Steven SullivanSteven Sullivan - 5th October 2016

NOW WORKS WITH THE NEW VERSION 0.9.8-20! 馃檪

Please upgrade to VestaCP release 20. A security flaw currently affecting servers is present in release < 20. If upgrade is not yet available, please patch.聽

I decided to create the perfect VestaCP server installer script (in my opinion) for CentOS 7 (I have only tried it on CentOS 7). Basically, you run it, it asks a few questions and then it sets up a perfect server including CSF, Monit and PHP 7 (if you want it). Amazing, right?

THIS SCRIPT SHOULD BE USED ON A NEW SERVER. THIS SCRIPT INSTALLS VESTACP TOO.
I DO NOT ACCEPT ANY RESPONSIBILITY, SHOULD THIS SCRIPT DAMAGE YOUR SERVER.

What this VestaCP Server Installer does:

  1. Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.
  2. Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.
  3. Installs CSF as a Firewall with common settings.
  4. Asks if you want to install聽Softaculous.
  5. Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).
  6. Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to聽reduce more spam. It also prevents the server from editing the file.
  7. Asks you if you would like to harden the /etc/sysctl.conf file for security.
  8. Enables Dovecot quotas and configures Dovecot performance.
  9. Installs SpamAssassin rules to help prevent further spam.
  10. Updates the file /etc/exim/dnsbl.conf to further reduce spam.
  11. Updates Exim to make sure there is no delay accepting email.
  12. Fixes NGINX and secures it even further so you receive a A (A+ requires you enable HSTS) at Quality SSL Labs.
  13. Fixes PHP-FPM to use less memory and crash less often.
  14. Installs and configures Monit聽to monitor your server.
  15. Asks you if you want to install PHP 7. WordPress supports PHP 7.
  16. Makes websites use HTTP2 instead of HTTP1.1

vestacp server installer聽聽monit-logo聽聽csf_large

 

Run the following commands to install the聽VestaCP Server Installer

Before installing please make sure your hostname resolves to an IP address otherwise the LetsEncrypt script won’t be able to secure your VestaCP Server Installer聽correctly!

wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7.sh -O ./CentOS7.sh
chmod 777 ./CentOS7.sh
sudo ./CentOS7.sh

 

Next hold tight and watch it set-up the server. It may take 15 minutes just securing the server as part of the script generates DH parameters to secure NGINX (this could take up to 1 hour on 1 core DigitalOcean VPS’s).

Right at the very end the console instructs you to reboot the server – you should.

 

If you’re looking for the older version for 0.9.8-17, you’ll find it here:

wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7-0.9.8-17.sh -O ./CentOS7.sh

130 thoughts...

  1. I installed on a Digital ocean vps, but can’t send a email. Can u help me?

  2. Maurizio says:

    Hello Steven,
    everything is great with your script, except that when i try to edit php.ini from vestaCP panel GUI i get errors, it only works if i edit php.ini manually using the shell.

    I was wondering why that happens.
    Thank you

    1. Hi Maurizio,

      Can you paste the errors you see and/or link a screenshot?

      Thanks,
      S.

      1. Maurizio says:

        Hello Steven,
        it was an error from vesta but after digging a bit i found the culprit in the php.ini path
        There are 2 files in the /usr/local/vesta/bin that needs to be edited to reflect the correct php.ini path (/etc/opt/remi/php70), those two files are:

        v-list-sys-php-config
        v-change-sys-service-config

        in that last file you also need to change row 98 to: service=”php-fpm”

        Now everything seems to work correctly with those fixes.
        Maybe you should add it to your wonderful setup script

        1. Hi Maurizio,

          I’ve upvoted you just in case anyone else has the same problem as you (this was the first reported).

          I’m unwilling to change the script to modify VestaCP’s core, as if I did, any update VestaCP releases will overwrite the file. I understand there are ways to prevent this, but that’s not a good way to handle core files.

          Thanks,
          S.

          1. Maurizio says:

            Hi Steve, I agree with your doubts on changing vesta-core commands. Maybe there is a more slick and consistent way to fix this issue? Actually I do not understand why v-change-sys-service-config file does not pick up the right php.ini file.
            Well i’ve forgot to mention that the issue I’m (and some other users on vesta official forum) facing is with PHP7 version, maybe this not happens using an older version of PHP but i guess this is nearly jurassic now 馃檪
            So if you have spare time and can take a look to the weirdness of php.ini path, it would be great.
            Thank you again for your great script.

  3. Jose says:

    Hello, excellent installer I use it a lot, but in certain cases I need to use apache.

    you could please create something like that but with apache + nginx.

    It would be very helpful, thank you very much for your time.

