Steven SullivanSteven Sullivan - 5th October 2016

NOW WORKS WITH THE NEW VERSION 0.9.8-20! 🙂

Please upgrade to VestaCP release 20. A security flaw currently affecting servers is present in release < 20. If upgrade is not yet available, please patch

I decided to create the perfect VestaCP server installer script (in my opinion) for CentOS 7 (I have only tried it on CentOS 7). Basically, you run it, it asks a few questions and then it sets up a perfect server including CSF, Monit and PHP 7 (if you want it). Amazing, right?

THIS SCRIPT SHOULD BE USED ON A NEW SERVER. THIS SCRIPT INSTALLS VESTACP TOO.
I DO NOT ACCEPT ANY RESPONSIBILITY, SHOULD THIS SCRIPT DAMAGE YOUR SERVER.

What this VestaCP Server Installer does:

  1. Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.
  2. Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.
  3. Installs CSF as a Firewall with common settings.
  4. Asks if you want to install Softaculous.
  5. Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).
  6. Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to reduce more spam. It also prevents the server from editing the file.
  7. Asks you if you would like to harden the /etc/sysctl.conf file for security.
  8. Enables Dovecot quotas and configures Dovecot performance.
  9. Installs SpamAssassin rules to help prevent further spam.
  10. Updates the file /etc/exim/dnsbl.conf to further reduce spam.
  11. Updates Exim to make sure there is no delay accepting email.
  12. Fixes NGINX and secures it even further so you receive a A (A+ requires you enable HSTS) at Quality SSL Labs.
  13. Fixes PHP-FPM to use less memory and crash less often.
  14. Installs and configures Monit to monitor your server.
  15. Asks you if you want to install PHP 7. WordPress supports PHP 7.
  16. Makes websites use HTTP2 instead of HTTP1.1

vestacp server installer  monit-logo  csf_large

 

Run the following commands to install the VestaCP Server Installer

Before installing please make sure your hostname resolves to an IP address otherwise the LetsEncrypt script won’t be able to secure your VestaCP Server Installer correctly!

wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7.sh -O ./CentOS7.sh
chmod 777 ./CentOS7.sh
sudo ./CentOS7.sh

 

Next hold tight and watch it set-up the server. It may take 15 minutes just securing the server as part of the script generates DH parameters to secure NGINX (this could take up to 1 hour on 1 core DigitalOcean VPS’s).

Right at the very end the console instructs you to reboot the server – you should.

 

If you’re looking for the older version for 0.9.8-17, you’ll find it here:

wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7-0.9.8-17.sh -O ./CentOS7.sh

129 thoughts...

  1. Maurizio says:

    Hello Steven,
    everything is great with your script, except that when i try to edit php.ini from vestaCP panel GUI i get errors, it only works if i edit php.ini manually using the shell.

    I was wondering why that happens.
    Thank you

    1. Hi Maurizio,

      Can you paste the errors you see and/or link a screenshot?

      Thanks,
      S.

      1. Maurizio says:

        Hello Steven,
        it was an error from vesta but after digging a bit i found the culprit in the php.ini path
        There are 2 files in the /usr/local/vesta/bin that needs to be edited to reflect the correct php.ini path (/etc/opt/remi/php70), those two files are:

        v-list-sys-php-config
        v-change-sys-service-config

        in that last file you also need to change row 98 to: service=”php-fpm”

        Now everything seems to work correctly with those fixes.
        Maybe you should add it to your wonderful setup script

        1. Hi Maurizio,

          I’ve upvoted you just in case anyone else has the same problem as you (this was the first reported).

          I’m unwilling to change the script to modify VestaCP’s core, as if I did, any update VestaCP releases will overwrite the file. I understand there are ways to prevent this, but that’s not a good way to handle core files.

          Thanks,
          S.

          1. Maurizio says:

            Hi Steve, I agree with your doubts on changing vesta-core commands. Maybe there is a more slick and consistent way to fix this issue? Actually I do not understand why v-change-sys-service-config file does not pick up the right php.ini file.
            Well i’ve forgot to mention that the issue I’m (and some other users on vesta official forum) facing is with PHP7 version, maybe this not happens using an older version of PHP but i guess this is nearly jurassic now 🙂
            So if you have spare time and can take a look to the weirdness of php.ini path, it would be great.
            Thank you again for your great script.

  2. Jose says:

    Hello, excellent installer I use it a lot, but in certain cases I need to use apache.

    you could please create something like that but with apache + nginx.

    It would be very helpful, thank you very much for your time.

