Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VestaCP and Virtualmin Review
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VestaCP and Virtualmin Review

raindog308raindog308 Administrator, Veteran
edited February 2017 in General

I've used cpanel as a user, reseller, and admin. In a weird way I enjoy all of its arcane, poor design, but lately I've been just manually admining nginx + php-fpm. For my friends and family "hey I hear you know about computers" box, I've been considering throwing up a panel so people could self-service...and I don't want to pay $15/mo for cpanel.

After a related thread, I decided to experiment.

Linode helpfully offered $5 1G VPSes today, so why not try a pair: one for virtualmin/webmin and one for vesta. Never used either product previously and I figured I'd just dive right in rather than read docs. Deb 8 for both.

VestaCP

Setup was fine. It made me install/purge exim4, which Linode puts there in its image.

With just the stock config, about 729MB free on a 1G VPS.

Kudos to VestaCP for setting up MySQL correctly. They created a cnf for root with a secure password.

Big negative when I went to look at the graphs. Vesta is telling me there's only 25MB RAM free because 962MB is used. Really guys? We haven't learned how to read free -m yet? Disappointing.

Vesta seems to have a lot of pretty UI things...that don't add a lot of usability. e.g., to configure, instead of a "Settings" tab there's a little gear icon. And once you click it, everything is click-to-drop-down, etc. It seemed like a lot of fanciness for little purpose. Their design is also very white-space heavy...I mean, I'm on a 5K monitor and I'm scrolling past a ton of white.

Vesta's "Log" tab shows me "added cron job 8", "added cron job 7", "added cron job 6", etc. which is not helpful.

Vesta comes with nginx + php-fpm out of the box - I like that. They use exim4...not a fan, but it's their headache. There's a custom install command builder on their site that's kind of neat.

Virtualmin

Major hangup on setup: Virtualmin got into a tizzy about mysql root. During in the post-install setup on the web, it said it didn't know what the mysql root password was...and guess what, neither do I, since Virtualmin installed it. I had to do a manual root mysql password reset. Maybe I missed a step, but I see this is a FAQ.

On the other hand, it handled removal of exim4 on its own.

Post-install, Virtualmin asked me a lot of questions and I liked that. I really liked the "pick a size for MySQL" etc. which I imagine is very helpful for non pros.

735MB free after, so the same as Vesta.

One negative was that there was no firewall setup automatically. Really!? No fail2ban? Ugh. I did find and add the fail2ban module, which was easy to setup. Not so for firewall...looks like Virtualmin expects me to create my own rules. But...but...that's the panel's job. For example, if I enable FTP, the firewall should adjust its rules...do I really need to hand-create firewall rules? This seems like a huge miss but it could be pilot error.

So I reinstalled on CentOS, figuring that perhaps using firewalld would make fireall config easier. Alas, I first had a new problem enabling ClamAV (figured I'd turn everything on this time):

ERROR: Could not lookup : Servname not supported for ai_socktype

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.002 sec (0 m 0 s)

The install doc says "We don't know why this happens." At least they're candid. OK, they say ClamAV has become fragile so we'll let that go. But when I went to the firewalld config:

Failed to list zones : [91mFirewallD is not running[00m

Yeah with escape codes. BTW the Linux firewall module says:

No iptables bootup action was found, indicating that the IPtables package is not installed on your system

But:

[root@webvmin ~]# rpm -q -a | grep -i iptab
iptables-1.4.21-17.el7.x86_64

And of course once I went into Virtualmin and specifically turned on firewalld in the bootup...yep, locked virtualmin out because it hadn't configured port 1000.

Now I know how to fix this. But then what's the point of a panel...?

BTW, php 5.4? Aw, I've got to run my own yum commands? https://www.virtualmin.com/documentation/web/multiplephp Boo. Configuring php and such is really the panel's job, no?

I like the Virtualmin interface a lot better than Vesta's. For one thing, it shows memory correctly. The interface is actually quite nice...granted, that's based on an hour's playing. So much of it just seems more polished - favorites, themes, etc. Oh and that "click this icon and you have a terminal session from within your browser" is the bomb! I know there are other web consoles out there but that was an unexpected plus.