  4. siaziz says:

    hi steven..
    i already install but after that my host cannot access or ping/ssh/ftp/smtp..
    but i can login vestacp via other domain (after i add other domain)
    what must i do ?
    help pls..Thanks

  5. dstamatoiu says:

    I am getting.. Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.

    I know for a fact that the hostname is resolving to an ip. Checked that many times. I also commented out the lines you recommended to someone else and still getting the error.

    Is there something that can be done?

    1. Sorry for the delay.

      Change the line

      IPAddress=$(hostname -i)

      To be your public IP address i.e.

      IPAddress=192.168.0.1

  6. Ahsan Habib Khan says:

    I delete one user with the domain name, after that I create a new username & added a domain, the the SSL certificate is not activated it shows ” Error: LetsEncrypt account registration 400″ , the server works fine with other new domain the problem comes with single domain which I delete recently. What should I Do ?

    1. Try this link: https://forum.vestacp.com/viewtopic.php?f=11&t=14296

      This error is related to LetsEncrypt and VestaCP – so I cannot provide support.

  7. Todas Mamis says:

    Hello, install the good script in another test vps, update the mariadb to 10.2.

    but now the experiment does not recognize the process, apparently the file: /var/run/mariadb/mariadb.pid

    it is removed or it changes location. How can it be made to work again?

    greetings and thanks.

    1. You will have to manually find the .pid file. It’s usually in the /var/run folder.

  8. Todas Mamis says:

    Hello, incredible script I congratulate you.

    I would like to know if it is possible to install it, without DNS or EMAIL

    since it does not use, for users it uses cloud and does not use emails in any way.

    I
    am the one that I am, I am trying to do things so as not to pay an
    administrator of the servers, ultimately they are very expensive.

    Thank you.

    I speak Spanish, I use Google translator.

    1. Hello,

      It is possible but would need modification to different lines in the script. You may still install the script but just not use email or DNS.

      1. Todas Mamis says:

        Thank you very much for the quick response.

        with respect to the configuration, should we configure something else? I have a wordpress site with a lot of traffic, about 60 thousand visits per day.

        I do not know if no configuration can give problems with that amount of daily visits.

        1. Nope this script installer will be able to handle this. One of the best tools you could use is a cache plugin for WordPress as this will help reduce server load. I would use WP Fastest Cache or my favortie plugin called Breeze: https://wordpress.org/plugins/breeze/

          1. Todas Mamis says:

            Hello, I am again, I have installed your script until now, everything is perfect, even though I have a doubt. I think the content is not forced in HTTP / 2

            I see my log accesses and everything says: HTTP / 1.1

            How can I solve this or what I’m missing Configuration?

          2. Are you using HTTPS? HTTP2 is only available on HTTPS.

          3. Todas Mamis says:

            Sure, I have everything under HTTPS

            I even thought it was strange, because in my old server I had Apache + Nginx, and there if I said HTTP / 2 in the access logs.

          4. Do you want to tell me the domain and I will test it.

          5. Todas Mamis says:

            I think the
            problem is cloudflare, I deactivate the cloud in cloudflare and my
            access log begins to fill with records with HTTP / 2.0. When I activate it, it returns everything to HTTP / 1.1.

            I’ll have to investigate more about this, do you use cloudflare? Could you try too?

          6. Todas Mamis says:

            He was always active and even then what he commits happens.

            It must be something else, from CloudFlare.

            Edit:

            This is what happens:

            https://gyazo.com/09fd4f99a2afd2d673663413c70328c5

  9. Amit says:

    After doing a yum update and yum upgrade i get these errors.How to fi them?

    Error: Package: php-twig-1.35.3-1.el7.remi.5.4.x86_64 (remi)
    Requires: php(api) = 20100412-64
    Installed: php-common-5.6.32-1.el7.remi.x86_64 (@remi-php56)
    php(api) = 20131106-64
    Available: php-common-5.4.16-42.el7.x86_64 (base)
    php(api) = 20100412-64
    Available: php-common-5.4.16-43.el7_4.x86_64 (updates)
    php(api) = 20100412-64
    Available: php-common-5.4.16-43.el7_4.1.x86_64 (updates)
    php(api) = 20100412-64
    Available: php-common-5.4.45-13.el7.remi.x86_64 (remi)
    php(api) = 20100412-64
    Available: php-common-5.4.45-14.el7.remi.x86_64 (remi)
    php(api) = 20100412-64
    Error: Package: php-twig-1.35.3-1.el7.remi.5.4.x86_64 (remi)
    Requires: php(zend-abi) = 20100525-64
    Installed: php-common-5.6.32-1.el7.remi.x86_64 (@remi-php56)
    php(zend-abi) = 20131226-64
    Available: php-common-5.4.16-42.el7.x86_64 (base)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.16-43.el7_4.x86_64 (updates)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.16-43.el7_4.1.x86_64 (updates)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.45-13.el7.remi.x86_64 (remi)
    php(zend-abi) = 20100525-64
    Available: php-common-5.4.45-14.el7.remi.x86_64 (remi)
    php(zend-abi) = 20100525-64
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest

  10. Ant贸nio says:

    To be a really perfect server, having MariaDB v10.1 would be perfect! Can you please for now provide instructions on how to update after install is made? And maybe in the future add/incorporate the MariaDB v10.1 update into your script? Keep up the good work and thanks for sharing this script!

    1. SSULLIVAN88 says:

      Hi Ant贸nio,

      You could use this tutorial: https://www.liquidweb.com/kb/how-to-upgrade-mariadb-5-5-to-mariadb-10-0-on-centos-7/

      But don’t try it on a production server!

  11. Victoria Fyodorova says:

    your script works very well for last few months. today I restart the server after 39 days & nginx is not starts. meanwhile csf tab is not here & notice that its version 0.9.8-18 . now what should I do to run the server nginx.

    1. SSULLIVAN88 says:

      Hi Victoria,

      There should be more in the error log.. That error “spdy” is just an informational message.

      1. Victoria Fyodorova says:

        2018/01/17 20:27:13 [emerg] 29745#29745: unexpected “}” in /home/vicrex_82v/conf/web/mysite.com.nginx.ssl.conf:48

      2. Victoria Fyodorova says:

        going to reinstall.. as mail server sont access. thank you so much for your quick support
        .

  12. Tigernak says:

    Hi,
    I have installed your script on google cloud VM with ram 3.7GB, 20 GB SSD strorage.
    I still got the hostname changed back to the VM name everytime after rebooting, while google did not allow FQDN for VM name.
    I quote point 5 “Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).”
    Is it any exception for google cloud machine?
    Any clue to overcome this problem?
    Thank you.

    1. SSULLIVAN88 says:

      Try typing the following commands as root. These commands set the hostname and then prevent the file from being modified. I think maybe Google blocks this. I don’t use Google Cloud.

      Let me know if there are any error messages. Replace HOSTNAME with the hostname you tried to set-up the server with.

      hostname HOSTNAME
      echo HOSTNAME > /etc/hostname
      chattr +i /etc/hostname

      1. Tigernak says:

        There is no error messages.
        Hostname stored successfully in /etc/hostname and became not writable with chattr.
        Upon rebooting the file keep unchange, but the hostname still changed back to VM name.
        # hostname
        VM NAME

        After that I tried to also set the hostname in /etc/host and make it unwritable, and reboot again.
        hostname MYHOSTNAME
        echo MYHOSTNAME > /etc/hosts
        chattr +i /etc/hosts

        Rebooting result still same, that two files not change but hostname still changed.

        1. SSULLIVAN88 says:

          Hello,

          I have found this which will help. It looks like Google Cloud does not set the hostname in “normal” ways however, the following script and answer will help you:

          https://stackoverflow.com/questions/25408612/google-compute-engine-how-to-set-hostname-permanently

  13. MOHD SAQIB KHAN says:

    using CentOS 7.3

  14. MOHD SAQIB KHAN says:

    Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.

    I have this error …

    using Scaleway Cloud Server with private and public IPs seperately …

    Please Provide solution

    1. SSULLIVAN88 says:

      Your public IP Address MUST resolve to the hostname. If it does, and you’re 100% sure it resolves, you can comment out line 21, and un-comment line 20 and re-run the script again. This will solve your issue.

      If your public IP address doesn’t resolve, then the SSL certificate set-up will not work.

      1. MOHD SAQIB KHAN says:

        worked …thx

  15. Hi Steven, your script has worked wonders so far thank you. Been running it for a few months.
    I don’t want to mess around too much with the server but what would be the best way to activate/install the php zip archive module for this installation?

    1. SSULLIVAN88 says:

      Hi Jan,

      Thanks for your comment – I appreciate it!

      I’m not sure which zip package you are referring to, but entering this comment:

      yum install php70-php-zip

      Should install what you’re looking for. You’ll need to reboot PHP-FPM afterwards.

  16. Ant贸nio says:

    Hi,

    In the past week I have used your excelent script on 3 different VPS servers and all seems to work properly except for one thing: network speed.

    In a simple way, before I run your script I always make 2 different network speed tests to ensure server is working properly. The problem is that after installation the network speed becomes very low. On one of the servers I have already disable the CSF to see if the problem was related with the firewall, but the results are the same.