  3. siaziz says:

    hi steven..
    i already install but after that my host cannot access or ping/ssh/ftp/smtp..
    but i can login vestacp via other domain (after i add other domain)
    what must i do ?
    help pls..Thanks

  4. dstamatoiu says:

    I am getting.. Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.

    I know for a fact that the hostname is resolving to an ip. Checked that many times. I also commented out the lines you recommended to someone else and still getting the error.

    Is there something that can be done?

    1. Sorry for the delay.

      Change the line

      IPAddress=$(hostname -i)

      To be your public IP address i.e.

      IPAddress=192.168.0.1

  5. Ahsan Habib Khan says:

    I delete one user with the domain name, after that I create a new username & added a domain, the the SSL certificate is not activated it shows ” Error: LetsEncrypt account registration 400″ , the server works fine with other new domain the problem comes with single domain which I delete recently. What should I Do ?

    1. Try this link: https://forum.vestacp.com/viewtopic.php?f=11&t=14296

      This error is related to LetsEncrypt and VestaCP – so I cannot provide support.

  6. Todas Mamis says:

    Hello, install the good script in another test vps, update the mariadb to 10.2.

    but now the experiment does not recognize the process, apparently the file: /var/run/mariadb/mariadb.pid

    it is removed or it changes location. How can it be made to work again?

    greetings and thanks.

    1. You will have to manually find the .pid file. It’s usually in the /var/run folder.

  7. Todas Mamis says:

    Hello, incredible script I congratulate you.

    I would like to know if it is possible to install it, without DNS or EMAIL

    since it does not use, for users it uses cloud and does not use emails in any way.

    I
    am the one that I am, I am trying to do things so as not to pay an
    administrator of the servers, ultimately they are very expensive.

    Thank you.

    I speak Spanish, I use Google translator.

    1. Hello,

      It is possible but would need modification to different lines in the script. You may still install the script but just not use email or DNS.

      1. Todas Mamis says:

        Thank you very much for the quick response.

        with respect to the configuration, should we configure something else? I have a wordpress site with a lot of traffic, about 60 thousand visits per day.

        I do not know if no configuration can give problems with that amount of daily visits.

        1. Nope this script installer will be able to handle this. One of the best tools you could use is a cache plugin for WordPress as this will help reduce server load. I would use WP Fastest Cache or my favortie plugin called Breeze: https://wordpress.org/plugins/breeze/

          1. Todas Mamis says:

            Hello, I am again, I have installed your script until now, everything is perfect, even though I have a doubt. I think the content is not forced in HTTP / 2

            I see my log accesses and everything says: HTTP / 1.1

            How can I solve this or what I’m missing Configuration?

          2. Are you using HTTPS? HTTP2 is only available on HTTPS.

          3. Todas Mamis says:

            Sure, I have everything under HTTPS

            I even thought it was strange, because in my old server I had Apache + Nginx, and there if I said HTTP / 2 in the access logs.

          4. Do you want to tell me the domain and I will test it.

          5. Todas Mamis says:

            I think the
            problem is cloudflare, I deactivate the cloud in cloudflare and my
            access log begins to fill with records with HTTP / 2.0. When I activate it, it returns everything to HTTP / 1.1.

            I’ll have to investigate more about this, do you use cloudflare? Could you try too?

          6. Todas Mamis says:

            He was always active and even then what he commits happens.

            It must be something else, from CloudFlare.

            Edit:

            This is what happens:

            https://gyazo.com/09fd4f99a2afd2d673663413c70328c5

  8. Amit says:

    After doing a yum update and yum upgrade i get these errors.How to fi them?

    Error: Package: php-twig-1.35.3-1.el7.remi.5.4.x86_64 (remi)
    Requires: php(api) = 20100412-64
    Installed: php-common-5.6.32-1.el7.remi.x86_64 (@remi-php56)
    php(api) = 20131106-64
    Available: php-common-5.4.16-42.el7.x86_64 (base)
    php(api) = 20100412-64
    Available: php-common-5.4.16-43.el7_4.x86_64 (updates)
    php(api) = 20100412-64
    Available: php-common-5.4.16-43.el7_4.1.x86_64 (updates)
    php(api) = 20100412-64
    Available: php-common-5.4.45-13.el7.remi.x86_64 (remi)
    php(api) = 20100412-64
    Available: php-common-5.4.45-14.el7.remi.x86_64 (remi)
    php(api) = 20100412-64
    Error: Package: php-twig-1.35.3-1.el7.remi.5.4.x86_64 (remi)
    Requires: php(zend-abi) = 20100525-64
    Installed: php-common-5.6.32-1.el7.remi.x86_64 (@remi-php56)
    php(zend-abi) = 20131226-64
    Available: php-common-5.4.16-42.el7.x86_64 (base)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.16-43.el7_4.x86_64 (updates)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.16-43.el7_4.1.x86_64 (updates)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.45-13.el7.remi.x86_64 (remi)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.45-14.el7.remi.x86_64 (remi)
    php(zend-abi) = 20100525-64
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest

  9. António says:

    To be a really perfect server, having MariaDB v10.1 would be perfect! Can you please for now provide instructions on how to update after install is made? And maybe in the future add/incorporate the MariaDB v10.1 update into your script? Keep up the good work and thanks for sharing this script!

    1. SSULLIVAN88 says:

      Hi António,

      You could use this tutorial: https://www.liquidweb.com/kb/how-to-upgrade-mariadb-5-5-to-mariadb-10-0-on-centos-7/

      But don’t try it on a production server!

  10. Victoria Fyodorova says:

    your script works very well for last few months. today I restart the server after 39 days & nginx is not starts. meanwhile csf tab is not here & notice that its version 0.9.8-18 . now what should I do to run the server nginx.

    1. SSULLIVAN88 says:

      Hi Victoria,

      There should be more in the error log.. That error “spdy” is just an informational message.

      1. Victoria Fyodorova says:

        2018/01/17 20:27:13 [emerg] 29745#29745: unexpected “}” in /home/vicrex_82v/conf/web/mysite.com.nginx.ssl.conf:48

      2. Victoria Fyodorova says:

        going to reinstall.. as mail server sont access. thank you so much for your quick support
        .

  11. Tigernak says:

    Hi,
    I have installed your script on google cloud VM with ram 3.7GB, 20 GB SSD strorage.
    I still got the hostname changed back to the VM name everytime after rebooting, while google did not allow FQDN for VM name.
    I quote point 5 “Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).”
    Is it any exception for google cloud machine?
    Any clue to overcome this problem?
    Thank you.

    1. SSULLIVAN88 says:

      Try typing the following commands as root. These commands set the hostname and then prevent the file from being modified. I think maybe Google blocks this. I don’t use Google Cloud.

      Let me know if there are any error messages. Replace HOSTNAME with the hostname you tried to set-up the server with.

      hostname HOSTNAME
      echo HOSTNAME > /etc/hostname
      chattr +i /etc/hostname

      1. Tigernak says:

        There is no error messages.
        Hostname stored successfully in /etc/hostname and became not writable with chattr.
        Upon rebooting the file keep unchange, but the hostname still changed back to VM name.
        # hostname
        VM NAME

        After that I tried to also set the hostname in /etc/host and make it unwritable, and reboot again.
        hostname MYHOSTNAME
        echo MYHOSTNAME > /etc/hosts
        chattr +i /etc/hosts

        Rebooting result still same, that two files not change but hostname still changed.

        1. SSULLIVAN88 says:

          Hello,

          I have found this which will help. It looks like Google Cloud does not set the hostname in “normal” ways however, the following script and answer will help you:

          https://stackoverflow.com/questions/25408612/google-compute-engine-how-to-set-hostname-permanently

  12. MOHD SAQIB KHAN says:

    using CentOS 7.3

  13. MOHD SAQIB KHAN says:

    Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.

    I have this error …

    using Scaleway Cloud Server with private and public IPs seperately …

    Please Provide solution

    1. SSULLIVAN88 says:

      Your public IP Address MUST resolve to the hostname. If it does, and you’re 100% sure it resolves, you can comment out line 21, and un-comment line 20 and re-run the script again. This will solve your issue.

      If your public IP address doesn’t resolve, then the SSL certificate set-up will not work.

      1. MOHD SAQIB KHAN says:

        worked …thx

  14. Hi Steven, your script has worked wonders so far thank you. Been running it for a few months.
    I don’t want to mess around too much with the server but what would be the best way to activate/install the php zip archive module for this installation?

    1. SSULLIVAN88 says:

      Hi Jan,

      Thanks for your comment – I appreciate it!

      I’m not sure which zip package you are referring to, but entering this comment:

      yum install php70-php-zip

      Should install what you’re looking for. You’ll need to reboot PHP-FPM afterwards.

Older Thoughts...
1 2

Leave a Reply

Your email address will not be published. Required fields are marked *