NOW WORKS WITH THE NEW VERSION 0.9.8-20! 🙂
Please upgrade to VestaCP release 20. A security flaw currently affecting servers is present in release < 20. If upgrade is not yet available, please patch.
I decided to create the perfect VestaCP server installer script (in my opinion) for CentOS 7 (I have only tried it on CentOS 7). Basically, you run it, it asks a few questions and then it sets up a perfect server including CSF, Monit and PHP 7 (if you want it). Amazing, right?
THIS SCRIPT SHOULD BE USED ON A NEW SERVER. THIS SCRIPT INSTALLS VESTACP TOO.
I DO NOT ACCEPT ANY RESPONSIBILITY, SHOULD THIS SCRIPT DAMAGE YOUR SERVER.
What this VestaCP Server Installer does:
- Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.
- Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.
- Installs CSF as a Firewall with common settings.
- Asks if you want to install Softaculous.
- Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).
- Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to reduce more spam. It also prevents the server from editing the file.
- Asks you if you would like to harden the /etc/sysctl.conf file for security.
- Enables Dovecot quotas and configures Dovecot performance.
- Installs SpamAssassin rules to help prevent further spam.
- Updates the file /etc/exim/dnsbl.conf to further reduce spam.
- Updates Exim to make sure there is no delay accepting email.
- Fixes NGINX and secures it even further so you receive a A (A+ requires you enable HSTS) at Quality SSL Labs.
- Fixes PHP-FPM to use less memory and crash less often.
- Installs and configures Monit to monitor your server.
- Asks you if you want to install PHP 7. WordPress supports PHP 7.
- Makes websites use HTTP2 instead of HTTP1.1
Run the following commands to install the VestaCP Server Installer
Before installing please make sure your hostname resolves to an IP address otherwise the LetsEncrypt script won’t be able to secure your VestaCP Server Installer correctly!
wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7.sh -O ./CentOS7.sh chmod 777 ./CentOS7.sh sudo ./CentOS7.sh
Next hold tight and watch it set-up the server. It may take 15 minutes just securing the server as part of the script generates DH parameters to secure NGINX (this could take up to 1 hour on 1 core DigitalOcean VPS’s).
Right at the very end the console instructs you to reboot the server – you should.
If you’re looking for the older version for 0.9.8-17, you’ll find it here:
wget https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7-0.9.8-17.sh -O ./CentOS7.sh
I installed on a Digital ocean vps, but can’t send a email. Can u help me?
Hello Steven,
everything is great with your script, except that when i try to edit php.ini from vestaCP panel GUI i get errors, it only works if i edit php.ini manually using the shell.
I was wondering why that happens.
Thank you
Hi Maurizio,
Can you paste the errors you see and/or link a screenshot?
Thanks,
S.
Hello Steven,
it was an error from vesta but after digging a bit i found the culprit in the php.ini path
There are 2 files in the /usr/local/vesta/bin that needs to be edited to reflect the correct php.ini path (/etc/opt/remi/php70), those two files are:
v-list-sys-php-config
v-change-sys-service-config
in that last file you also need to change row 98 to: service=”php-fpm”
Now everything seems to work correctly with those fixes.
Maybe you should add it to your wonderful setup script
Hi Maurizio,
I’ve upvoted you just in case anyone else has the same problem as you (this was the first reported).
I’m unwilling to change the script to modify VestaCP’s core, as if I did, any update VestaCP releases will overwrite the file. I understand there are ways to prevent this, but that’s not a good way to handle core files.
Thanks,
S.
Hi Steve, I agree with your doubts on changing vesta-core commands. Maybe there is a more slick and consistent way to fix this issue? Actually I do not understand why v-change-sys-service-config file does not pick up the right php.ini file.
Well i’ve forgot to mention that the issue I’m (and some other users on vesta official forum) facing is with PHP7 version, maybe this not happens using an older version of PHP but i guess this is nearly jurassic now 🙂
So if you have spare time and can take a look to the weirdness of php.ini path, it would be great.
Thank you again for your great script.
Hello, excellent installer I use it a lot, but in certain cases I need to use apache.
you could please create something like that but with apache + nginx.
It would be very helpful, thank you very much for your time.
hi steven..
i already install but after that my host cannot access or ping/ssh/ftp/smtp..
but i can login vestacp via other domain (after i add other domain)
what must i do ?
help pls..Thanks
hmm…
I am getting.. Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.