    Do you have any idea on what may be causing this? Can you test the bellow speed scripts on your server to see if the speed is good?

    The speed tests I use are:

    a) wget freevps.us/downloads/bench.sh -O – -o /dev/null|bash
    b) wget –no-check-certificate bench.sh && mv “index.html” “bench.sh” && chmod +x bench.sh && ./bench.sh

    Thanks!

    1. SSULLIVAN88 says:

      The problem is /etc/sysctl.conf

      However it is not a problem. The current config allows for fair network usage across multiple connections, thus slowing it down. If you were to allow one user utilize the entire bandwidth other users/services will see performance issues.

      You would have to read up on sysctl and/or truncate the file so the server defaults.

      1. Ant贸nio says:

        Thanks for the explanation. All my 3 VPS host only one application and they are only used by me.

        Can you tell me what are the specific sysctl.conf lines that I should comment/delete to avoid this issue? Thanks!

        1. SSULLIVAN88 says:

          Hi Ant贸nio,

          It’s been a long time since I used sysctl so I do not know the answer. I believe I used a combination of values from best practice tutorials around the Internet, but I can’t remember which values are which. You will have to research by yourself.

          1. Ant贸nio says:

            Ok, I understand. But since I don’t have experience optimizing sysctl.conf can you tell me what lines should I comment on your script in order to ignore the “Step 6 – Hardens the /etc/sysctl.conf file for security” to be ignored during installation?

            Also I have replace the default sysctl with the one I found at: https://gist.github.com/kgriffs/4027835 and with this new config network speed issue seems to be resolved.

          2. SSULLIVAN88 says:

            Comment out lines 71-78

            # Harden sysctl.conf

            a=”`netstat -i | cut -d’ ‘ -f1 | grep eth0`”;
            b=”`netstat -i | cut -d’ ‘ -f1 | grep venet0:0`”;
            if [ “$a” == “eth0” ]; then
            curl https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/sysctl.conf-eth0 > /etc/sysctl.conf
            elif [ “$b” == “venet0:0” ]; then
            curl https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/sysctl.conf-venet0 > /etc/sysctl.conf
            fi
            sysctl -p

          3. Ant贸nio says:

            Thank you! Just one final question:

            If I coment the lines 71-78 the sysctl.conf with me generated by default by VestaCP with VestaCP default values, correct? In a simple way, the sysctl.conf will be equal to a default VestaCP install using VestaCP default install script, correct?

            Thanks

          4. SSULLIVAN88 says:

            You are correct. It will be the default of a CentOS install as VestaCP does not edit these files.

  17. Hi, I’ve been having a hard time loging into phpmyadmin. I am using the username and password used to create the script. I’ve tried loging in as root. No luck any suggestions?

    1. SSULLIVAN88 says:

      Hi Jan,

      If you’re logging in as root, it’s going to be the username root and the password you used when installing. You can find out the password of the root user by looking at the file: /usr/local/vesta/conf/mysql.conf

      1. Yeah, that’s the thing that has been bothering me. I’ve been using those credentials. I’ve also checked the mysql.conf file and using this. But it instead of logging in or even giving me an error code the page just reloads, regardless of using the right or wrong password? Super strange.

        Update: So after a bit of searching the interwebs I figured out it’s something to do with session folder that’s not writeable. Got no Idea how that happened. I found a few suggestions on fixing this. But it being your script I feel more relax following your suggestion on fixing this.

  18. Loc Nguyen says:

    Hello

    I’m using this great script without any problem. But since some days ago, my VPS kept crashing and I can only reboot it to make it available again. After inspection from the VPS provider, they said that the lfd service caused the problem. But I am not sure exactly that how to solve that. It will be crashed again soon. Can you help me ? Thank you very much !

    1. SSULLIVAN88 says:

      Hi Loc,

      I need more details about the spec. of your VPS (CPU, RAM, etc). Can you supply me those?

      I find it hard to believe CSF crashes the VPS if the RAM is adequate. Have you checked the logs? Is CSF up-to-date?

      1. Loc Nguyen says:

        Hi Steven

        My VPS has 3GB RAM, 40 GB Storage and 3 Cores CPU. I have just updated the CSF to the latest version (v10.22) but I’m not sure if the problem has been solved or not. If possible, can you have a closer look at my system to inspect the issue ? I’m not an expert in VPS administration. I can provide you the root account to do that. Thank you very much Steven

        1. Ant贸nio says:

          Hi @disqus_3bJgyg8Ptd:disqus

          Can you share what steps/commands did you use to update CSF to latest version? Thanks!