Virtualmin uses postfix out of the box - I prefer that over exim4 though I suppose the point is to let the panel worry about that.

Virtualmin uses traditional apache, though the docs say you can setup nginx/php-fpm.

Conclusion

I can't imagine using Vesta...just hate the interface. The "all your memory is in use" graphs made me sad.

OTOH, Virtualmin seems to be uninterested in firewalls. It's not even a section in the install docs (fail2ban is, but not firewalls). It seemed very nice...but buggy and the lack of firewall out of the box seems a big miss.

«1

Comments

  • Maybe all you need is some centmin mod. ok dont tell me you are a debian guy... for servers.

    Thanked by 1ljseals
  • justvmjustvm Member, Patron Provider

    I like Vestacp because has a lot of features out of the box, Virtualmin/Webmin you'll need to do some configuration and module installation manually.

    Everytime that I had installed V/W I had the same problem with the pos-installation check so how I fixed I switch to Webmin -->servers-->SQL server and install a new password there and then run the pos-installation again without problems.
    Regarding the firewall, I use to install CSF/LFD has to SSH to do that but can, after installation, access in Webmin as a module and installed like this:
    Webmin > Webmin Configuration > Webmin Modules >
    From local file > /usr/local/csf/csfwebmin.tgz > Install Module

    then you have it on Webmin GUI where you can configure, start, etc...

    Thanked by 1raindog308
  • You should check out Froxlor aswell (or Foxlor?)

    Vesta worked a very long time for me and I hated the rest of them. Never got to try Fox.

  • Although not as lightweigth and with some security issues when it comes to free panels I prefer CWP. Has lots of nice features and once they fix the security flaws it will be almost production ready.

  • AmitzAmitz Member
    edited February 2017

    CSF works just fine with VirtualMin. There is a howto in the CSF install.txt:

    <-- SNIP -->

    Installation

    Installation is quite straightforward:

    cd /usr/src
    rm -fv csf.tgz
    wget https://download.configserver.com/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh

    Next, test whether you have the required iptables modules:

    perl /usr/local/csf/bin/csftest.pl

    Don't worry if you cannot run all the features, so long as the script doesn't
    report any FATAL errors

    You should not run any other iptables firewall configuration script. For
    example, if you previously used APF+BFD you can remove the combination (which
    you will need to do if you have them installed otherwise they will conflict):

    sh /usr/local/csf/bin/remove_apf_bfd.sh

    That's it. You can then configure csf and lfd by reading the documentation and
    configuration files in /etc/csf/csf.conf and /etc/csf/readme.txt directly or
    through the csf User Interface.

    csf installation for cPanel and DirectAdmin is preconfigured to work on those
    servers with all the standard ports open.

    csf auto-configures your SSH port on installation where it's running on a non-
    standard port.

    csf auto-whitelists your connected IP address where possible on installation.

    You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
    servers running RedHat/CentOS v5 have this disabled and you should check
    /etc/init.d/syslog and make sure that any klogd lines are not commented out. If
    you change the file, remember to restart syslog.

    See the csf.conf and readme.txt files for more information.

    Webmin Module Installation/Upgrade

    To install or upgrade the csf webmin module:

    Install csf as above
    Install the csf webmin module in:
    Webmin > Webmin Configuration > Webmin Modules >
    From local file > /usr/local/csf/csfwebmin.tgz > Install Module

    <-- SNAP -->

    Thanked by 1lukesUbuntu
  • ThomLSAThomLSA Member
    edited February 2017

    Cool, thanks! :)
    As far is i know is Virtualmin linked to our root accounts, so how can i fix this using a SSH private key from stratch?

  • I'm a big fan of Virtualmin but never got it to play nicely with email and big providers (gmail, etc).

    I gave up in the end.

  • BeardyUnixGuyBeardyUnixGuy Member
    edited February 2017

    I second the request for a review of Froxlor. Would be interesting to hear how it has progressed since last I tried it.

    Often, I try out a panel to make life easier (mine or a friend) but get annoying and retreat back to CLI and manual configuring.

    Also just waiting for a new project so that I can try out the latest VPSSIM.

    Thanked by 1arda
  • moonmartinmoonmartin Member
    edited February 2017

    2 thumbs up for Virtualmin. Been using it for many years. It's not the prettiest (although the new theme is a major improvement) but it does what it does very well.