I know for a fact that the hostname is resolving to an ip. Checked that many times. I also commented out the lines you recommended to someone else and still getting the error.
Is there something that can be done?
Sorry for the delay.
Change the line
IPAddress=$(hostname -i)
To be your public IP address i.e.
IPAddress=192.168.0.1
I delete one user with the domain name, after that I create a new username & added a domain, the the SSL certificate is not activated it shows ” Error: LetsEncrypt account registration 400″ , the server works fine with other new domain the problem comes with single domain which I delete recently. What should I Do ?
Try this link: https://forum.vestacp.com/viewtopic.php?f=11&t=14296
This error is related to LetsEncrypt and VestaCP – so I cannot provide support.
Hello, install the good script in another test vps, update the mariadb to 10.2.
but now the experiment does not recognize the process, apparently the file: /var/run/mariadb/mariadb.pid
it is removed or it changes location. How can it be made to work again?
greetings and thanks.
You will have to manually find the .pid file. It’s usually in the /var/run folder.
Hello, incredible script I congratulate you.
I would like to know if it is possible to install it, without DNS or EMAIL
since it does not use, for users it uses cloud and does not use emails in any way.
I
am the one that I am, I am trying to do things so as not to pay an
administrator of the servers, ultimately they are very expensive.
Thank you.
I speak Spanish, I use Google translator.
Hello,
It is possible but would need modification to different lines in the script. You may still install the script but just not use email or DNS.
Thank you very much for the quick response.
with respect to the configuration, should we configure something else? I have a wordpress site with a lot of traffic, about 60 thousand visits per day.
I do not know if no configuration can give problems with that amount of daily visits.
Nope this script installer will be able to handle this. One of the best tools you could use is a cache plugin for WordPress as this will help reduce server load. I would use WP Fastest Cache or my favortie plugin called Breeze: https://wordpress.org/plugins/breeze/
Hello, I am again, I have installed your script until now, everything is perfect, even though I have a doubt. I think the content is not forced in HTTP / 2
I see my log accesses and everything says: HTTP / 1.1
How can I solve this or what I’m missing Configuration?
Are you using HTTPS? HTTP2 is only available on HTTPS.
Sure, I have everything under HTTPS
I even thought it was strange, because in my old server I had Apache + Nginx, and there if I said HTTP / 2 in the access logs.
Do you want to tell me the domain and I will test it.
I think the
problem is cloudflare, I deactivate the cloud in cloudflare and my
access log begins to fill with records with HTTP / 2.0. When I activate it, it returns everything to HTTP / 1.1.
I’ll have to investigate more about this, do you use cloudflare? Could you try too?
https://support.cloudflare.com/hc/en-us/articles/214534978-Are-the-HTTP-2-or-SPDY-protocols-supported-between-CloudFlare-and-the-origin-server-
Network tab.
https://uploads.disquscdn.com/images/486988fc27377d4da784a042085a980eaeac31909b380f8b3a7856c852948731.png
He was always active and even then what he commits happens.
It must be something else, from CloudFlare.
Edit:
This is what happens:
https://gyazo.com/09fd4f99a2afd2d673663413c70328c5
After doing a yum update and yum upgrade i get these errors.How to fi them?
Error: Package: php-twig-1.35.3-1.el7.remi.5.4.x86_64 (remi)
Requires: php(api) = 20100412-64
Installed: php-common-5.6.32-1.el7.remi.x86_64 (@remi-php56)
php(api) = 20131106-64
Available: php-common-5.4.16-42.el7.x86_64 (base)
php(api) = 20100412-64
Available: php-common-5.4.16-43.el7_4.x86_64 (updates)
php(api) = 20100412-64
Available: php-common-5.4.16-43.el7_4.1.x86_64 (updates)
php(api) = 20100412-64
Available: php-common-5.4.45-13.el7.remi.x86_64 (remi)
php(api) = 20100412-64
Available: php-common-5.4.45-14.el7.remi.x86_64 (remi)
php(api) = 20100412-64
Error: Package: php-twig-1.35.3-1.el7.remi.5.4.x86_64 (remi)
Requires: php(zend-abi) = 20100525-64
Installed: php-common-5.6.32-1.el7.remi.x86_64 (@remi-php56)
php(zend-abi) = 20131226-64
Available: php-common-5.4.16-42.el7.x86_64 (base)
php(zend-abi) = 20100525-64
Available: php-common-5.4.16-43.el7_4.x86_64 (updates)
php(zend-abi) = 20100525-64
Available: php-common-5.4.16-43.el7_4.1.x86_64 (updates)
php(zend-abi) = 20100525-64
Available: php-common-5.4.45-13.el7.remi.x86_64 (remi)
php(zend-abi) = 20100525-64
Available: php-common-5.4.45-14.el7.remi.x86_64 (remi)
php(zend-abi) = 20100525-64
You could try using –skip-broken to work around the problem
You could try running: rpm -Va –nofiles –nodigest
To be a really perfect server, having MariaDB v10.1 would be perfect! Can you please for now provide instructions on how to update after install is made? And maybe in the future add/incorporate the MariaDB v10.1 update into your script? Keep up the good work and thanks for sharing this script!