          1. Loc Nguyen says:

            Hi Ant贸nio

            If you are using this server installer script from Steven, it’s easy. Just go to the VestaCP -> CSF -> and press the Upgrade button. This button is available if there’s a new version of CSF.

  19. Ant贸nio says:

    Hi,

    Try today to install on a new VPS and the hostname error equal to @janclaasen:disqus happen to me. I comment out the line 20 and uncomment line 19 and after that problem solved!

    But i’m having another issue: SSL is not installed. The following error shows up when installing:

    Error: Fetching http://server.mydomain.com/.well-known/acme-challenge/F3i7ophCTePP9QYv9x4GoHFYotc85Hxap7zb20C6BUk: Error getting validation data
    sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory
    Generating DH parameters, 4096 bit long safe prime, generator 2
    This is going to take a long time
    …………………………….

    Can you give me any advice on how to resolve this? Thanks!

    1. SSULLIVAN88 says:

      Hi Antonio,

      I would wait a few hours and try a fresh install. If Let’s Encrypt cannot create an SSL Certificate then it’s usually because the DNS has not properly propagated around the internet yet.

      1. Ant贸nio says:

        It’s strange because DNS was already changed 48 hours ago and when check on https://www.whatsmydns.net/ it shows that DNS is already propagated.

        Also after the install was made I try to manually install Let’s Encrypt using a different script on this server and it worked out fine. So if the issue was due to DNS propagation it will not work with neither scripts.

        Any way will wait a few more hours and test again.

        1. SSULLIVAN88 says:

          You can also run the following commands to get an SSL Certificate on the hostname:

          Replace HOSTNAME with your server’s hostname.

          /usr/local/vesta/bin/v-add-letsencrypt-domain admin HOSTNAME

          If that works as expected, then run the following to secure everything.

          rm -f /usr/local/vesta/ssl/certificate.crt
          rm -f /usr/local/vesta/ssl/certificate.key
          ln -s /home/admin/conf/web/ssl.HOSTNAME.pem /usr/local/vesta/ssl/certificate.crt
          ln -s /home/admin/conf/web/ssl.HOSTNAME.key /usr/local/vesta/ssl/certificate.key
          chown root:mail /usr/local/vesta/ssl/certificate.*

          You will need to restart Vesta, Exim, and Dovecot.

          1. Ant贸nio says:

            SSL still does not work. So I have try your advice and it shows the following. Is this what you mean as work as expected? Or should I make anything different?

            /usr/local/vesta/bin/v-add-letsencrypt-domain server1.mydomain.com
            Usage: v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART] [NOTIFY]

            If I try just with the domain (that is not hosted on this server) it shows the following:

            /usr/local/vesta/bin/v-add-letsencrypt-domain admin mydomain.com
            Error: web domain mydomain.com doesn’t exist

            Thanks

          2. SSULLIVAN88 says:

            Your first command should be this:

            /usr/local/vesta/bin/v-add-letsencrypt-domain admin server1.mydomain.com

          3. Ant贸nio says:

            Hi. I made a new a clean installation and now it worked all properly! the change I made was to stop “firewalld” running the command:

            systemctl stop firewalld

            After that your script worked out perfect! Should I also disable firewalld from booting running the commmand:

            systemctl disable firewalld

            Or I can just leave it as it is? I don’t know how CSF will interact with firewalld.

            Once again thanks for all your help! Great script!

          4. SSULLIVAN88 says:

            You can run the command to disable it. 馃檪

  20. I am getting this errror when trying to add my hostname even though I know it’s pointing correctly to my server
    Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.

    1. SSULLIVAN88 says:

      Hi Jan,

      Comment out line 20, and uncomment line 19. So the file looks like so:

      IPAddress=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut -f1 -d’/’)
      #IPAddress=$(hostname -i)

      Then re-run the command – that should work.

  21. Ant贸nio says:

    Hi,

    Again great script! Just installed on a new VPS and all looks amazing! Just 3 questions:

    1- How can I enable Monit access to be forced and only by HTTPS/SSL (it can be it’s own self-signed SSL)?

    2- How can I change Monit default admin password?

    Thanks and Keep up the good work! I will now setup a backup mx server using your other tutorial!

    1. SSULLIVAN88 says:

      Hi Ant贸nio,

      1) You have to set this up in Monit but you cannot use the normal VestaCP SSL. You would either have to create your own, or use a self-signed certificate. Check this tutorial out: http://terraltech.com/enabling-ssl-in-monit-and-mmonit/

      2) Edit the file /etc/monitrc an you’ll see where you need to change it. It’s on line 6.