    A linux admin should not need a GUI to configure their firewall. The nice thing about Virtualmin is that you do not need to use the GUI for anything you don't want to. So if you want to configure postfix or firewalld from command line you can do that.

    Firewalld is pretty easy to set up from command line. If you aspire to be a linux administrator and need a gui to set up firewalld I don't know what to tell you.

    Thanked by 1SwellJoe
  • I always install CSF in Virtualmin.

  • LiteServerLiteServer Member, Patron Provider

    Good experience with Virtualmin as well :-).
    Also fairly good experience with ISPConfig, which isn't bad at all when you know how to setup everything :-)

  • In my opinion VestaCP is a really easy to use, and nice, lightweight panel. You can't go wrong by using them. They are also supporting new free SSL create (letsencrypt), which is very useful.

    Beside I used ISPConfig and i-MSCP, they are also great and has more configurable options I think.

  • AnthonySmithAnthonySmith Member, Patron Provider

    Nice one, probably would have made a great LEB article with added screenshots.

  • Another humble request for review of Froxlor. I've seen quite good features and never enough feedback about that :(

  • raindog308raindog308 Administrator, Veteran

    CSF was pretty easy to setup. OK, I am happy with virtualmin on debian 8 now.

    Let me stop by ThemeForest a quick sec and then I'll apply for the provider tag...

  • raindog308 said: Let me stop by ThemeForest a quick sec and then I'll apply for the provider tag

    Why bother? Just grab a nulled hosting theme!

    Thanked by 1raindog308
  • LeeLee Veteran

    moonmartin said: A linux admin should not need a GUI to configure their firewall.

    A mathematician should not need a calculator to add two numbers together, he knows how good he is at doing it in his head, but sometimes he just wants something to do it for him as he is busy doing other things.

    Thanked by 2arda switsys
  • Hey raindog308,

    Thanks for checking out Virtualmin and posting your thoughts!

    I work on Virtualmin. Several of these are actionable, and I'll be filing tickets or fixing them myself over the coming weeks (I maintain the install script, which is where some of your issues are coming from, though not necessarily for the reasons it seems).

    This is long, so bear with me:

    On the MySQL root password issue, this one comes from there already being a MySQL/MariaDB root password set...before Virtualmin ever touched the system. A fresh install that doesn't have MySQL on it shouldn't run into this (AFAIK), but many hosting VPS images have MySQL configured, and they have a root password set as part of the imaging process. We should handle that better, since it's becoming so common for people to be working with non-default OS installs that already have a few tweaks put in by the hosting provider. But, it's not "our" mysql...it's the MySQL provided by your OS or VPS provider. The philosophy of Virtualmin is always to trust the user to pick what they like, so we don't replace any packages (except Apache, which we have to do to make suexec work right). But, it would not be difficult for us to add a better error message to the setup wizard and a button to tell Virtualmin "I don't know the root password, and it won't break anything if Virtualmin changes it. Reset the root password, I really mean it."

    That philosophy of treating your OS decision as sacred trickles down into all sorts of places, which maybe doesn't make everyone happy. On the PHP front, Jamie and I recently talked at length about how to solve it in a way that isn't incompatible with our mission of respecting your OS choice, come hell or high water. There aren't great answers, because every distro handles different versions differently (and often in ways that break for some use cases, or make things trickier than they ought to be...like installing and keeping up with various PHP extensions for multiple versions). This version problem also pervades Ruby and Python application support (mostly an issue in Virtualmin Pro), so we need to solve it across many languages. We have some ideas, but they're a pretty major endeavor, so probably not coming until the next-next major release (Virtualmin 6 is coming in a few days, so no time to fit more big features in). Short term, we'll probably start installing PHP 7 by default, alongside the PHP 5.x packages, if the OS doesn't provide it.

    It may be that our adherence to this philosophy is counter to our desire to make things as easy as possible, especially for non-technical users. So, it may be worth revisiting it. Our leading competitor, who shall not be named, replaces the whole damned stack with their custom stuff...it doesn't seem to hurt them in the market. So, maybe we're wrong for going to such great lengths to stick with OS standard packages, locations, etc. I just know that the reason we originally built Virtualmin was because I hated that the leading control panels of the day replaced everything, and left me with a system that looked nothing like my favorite distro. I like knowing where everything is, and knowing I can hit the command line to do weird stuff without it breaking the control panel.