Hi António,
You could use this tutorial: https://www.liquidweb.com/kb/how-to-upgrade-mariadb-5-5-to-mariadb-10-0-on-centos-7/
But don’t try it on a production server!
your script works very well for last few months. today I restart the server after 39 days & nginx is not starts. meanwhile csf tab is not here & notice that its version 0.9.8-18 . now what should I do to run the server nginx.
Hi Victoria,
There should be more in the error log.. That error “spdy” is just an informational message.
2018/01/17 20:27:13 [emerg] 29745#29745: unexpected “}” in /home/vicrex_82v/conf/web/mysite.com.nginx.ssl.conf:48
going to reinstall.. as mail server sont access. thank you so much for your quick support
.
Hi,
I have installed your script on google cloud VM with ram 3.7GB, 20 GB SSD strorage.
I still got the hostname changed back to the VM name everytime after rebooting, while google did not allow FQDN for VM name.
I quote point 5 “Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).”
Is it any exception for google cloud machine?
Any clue to overcome this problem?
Thank you.
Try typing the following commands as root. These commands set the hostname and then prevent the file from being modified. I think maybe Google blocks this. I don’t use Google Cloud.
Let me know if there are any error messages. Replace HOSTNAME with the hostname you tried to set-up the server with.
hostname HOSTNAME
echo HOSTNAME > /etc/hostname
chattr +i /etc/hostname
There is no error messages.
Hostname stored successfully in /etc/hostname and became not writable with chattr.
Upon rebooting the file keep unchange, but the hostname still changed back to VM name.
# hostname
VM NAME
After that I tried to also set the hostname in /etc/host and make it unwritable, and reboot again.
hostname MYHOSTNAME
echo MYHOSTNAME > /etc/hosts
chattr +i /etc/hosts
Rebooting result still same, that two files not change but hostname still changed.
Hello,
I have found this which will help. It looks like Google Cloud does not set the hostname in “normal” ways however, the following script and answer will help you:
https://stackoverflow.com/questions/25408612/google-compute-engine-how-to-set-hostname-permanently
using CentOS 7.3
Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.
I have this error …
using Scaleway Cloud Server with private and public IPs seperately …
Please Provide solution
Your public IP Address MUST resolve to the hostname. If it does, and you’re 100% sure it resolves, you can comment out line 21, and un-comment line 20 and re-run the script again. This will solve your issue.
If your public IP address doesn’t resolve, then the SSL certificate set-up will not work.
worked …thx
Hi Steven, your script has worked wonders so far thank you. Been running it for a few months.
I don’t want to mess around too much with the server but what would be the best way to activate/install the php zip archive module for this installation?
Hi Jan,
Thanks for your comment – I appreciate it!
I’m not sure which zip package you are referring to, but entering this comment:
yum install php70-php-zip
Should install what you’re looking for. You’ll need to reboot PHP-FPM afterwards.
Hi,
In the past week I have used your excelent script on 3 different VPS servers and all seems to work properly except for one thing: network speed.
In a simple way, before I run your script I always make 2 different network speed tests to ensure server is working properly. The problem is that after installation the network speed becomes very low. On one of the servers I have already disable the CSF to see if the problem was related with the firewall, but the results are the same.
Do you have any idea on what may be causing this? Can you test the bellow speed scripts on your server to see if the speed is good?
The speed tests I use are:
a) wget freevps.us/downloads/bench.sh -O – -o /dev/null|bash
b) wget –no-check-certificate bench.sh && mv “index.html” “bench.sh” && chmod +x bench.sh && ./bench.sh
Thanks!
The problem is /etc/sysctl.conf
However it is not a problem. The current config allows for fair network usage across multiple connections, thus slowing it down. If you were to allow one user utilize the entire bandwidth other users/services will see performance issues.
