you're not as secure as you can be out of the box
4. mariadb 5.5.47 out of the box instead of mariadb 10.x though can update to mariadb 10 via the menu system
5. no my.cnf settings set so uses mysql defaults which are not optimal at all
6. mariadb 5.5.47 upgrade to 10.0.25 menu option doesn't properly account for removed dependency packages from 5.5.47 removal after upgrade
7. redis server is installed and running out of the box - is it properly optimised configuration wise ?
8. nginx compiled with minimal set of nginx modules out of the box so to get some nginx module features folks require, they'd need to spend time recompiling and extending nginx. Alot of nginx modules I use wouldn't be available in the vpssim installed nginx version like nginx lua, redis, redis2, headersmore, setmisc, echo modules which would be used for redis nginx level caching for wordpress etc
9. imagemagick system package gets installed but php doesn't have the corresponding imagick php extension installed so php can't use imagemagick anyway. However there is a mneu option to install it later
10. nginx isn't configured optimally and doesn't use any performance enhanced settings that are available within recent nginx 1.9+ versions
11. no dynamic nginx module support which was added in nginx 1.9.11+ already https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ so forced to use nginx modules which you don't need and have no control over disabling/re-enabling etc
12. nginx ssl uses weak Diffie-Hellman (DH) key exchange parameters and weak key exchange for forward secrecy according to ssllabs
13. wordpress auto install is fully wide open with no security lock down precautions or addons in place
14. cloudflare set_real_ip_from is enabled even if you do not use cloudflare out of the box in /etc/nginx/nginx.conf

15. nginx and php status pages are wide open to the public and can be a security issue

    location /nginx_status {
            stub_status on;
            access_log   off;
    }
    location /php_status {
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME  /home/sim.domain.com/public_html$fastcgi_script_name;
            include /etc/nginx/fastcgi_params;
    }
    

i.e.

curl -s http://sim.domain.com/php_status?full
pool:                 www
process manager:      ondemand
start time:           03/Jun/2016:04:40:17 +1000
start since:          423
accepted conn:        6
listen queue:         0
max listen queue:     0
listen queue len:     128
idle processes:       0
active processes:     1
total processes:      1
max active processes: 1
max children reached: 0
slow requests:        0

************************
pid:                  11281
state:                Running
start time:           03/Jun/2016:04:47:20 +1000
start since:          0
requests:             1
request duration:     265
request method:       GET
request URI:          /php_status?full
content length:       0
user:                 -
script:               /home/sim.domain.com/public_html/php_status
last request cpu:     0.00
last request memory:  0

Really really thank you and love you so much !!!
I am very grateful to you .
I will update VPSSIM as soon as posible

teppeikun

@charos said:
Great script!
Please consider adding the option for btsync version selection. A lot of users (including myself) ,really hate the direction btsync took with version 2 , so 1.4 is still used a lot.
Or maybe add syncthing instead?

Thank you.
i will VPSSIM to support setup btsync 1.4 next version

sandoz

Does this work on Debian?

Tinku

@teppeikun When is the next update? And what are the changes in next updates?

Can you tell me if i am going lose my changes if i do the upgrade because i made changes to server.conf/nginx conf etc etc

teppeikun

@sandoz said:
Does this work on Debian?

No, VPSSIM works only in Centos.

@Tinku said:
@teppeikun When is the next update? And what are the changes in next updates?

Can you tell me if i am going lose my changes if i do the upgrade because i made changes to server.conf/nginx conf etc etc

Do not worry.
VPSSIM do not make any change to your config in nginx.conf, php.ini, www.conf, server.cnf ... when you update it.

WebGuru

@teppeikun > @teppeikun said:

@sandoz said:
Does this work on Debian?

No, VPSSIM works only in Centos.

@Tinku said:
@teppeikun When is the next update? And what are the changes in next updates?

Can you tell me if i am going lose my changes if i do the upgrade because i made changes to server.conf/nginx conf etc etc

Do not worry.
VPSSIM do not make any change to your config in nginx.conf, php.ini, www.conf, server.cnf ... when you update it.

expected date of next update?

WebGuru

Tried your new version 3.3.0 on CentOS 7 but looks it got some issues with nginx to start and also mariadb.

It works fine on version 6 of CentOS

shovenose

If you need native English translation I'd be happy to help. Cool project!

emre22

@sandoz said:
Does this work on Debian?

https://vpssim.com/108-install-nginx-php-fpm-mariadb-for-vps-with-vpssim.html

chiefarbiter

Can confirm @WebGuru issue with 3.3.0 on 64bit CentOS 7. Errors are as follows:
Sorry, Nginx is stopped. Please start it before use this function !

Nginx Status: Stopped
/etc/vpssim/menu/vpssim-vps-info: line 21: nginx: command not found

WebGuru

@chiefarbiter said:
Can confirm @WebGuru issue with 3.3.0 on 64bit CentOS 7. Errors are as follows:
Sorry, Nginx is stopped. Please start it before use this function !

Nginx Status: Stopped
/etc/vpssim/menu/vpssim-vps-info: line 21: nginx: command not found

I also faced same issue with Maridb 10 on CentOS 7 64Bit in last version. Not sure if that is fixed in this version.

gexacor

I have updated VPSSIM to 2.4.9 version with many utilities. Hope a lot of people like and use it.

Looking good!

I'm still prefer to configure a single server manually and if I have bunch of servers I'll go with Puppet or Ansible with them.

But I'll send that link to my friends, which are using web control panels for the same purpose. They tried Vesta control panel and going to try ServerSuit at this moment, maybe your script is what they're looking for.

Gerrard8

Anyone managed to get proxy_pass to play nicely with the VPSSIM install of nginx? I have a config that works fine when I install nginx manually on it's own but wont work when I put it on my VPSSIM install.

caaol

When I upgrade Mysql to MariaDB 10, the system status mysql is Stopped. Datebase manage Sorry: MariaDB, stopped. Start it before use this function mysql!