    On the firewall question, we may have too many options to ever make anyone ecstatically happy. We have GUI support for iptables, Firewalld, CSF, and a bunch of others, found under the Webmin tab. We automatically open the right ports for web service during installation, if you have either Firewalld or iptables running (using the CentOS standard iptables setup). If you don't have a firewall running when we install, we won't touch the configuration, but the Webmin modules for all of the firewalls can be used at any time to configure one. I don't know the right answer on this one. Most firewall scripts are way overkill for a web hosting system...incredibly complex, including things that make no sense (like DMZ, routing, etc.). The rules for a web host should be dead simple: Deny everything, allow ports we need, allow outgoing, possibly some more complex rules if bandwidth is at a premium (to favor interactive services and give up some speed/latency on things like mail that don't need to be fast or low-latency). You tell me...what is it you want an "automatic" firewall to do right after install? We already open our needed ports, but we don't turn on a firewall if you don't have one.

    So, maybe if we find ourselves installing on a system without a firewall we just turn something on and then open those ports. Would that satisfy your "needs a firewall after install" requirement for you? I hate firewalld for servers, but we support it due to customer requests...and, since it's the default on new CentOS versions, I guess that'd be the one we'd use. I also hate CSF for web servers, because it just tremendous overkill; great project, but awful for the simple needs of most Virtualmin servers. Our UI guy really loves it, though, so maybe it's the right choice anyway...if we hide all the unnecessary stuff, I guess it would be harmless to have all of it tucked away behind the scenes. My preference is iptables, but it's considered intimidating by many, and we're trying to make things easier here.

    I don't know if Fail2ban should be on by default, but maybe it should be an option in the post-install wizard. We do have UI support for it in Webmin. It would be a simple "yes/no" question to enable it for the common services...it could be further customized after install using the full module in Webmin. So, that's not hard to implement. It might even be able to make it into Virtualmin 6 coming out soon.

    So, in short: We can/will solve the MySQL root password thing, probably soon. We can/will solve the fail2ban thing, also soon. Not sure what to do about firewalls; I hate the simple options and the option I like (iptables) is considered intimidating by a lot of users, even with the iptables Webmin module.

    We know about the clamav issue (obviously, since we cover in the docs)...I believe it has to do with how slow ClamAV is to start up the first time; once it's up and running, the error goes away. This behavior happens on the command line, too, it isn't just a Virtualmin issue. It's just ClamAV being ClamAV. Maybe someday ClamAV will be good.

    Anyway, this is great feedback! I'm glad I stumbled on it in my google alerts! Please feel free to chime in on our forums to make suggestions, and file bugs in our tracker with any bugs you find in Virtualmin (the issue tracker does double duty as the support tracker for paying Virtualmin Pro customers, and also as a place to report bugs in any project we maintain).

    Cheers,

    Joe

  • MaouniqueMaounique Host Rep, Veteran

    I also use virtualmin and even use cloudmin. Long ago used webmin too.
    Once you get the grip of the interface it is pretty easy and I like that I can do whatever (almost) I want behind the scenes with the shell without breaking stuff.
    In the past I used kloxo, EHCP and others, but recently I am out of the loop as I put up virtualmin for everything I need a quick fix accessible by others too.
    It just works, is pretty secure and, while not so eye-candy for the lusers, it does not involve a steep learning curve.

    Thanked by 2Amitz switsys
  • @Maounique said:
    I also use virtualmin and even use cloudmin. Long ago used webmin too.

    I think if you're using Virtualmin, then you're using Webmin as well?

  • alaningus said: I think if you're using Virtualmin, then you're using Webmin as well?

    You can install either/or in the meantime AFAIK.

  • alaningusalaningus Member
    edited February 2017

    @Amitz said:
    You can install either/or in the meantime AFAIK.

    I think the Virtualmin installer also installs Webmin.

    From their Support Forum:

    Webmin is a system administration tool that makes it simpler for admins to manage their Linux boxes.