You would have to read up on sysctl and/or truncate the file so the server defaults.
Thanks for the explanation. All my 3 VPS host only one application and they are only used by me.
Can you tell me what are the specific sysctl.conf lines that I should comment/delete to avoid this issue? Thanks!
Hi António,
It’s been a long time since I used sysctl so I do not know the answer. I believe I used a combination of values from best practice tutorials around the Internet, but I can’t remember which values are which. You will have to research by yourself.
Ok, I understand. But since I don’t have experience optimizing sysctl.conf can you tell me what lines should I comment on your script in order to ignore the “Step 6 – Hardens the /etc/sysctl.conf file for security” to be ignored during installation?
Also I have replace the default sysctl with the one I found at: https://gist.github.com/kgriffs/4027835 and with this new config network speed issue seems to be resolved.
Comment out lines 71-78
# Harden sysctl.conf
a=”`netstat -i | cut -d’ ‘ -f1 | grep eth0`”;
b=”`netstat -i | cut -d’ ‘ -f1 | grep venet0:0`”;
if [ “$a” == “eth0” ]; then
curl https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/sysctl.conf-eth0 > /etc/sysctl.conf
elif [ “$b” == “venet0:0” ]; then
curl https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/sysctl.conf-venet0 > /etc/sysctl.conf
fi
sysctl -p
Thank you! Just one final question:
If I coment the lines 71-78 the sysctl.conf with me generated by default by VestaCP with VestaCP default values, correct? In a simple way, the sysctl.conf will be equal to a default VestaCP install using VestaCP default install script, correct?
Thanks
You are correct. It will be the default of a CentOS install as VestaCP does not edit these files.
Hi, I’ve been having a hard time loging into phpmyadmin. I am using the username and password used to create the script. I’ve tried loging in as root. No luck any suggestions?
Hi Jan,
If you’re logging in as root, it’s going to be the username root and the password you used when installing. You can find out the password of the root user by looking at the file: /usr/local/vesta/conf/mysql.conf
Yeah, that’s the thing that has been bothering me. I’ve been using those credentials. I’ve also checked the mysql.conf file and using this. But it instead of logging in or even giving me an error code the page just reloads, regardless of using the right or wrong password? Super strange.
Update: So after a bit of searching the interwebs I figured out it’s something to do with session folder that’s not writeable. Got no Idea how that happened. I found a few suggestions on fixing this. But it being your script I feel more relax following your suggestion on fixing this.
Hello
I’m using this great script without any problem. But since some days ago, my VPS kept crashing and I can only reboot it to make it available again. After inspection from the VPS provider, they said that the lfd service caused the problem. But I am not sure exactly that how to solve that. It will be crashed again soon. Can you help me ? Thank you very much !
Hi Loc,
I need more details about the spec. of your VPS (CPU, RAM, etc). Can you supply me those?
I find it hard to believe CSF crashes the VPS if the RAM is adequate. Have you checked the logs? Is CSF up-to-date?
Hi Steven
My VPS has 3GB RAM, 40 GB Storage and 3 Cores CPU. I have just updated the CSF to the latest version (v10.22) but I’m not sure if the problem has been solved or not. If possible, can you have a closer look at my system to inspect the issue ? I’m not an expert in VPS administration. I can provide you the root account to do that. Thank you very much Steven
Hi @disqus_3bJgyg8Ptd:disqus
Can you share what steps/commands did you use to update CSF to latest version? Thanks!
Hi António
If you are using this server installer script from Steven, it’s easy. Just go to the VestaCP -> CSF -> and press the Upgrade button. This button is available if there’s a new version of CSF.
Hi,
Try today to install on a new VPS and the hostname error equal to @janclaasen:disqus happen to me. I comment out the line 20 and uncomment line 19 and after that problem solved!
But i’m having another issue: SSL is not installed. The following error shows up when installing:
Error: Fetching http://server.mydomain.com/.well-known/acme-challenge/F3i7ophCTePP9QYv9x4GoHFYotc85Hxap7zb20C6BUk: Error getting validation data
sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time
…………………………….
Can you give me any advice on how to resolve this? Thanks!
Hi Antonio,
I would wait a few hours and try a fresh install. If Let’s Encrypt cannot create an SSL Certificate then it’s usually because the DNS has not properly propagated around the internet yet.
It’s strange because DNS was already changed 48 hours ago and when check on https://www.whatsmydns.net/ it shows that DNS is already propagated.