      1. Ant贸nio says:

        Thanks a lot for the information! Just one more question:

        I have installed your script on 2 different KVM VPSs and on both all went fine, and all seems to be working properly. But when checking in detail the installation log I saw the following 2 errors during instal on both servers.

        sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument
        sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory

        Are this errors something hat I should fix or worry about? Thanks!

        1. SSULLIVAN88 says:

          The “sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument” error is generated by my script.

          Can you open up /etc/sysctl.conf and at the bottom change the line to:

          net.ipv4.ip_local_port_range = 16384 65536

          The second error you can ignore because it was made by VestaCP. it’s currently a valid error. Again, nothing to worry about!

          1. Ant贸nio says:

            Hi,

            About the error “sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument” it’s strange because I checked my /etc/sysctl.conf ans the line: “net.ipv4.ip_local_port_range = 16384 65536” is present there. Any idea on why the error shows?

            Also about the SSL error “sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory” I maybe found the solution on the thread: https://forum.vestacp.com/viewtopic.php?t=13171

            I apply what it says on the last comment of that thread:
            touch /usr/local/vesta/data/queue/letsencrypt.pipe
            chmod 750 /usr/local/vesta/data/queue/letsencrypt.pipe

            What do you think? Is this a fix for the SSL error?

            Thanks!

          2. SSULLIVAN88 says:

            The “ip_local_port_range”: I thought the error was due to incorrect setting, but I am not sure. It’s either wrong (I don’t think it is), or it’s because your host will not allow you to modify that setting.

            Yes, the SSL fix should work. Don’t forget to set the permissions: https://forum.vestacp.com/viewtopic.php?t=13171#p60644

  22. Guido says:

    Hi
    sorry for my issues.
    I see an old Monit version installed in your script. Is it possible to install the latest version?
    Or can you say how we can upgrade it, please ?

    Regards

    1. SSULLIVAN88 says:

      Unfortunately this is not my script — it’s the CentOS official repo that needs to be updated but they never are really once it’s flagged as stable.

      You would first need to remove the monit package via yum and then install from source to get the latest version.

      What features are in the new version you need?

      1. Guido says:

        I understand it.
        I see many issues fixed in the last versions….so I asked if was possible to update it.
        Thanks for your soon reply.

  23. Guido says:

    hi

    Thanks for your script. I installed it now with php 7.
    I need install mcrypt and zip php libraries. Opencart requires them…
    Can you help please?

    1. SSULLIVAN88 says:

      yum install php70-php-mcrypt php70-php-zip

      1. Guido says:

        thanks!
        it is working now.

        1. SSULLIVAN88 says:

          Glad I could help!

        2. SSULLIVAN88 says:

          Glad I could help!

  24. Victoria Fyodorova says:

    I have a very poor idea about the server management but for a nonprofit religious organization, I have to build a server. Purchased a VPS from contabo. But the issue is, with your provided script my server(24GB RAM-Full SSD) loads like a shared hosting (WordPress- woo commerce), But with server pilot its working great. but the lack of server pilot others advantages I am looking to use Vesta cp. is there any solution for increasing the page load & full utilization of CPU + Ram per visitor. Thanks

    1. SSULLIVAN88 says:

      Hi Victoria. Firstly, thank you for using my script. Secondly, the speed issue could be a number of things:

      Are you using PHP 7? If not, please upgrade as this will give you a speed increase almost instantly.

      You might need to increase the memory usage in the php.ini file. This variable is named `memory_limit`. Don’t set it too high or you will experience a slow server when lots of visitors are on your website.

      With WordPress, the best way to test the speed is by logging in, and then logging out. When you are logged out, you can browse the website as a visitor would see it. When you are logged in, it uses more server resources because you’re loading more things (such as plugins, core updates, etc).

      The rest is heavily dependent upon your WordPress install. This script is optimized for smaller websites, not heavy ones. I do however use this on a very heavy WordPress + WooCommerce install with millions of hits and it runs great.

      I would also advise getting some kind of cache script (only non logged in visitors will see the cached result) and the only one I would recommend is called WP Fastest Cache.

  25. Ahsan Habib Khan says:

    I need to increase the Max file size on phpmyadmin database import section. i use your provided vestacp .sh file to setup my server. can you please help to to increase this ? its 2MB only, I need it 50MB.

    1. SSULLIVAN88 says:

      Hi Ahsan,

      You need to edit the value `upload_max_filesize` and `post_max_size` in either one of the following:

      PHP 7: /etc/opt/remi/php70/php.ini

      PHP 5: /etc/php.ini

      1. Ahsan Habib Khan says:

        yes its working. thank you so much for your quick reply.

  26. Ar1sC says:

    Im Getting error with hostname…. My Hostname is pointed with my server IP using A Record… sub.hostname.tld and http://www.sub.hostname.tld….