    >

    Virtualmin is a module that sits on top of Webmin, that provides functionality for non-root users to manage their shared hosting accounts.

    Thanked by 1Amitz
  • AmitzAmitz Member
    edited February 2017

    alaningus said: I think the Virtualmin installer also installs Webmin.

    Yes, you are right! You can either have only Webmin or Webmin with VirtualMin on top. I have VirtualMin running on 4 servers, I should have known better...

    Maounique said: I also use virtualmin and even use cloudmin. Long ago used webmin too.

    Once you get the grip of the interface it is pretty easy and I like that I can do whatever (almost) I want behind the scenes with the shell without breaking stuff.

    Also for me, VirtualMin is the best free panel out there. I even voluntarily pay a license fee for one of the servers. Not because I need it, but because I think they deserve it.

    Thanked by 2alaningus SwellJoe
  • Does virtualmin run fine on less than <2GB RAM fine ?

    Can you choose not to have Apache or use Nginx as rev. proxy out of the box ? or during the install?

    Last I used Virtualmin/Webmin (3 years back), though it was pretty advanced and controllable, the interface was confusing. Just too many options at too many places... hard to learn. Support on forums was awesome though. I think the new skin is cool too. I'll give it a go on an idle machine sometime

  • EZnetHostEZnetHost Member
    edited February 2017

    I have a bunch of VPS's configured with Virtualmin. i love it. It's really easy to setup, really easy to use, it integrates with WHMCS without issues, CSF Firewall is insanely easy to setup configure.

    If you can find the Scripts you can add the ability to auto install a ton of external apps on your webspaces.

    I much prefer it to Cpanel to be honest.

    The only thing I don't like is you can't "Integrate" things like Hordemail or roundcube, Virtualmin wants each user to setup their own webmail app. they do supply "usermin" which is an integrated webmail app but I don't care for it to be honest. you can setup a domain and provide them but it's a bit of a pain.

    I also setup 2 Small VPS's to act as Name servers and they all interact and update automatically.

    Great software.

    Thanked by 1SwellJoe
  • raindog308raindog308 Administrator, Veteran

    @SwellJoe said:
    Hey raindog308,

    Thanks for checking out Virtualmin and posting your thoughts!

    Wow, it's awesome you replied. Thanks much fo posting this.

    On the MySQL root password issue, this one comes from there already being a MySQL/MariaDB root password set...before Virtualmin ever touched the system. A fresh install that doesn't have MySQL on it shouldn't run into this (AFAIK), but many hosting VPS images have MySQL configured, and they have a root password set as part of the imaging process.

    I hear what you're saying but that's not what happened here.

    To help make Virtualmin better, this morning I created a new 1024MB Linode at their Fremont DC. I built it with Debian 8.

    Here is a walk through of everything I did. Long story short, from a virgin Deb 8 I verified no MySQL was installed, installed Virtualmin, and got the Mysql bug. At no time did I manually install Mysql or set the password:

    http://pastebin.com/hW46aYKp

    If I image Deb 8 and manually install Mysql, the root password is blank, so Virtualmin is somehow setting it before it forgets it. Let me know if I can assist.

    That philosophy of treating your OS decision as sacred trickles down into all sorts of places, which maybe doesn't make everyone happy.

    Yeah, that's really not what I was looking for. I understand it but it's a very different philosophy:

    cpanel: you have a cpanel server and as such, you're going to run it in a cpanel way. if you don't want to have a cpanel server, run something else. cpanel expects installation atop a virgin OS. That's tablestakes for cpanel to manage your system well.

    virtualmin: we have opinions but will let you override. If you don't have iptables, we won't install it. Have MySQL? We leave it alone. Etc.

    The problem with this is that it's 10x more complicated to support, and you don't have the cpanel staffing. Also, you're assuming that users are pro sysadmins. For example, if there's no firewall, you don't set one up (on Debian)...I think that's a mistake.

    It may be that our adherence to this philosophy is counter to our desire to make things as easy as possible, especially for non-technical users. So, it may be worth revisiting it. Our leading competitor, who shall not be named, replaces the whole damned stack with their custom stuff...it doesn't seem to hurt them in the market.

    I think that's what an unsophisticated user wants. Heck, I'm a pro and that's what I want!