Also after the install was made I try to manually install Let’s Encrypt using a different script on this server and it worked out fine. So if the issue was due to DNS propagation it will not work with neither scripts.
Any way will wait a few more hours and test again.
You can also run the following commands to get an SSL Certificate on the hostname:
Replace HOSTNAME with your server’s hostname.
/usr/local/vesta/bin/v-add-letsencrypt-domain admin HOSTNAME
If that works as expected, then run the following to secure everything.
rm -f /usr/local/vesta/ssl/certificate.crt
rm -f /usr/local/vesta/ssl/certificate.key
ln -s /home/admin/conf/web/ssl.HOSTNAME.pem /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.HOSTNAME.key /usr/local/vesta/ssl/certificate.key
chown root:mail /usr/local/vesta/ssl/certificate.*
You will need to restart Vesta, Exim, and Dovecot.
SSL still does not work. So I have try your advice and it shows the following. Is this what you mean as work as expected? Or should I make anything different?
/usr/local/vesta/bin/v-add-letsencrypt-domain server1.mydomain.com
Usage: v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
If I try just with the domain (that is not hosted on this server) it shows the following:
/usr/local/vesta/bin/v-add-letsencrypt-domain admin mydomain.com
Error: web domain mydomain.com doesn’t exist
Thanks
Your first command should be this:
/usr/local/vesta/bin/v-add-letsencrypt-domain admin server1.mydomain.com
Hi. I made a new a clean installation and now it worked all properly! the change I made was to stop “firewalld” running the command:
systemctl stop firewalld
After that your script worked out perfect! Should I also disable firewalld from booting running the commmand:
systemctl disable firewalld
Or I can just leave it as it is? I don’t know how CSF will interact with firewalld.
Once again thanks for all your help! Great script!
You can run the command to disable it. 🙂
I am getting this errror when trying to add my hostname even though I know it’s pointing correctly to my server
Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.
Hi Jan,
Comment out line 20, and uncomment line 19. So the file looks like so:
IPAddress=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut -f1 -d’/’)
#IPAddress=$(hostname -i)
Then re-run the command – that should work.
Shot thanks!
Hi,
Again great script! Just installed on a new VPS and all looks amazing! Just 3 questions:
1- How can I enable Monit access to be forced and only by HTTPS/SSL (it can be it’s own self-signed SSL)?
2- How can I change Monit default admin password?
Thanks and Keep up the good work! I will now setup a backup mx server using your other tutorial!
Hi António,
1) You have to set this up in Monit but you cannot use the normal VestaCP SSL. You would either have to create your own, or use a self-signed certificate. Check this tutorial out: http://terraltech.com/enabling-ssl-in-monit-and-mmonit/
2) Edit the file /etc/monitrc an you’ll see where you need to change it. It’s on line 6.
Thanks a lot for the information! Just one more question:
I have installed your script on 2 different KVM VPSs and on both all went fine, and all seems to be working properly. But when checking in detail the installation log I saw the following 2 errors during instal on both servers.
sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument
sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory
Are this errors something hat I should fix or worry about? Thanks!
The “sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument” error is generated by my script.
Can you open up /etc/sysctl.conf and at the bottom change the line to:
net.ipv4.ip_local_port_range = 16384 65536
The second error you can ignore because it was made by VestaCP. it’s currently a valid error. Again, nothing to worry about!
Hi,
About the error “sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument” it’s strange because I checked my /etc/sysctl.conf ans the line: “net.ipv4.ip_local_port_range = 16384 65536” is present there. Any idea on why the error shows?
Also about the SSL error “sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory” I maybe found the solution on the thread: https://forum.vestacp.com/viewtopic.php?t=13171
I apply what it says on the last comment of that thread:
touch /usr/local/vesta/data/queue/letsencrypt.pipe
chmod 750 /usr/local/vesta/data/queue/letsencrypt.pipe
What do you think? Is this a fix for the SSL error?
Thanks!
The “ip_local_port_range”: I thought the error was due to incorrect setting, but I am not sure. It’s either wrong (I don’t think it is), or it’s because your host will not allow you to modify that setting.
Yes, the SSL fix should work. Don’t forget to set the permissions: https://forum.vestacp.com/viewtopic.php?t=13171#p60644
Hi
sorry for my issues.
I see an old Monit version installed in your script. Is it possible to install the latest version?
Or can you say how we can upgrade it, please ?
Regards
Unfortunately this is not my script — it’s the CentOS official repo that needs to be updated but they never are really once it’s flagged as stable.