    1. SSULLIVAN88 says:

      If it matches and you know it’s pointed correctly, edit CentOS.sh and uncomment out line 19 and comment out line 20 so it ends up like so:


      yum clean all
      yum -y install bind-utils
      IPAddress=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
      #IPAddress=$(hostname -i)
      DigResult=$(dig @8.8.8.8 +short $vHostname)

      1. Ar1sC says:

        I get this error /etc/monit/monitrc:3: syntax error ‘port’
        probably because i typed $vSMTPPort and enter… How can I fix it?

        1. SSULLIVAN88 says:

          You need to edit file: /etc/monit/monitrc

          1. Ar1sC says:

            What do i need to change?

          2. Ar1sC says:

            Also I think i found a typo mistakee on this file https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/monitrc
            http://imgur.com/a/lcPMz
            But not sure..

          3. SSULLIVAN88 says:

            Thank you for the report. I have fixed this online.

            You’ll need to change the /etc/monit/monitrc file at the top to be something like:


            set daemon 60
            set logfile syslog facility log_daemon
            set mailserver SMTP.DOMAIN.COM port 587 username "EMAIL@DOMAIN.COM" password "PASSWORD"
            set mail-format { from: EMAIL@DOMAIN.COM }

          4. Ar1sC says:

            set mailserver SMTP.DOMAIN.COM port 587 username “EMAIL@DOMAIN.COM” password “PASSWORD”
            set mail-format { from: EMAIL@DOMAIN.COM }

            EMAIL@DOMAIN.COM
            Something like admin@domain.com ? or should i make an email only for this?

          5. SSULLIVAN88 says:

            It needs to be a real working email address and e-mail server.

          6. Ar1sC says:

            I get ERR_SSL_PROTOCOL_ERROR on this port 2812

          7. SSULLIVAN88 says:

            That’s not to do with emails.

            Send me your full monitrc details without these I cannot do anything.

          8. Ar1sC says:

            Can We Talk On The Live Chat?

          9. SSULLIVAN88 says:

            Sure

      2. Ant贸nio says:

        Hi. On the latest version what are the exact lines I have to comment and uncomment in order for the installer bypass the hostname check, since I have my DNS pointed correctly but for some reason it always says Hostname does not match IP address.

        This is how my file looks like before any edit:

        LINE 28 > IPAddress=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut$
        LINE 29 > #IPAddress=$(hostname -i)
        LINE 30 > DigResult=$(dig @8.8.8.8 +short $vHostname)

        Thanks

  27. When I’m running your script
    I receive this error :
    sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument
    net.ipv4.ip_local_port_range = 16384 65536

    Everything else works perfectly 馃槈

    1. SSULLIVAN88 says:

      Thank you for reporting.

      I’ve changed it so that there’s a TAB in-between the ranges (that’s the correct way).

      Also worth to note, sometimes some providers don’t allow you to change these values especially if you’re on a VPS but it won’t harm a system if these values are set.

  28. Ar1sC says:

    Can I Use this script on Debian?

    1. SSULLIVAN88 says:

      Sorry, not yet. 馃檨

      1. Ar1sC says:

        Will you create a Script for Debian or Ubuntu ?

  29. Loc Nguyen says:

    I can’t not install it. Can you help me please ?

    1. SSULLIVAN88 says:

      What are you having trouble with? Are there any error codes?

  30. File upload limit? Where can change it?
    I have made changes in VestaCP panel but phpinfo() shows: http://prnt.sc/f30n14

    1. SSULLIVAN88 says:

      PHP7: /etc/opt/remi/php70/php.ini

  31. Lfd service all time sends email with IP ban alert. It’s normal? Is it botnet attack?

    1. SSULLIVAN88 says:

      Can you let me know more information:

      * How many emails in a 5 minute period do you get?
      * Do the emails all contain different IP addresses?
      * What is the reason they are blocked? i.e. “sshd[24217]: pam_unix(sshd:auth): authentication failure;”

      1. – Email interval is about 30 minutes.
        – Yes. On email end has list with blocked IP address.
        – Reason is “Invalid user”, “Failed password for invalid user 0″, ” Failed password for admin”.

        Screenshot: http://prnt.sc/f2i8ek

        1. SSULLIVAN88 says:

          That looks correct to me. I get a lot of emails every minute. I’ve had over 16,000 since February.

          Your server may just be under stress at the minute. If your let CSF do its job for a while it will eventually permanently ban the IP addresses that are causing the issue which will inturn reduce the amount of emails you receive.

  32. Bill says:

    Thank you. A very brilliant script. A full working box setup in under 20 minutes.