    I guess it doesn't have to be all or nothing - make it "we expect you'll let us take over, but you can check this box if you want to have more say but then you're on your own", etc.

    On the firewall question, we may have too many options to ever make anyone ecstatically happy. We have GUI support for iptables, Firewalld, CSF, and a bunch of others, found under the Webmin tab. We automatically open the right ports for web service during installation, if you have either Firewalld or iptables running (using the CentOS standard iptables setup). If you don't have a firewall running when we install, we won't touch the configuration,

    Again, I think this is a mistake. Out of the box, I want my server to be setup for web hosting and secure. Lack of a firewall hinders this. Even if I setup a firewall, will an unsophisticated user know about fail2ban?

    So, maybe if we find ourselves installing on a system without a firewall we just turn something on and then open those ports. Would that satisfy your "needs a firewall after install" requirement for you? I hate firewalld for servers, but we support it due to customer requests...and, since it's the default on new CentOS versions, I guess that'd be the one we'd use. I also hate CSF for web servers, because it just tremendous overkill; great project, but awful for the simple needs of most Virtualmin servers.

    I hate firewalld, too :-) I do like CSF. I just think web servers/mail servers/FTP servers need an active, fail2banned firewall otherwise there is no brute protection.

    We know about the clamav issue (obviously, since we cover in the docs)...I believe it has to do with how slow ClamAV is to start up the first time; once it's up and running, the error goes away. This behavior happens on the command line, too, it isn't just a Virtualmin issue. It's just ClamAV being ClamAV. Maybe someday ClamAV will be good.

    Yep, this one isn't your fault.

    I guess I'd come to Virtualmin with more of a cpanel mindset: here's my virgin server, make it a secure, performant web server and I don't care what you install/configure. Virtualmin's mindset seems a little different, which is perfectly fine. And by fixing up mysql and adding fail2ban/CSF I was able to

    Been living with virtualmin since I set it up and have moved a bunch of sites on to it - seems to be running great. Overall, a very nice product.

    Thanks again for your post!

    Thanked by 1SwellJoe
  • @mehargags said:
    Does virtualmin run fine on less than <2GB RAM fine ?

    Can you choose not to have Apache or use Nginx as rev. proxy out of the box ? or during the install?

    Last I used Virtualmin/Webmin (3 years back), though it was pretty advanced and controllable, the interface was confusing. Just too many options at too many places... hard to learn. Support on forums was awesome though. I think the new skin is cool too. I'll give it a go on an idle machine sometime

    Virtualmin runs just fine with under 2GB infact there's people running it on 256 and 512MB with no issues too. I installed Virtualmin with Nginx a year ago and I thought the process was very easy. They have a great guide on how to do it on the Virtualmin website. It can be a little daunting at first but once you have used it for a bit you'll start to appreciate how many options are available and just how easy it can be to use :-). I rarely use control panels on my servers but if I were to use a free control panel it would be Virtualmin.

  • i also do not like the interface, but once configured, it works and that is the point.

    there is alternate theme for vesta out, was not working some month ago, but maybe it is fixed now

    https://forum.vestacp.com/viewtopic.php?f=10&t=7234&sid=999c112d0a9407116924eadc70e100fe

  • I like Virtualmin and the way you can ssh backup to another vps this has pulled me out of the s*** a few times.

    @raindog308
    This is a nice simple setup for starting out from @fapvps https://www.lowendtalk.com/discussion/18133/virtualmin-security-guide-part-one-22-images

    And the firewall https://www.lowendtalk.com/discussion/18136/virtualmin-security-guide-part-two-7-images#latest

    @SwellJoe
    I like using Debian-8 and have been trying to set up PHP7 with Nginx or Apache but no matter what I did I had problems so I gave up for a while now and installed Ubuntu-16. It would be nice if you could do a slimmed down version of the install for small VPS without the email and bind9 stuff. And the new theme is nice but I always go back to the old one as I like to use the file manager the new one doesn't seem to work as well and also seems a bit slow to respond. Don't get me wrong I still love it :) and thanks for all the hard work.

    Thanked by 1raindog308
  • Still getting aids when i look at Vesta's PHP part...

Sign In or Register to comment.