    Not part of the script, but facing a couple of issues with WordPress though. I tried installing WP without issues, site is working fine. Copied files using Winscp. However, when I try to install a plugin from WP admin, there is a prompt asking for FTP username and pass. Guess the WP auto update is not working as well.

    I tried granting permission to nginx.niginx to the web directory, tried changing file permissions, but did not help.

    Can you please help?

    Thanks – Regards – Bill

    1. SSULLIVAN88 says:

      Hi Bill,

      Someone else has the same problem as you and it was because they uploaded WordPress as another user and/or with root access. VestaCP uses the actual user you set it up under, so if you set it up under the account named “admin” then you must chown it admin:admin — this is the same for if you set it up under the username “user20”, you must chown it user20:user20.

      I hope this helps!

      1. Bill says:

        Phew! tried with admin:admin and It worked 馃檪

        chown -R admin.admin /home/admin/web/

        This was killing me 馃檪 – Thank you very much.

        Sorting one more thing, the LetsEncrypt works cool, but, when I try to change the WP URL to www, it displays as insecure connection. Works like a charm without the www.

        Cheers

        1. SSULLIVAN88 says:

          Not a million percent sure on this one but how did you create the SSL certificate? If you used the web interface, then I’m not sure what could be wrong (if it was successful). If you used the command line, you have to add www as part of the alias as by default Vesta doesn’t put this there.

          i.e. v-add-lets-encrypt-domain user20 mydomain.com http://www.mydomain.com

          P.S. Perhaps a reboot of NGINX might help too?

          1. Bill says:

            SSL was created by your script, assigned automatically to the default host domain, which was brilliant.

            I can see the Vesta alias textbox contains the www, but for some reason it is not working.

            I am checking my domain control panel as well, just to be sure everything is pointed correctly.

            Tried the NGINX reboot, did not help. Let me try adding another domain name to VESTA and see what happens.

            Will come back and update you.

            Thanks again. Regards – Bill

          2. SSULLIVAN88 says:

            Hi @disqus_pBR8AzwZLv:disqus – by default it should be a hostname i.e. there is no www on hostnames. However, it’s a quick fix.

            Run this as root:

            v-add-letsencrypt-domain admin hostname.domain.com http://www.hostname.domain.com

            That should fix it!

          3. Bill says:

            Thank you, it worked 馃檪 – oh by the way, must say, you are awesome 馃檪

  33. Andrew Hacker says:

    Brilliant. Love this script. 2 servers setup in under an hour. But…
    can’t get monit to run on https as letsencrypt only supports ports 80 and 443. Would be great to include private cert setup in the script as well…

    Thanks for your work on this.

    1. SSULLIVAN88 says:

      Thank you @abhacker:disqus! 馃檪

      The good news is that it CAN work.The bad news is that there has to be a “hack”.

      Monit will run over SSL with LetsEncrypt however, not with Vesta’s current setup. Vesta creates a .pem file but does not include the RSA private key within that file. In order for Monit to work under SSL it needs to read one file with the certificate, RSA private key, and CA certificate (optional). Once that key and those certificates are in the file, it will read it and work. Unfortunately as LE expires once every 3 months it’s not a good idea to get this made into the script.

      The other option you suggested of creating a self-signed certificate for monit exclusively would work. We could even make sure it expires once every 10 years. I however am not one for the nasty “not secure” Google chrome shows — but in a funny way at least it means it’s secure.

  34. Ant贸nio says:

    Great work!

    If I install this today, will it install the latest version of VestaCP (v. 0.9.8-17)?

    Also anyway, to install your script, but without named/dns and mail related services. Because I host all my DNS and Mail offsite? Thanks

    1. SSULLIVAN88 says:

      Yes – it will always install the latest version of VestaCP.

      A user reported that this install by default uses around 300MB of memory: https://forum.vestacp.com/viewtopic.php?f=10&t=12802&start=40#p54098

      So the fact it installs Exim and DNS should not be a problem. Exim would be used to send out notifications from Monit and CSF.

  35. yavuzselim says:

    I am not expert about VPS. So can i use this installation for Worpress (permalink). And do i need a caching software like Redis or anything else after this installation?

    1. SSULLIVAN88 says:

      This will only install a control panel to manage all your websites, databases, emails, and DNS. Once you have installed this you’ll have to manually install WordPress by using its own installer. With this install you shouldn’t need a cache, as PHP7 is very fast however, you can install it, or use a third party WordPress plugin to speed the website up even further.

      I hope this helps!

      1. yavuzselim says:

        Thanks for reply. I will use your package with Redis cache. Good work…

Leave a Reply

Your email address will not be published. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>