You would first need to remove the monit package via yum and then install from source to get the latest version.
What features are in the new version you need?
I understand it.
I see many issues fixed in the last versions….so I asked if was possible to update it.
Thanks for your soon reply.
hi
Thanks for your script. I installed it now with php 7.
I need install mcrypt and zip php libraries. Opencart requires them…
Can you help please?
yum install php70-php-mcrypt php70-php-zip
thanks!
it is working now.
Glad I could help!
Glad I could help!
I have a very poor idea about the server management but for a nonprofit religious organization, I have to build a server. Purchased a VPS from contabo. But the issue is, with your provided script my server(24GB RAM-Full SSD) loads like a shared hosting (WordPress- woo commerce), But with server pilot its working great. but the lack of server pilot others advantages I am looking to use Vesta cp. is there any solution for increasing the page load & full utilization of CPU + Ram per visitor. Thanks
Hi Victoria. Firstly, thank you for using my script. Secondly, the speed issue could be a number of things:
Are you using PHP 7? If not, please upgrade as this will give you a speed increase almost instantly.
You might need to increase the memory usage in the php.ini file. This variable is named `memory_limit`. Don’t set it too high or you will experience a slow server when lots of visitors are on your website.
With WordPress, the best way to test the speed is by logging in, and then logging out. When you are logged out, you can browse the website as a visitor would see it. When you are logged in, it uses more server resources because you’re loading more things (such as plugins, core updates, etc).
The rest is heavily dependent upon your WordPress install. This script is optimized for smaller websites, not heavy ones. I do however use this on a very heavy WordPress + WooCommerce install with millions of hits and it runs great.
I would also advise getting some kind of cache script (only non logged in visitors will see the cached result) and the only one I would recommend is called WP Fastest Cache.
I need to increase the Max file size on phpmyadmin database import section. i use your provided vestacp .sh file to setup my server. can you please help to to increase this ? its 2MB only, I need it 50MB.
Hi Ahsan,
You need to edit the value
`upload_max_filesize`
and`post_max_size`
in either one of the following:PHP 7: /etc/opt/remi/php70/php.ini
PHP 5: /etc/php.ini
yes its working. thank you so much for your quick reply.
Im Getting error with hostname…. My Hostname is pointed with my server IP using A Record… sub.hostname.tld and http://www.sub.hostname.tld….
If it matches and you know it’s pointed correctly, edit CentOS.sh and uncomment out line 19 and comment out line 20 so it ends up like so:
yum clean all
yum -y install bind-utils
IPAddress=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
#IPAddress=$(hostname -i)
DigResult=$(dig @8.8.8.8 +short $vHostname)
I get this error /etc/monit/monitrc:3: syntax error ‘port’
probably because i typed $vSMTPPort and enter… How can I fix it?
You need to edit file: /etc/monit/monitrc
What do i need to change?
Also I think i found a typo mistakee on this file https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/monitrc
http://imgur.com/a/lcPMz
But not sure..
Thank you for the report. I have fixed this online.
You’ll need to change the /etc/monit/monitrc file at the top to be something like:
set daemon 60
set logfile syslog facility log_daemon
set mailserver SMTP.DOMAIN.COM port 587 username "[email protected]" password "PASSWORD"
set mail-format { from: [email protected] }
set mailserver SMTP.DOMAIN.COM port 587 username “[email protected]” password “PASSWORD”
set mail-format { from: [email protected] }
[email protected]
Something like [email protected] ? or should i make an email only for this?
It needs to be a real working email address and e-mail server.
I get ERR_SSL_PROTOCOL_ERROR on this port 2812
That’s not to do with emails.
Send me your full monitrc details without these I cannot do anything.
Can We Talk On The Live Chat?
Sure
Hi. On the latest version what are the exact lines I have to comment and uncomment in order for the installer bypass the hostname check, since I have my DNS pointed correctly but for some reason it always says Hostname does not match IP address.
This is how my file looks like before any edit:
LINE 28 > IPAddress=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut$
LINE 29 > #IPAddress=$(hostname -i)
LINE 30 > DigResult=$(dig @8.8.8.8 +short $vHostname)
Thanks
When I’m running your script
I receive this error :
sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument
net.ipv4.ip_local_port_range = 16384 65536
Everything else works perfectly 😉
Thank you for reporting.
I’ve changed it so that there’s a TAB in-between the ranges (that’s the correct way).
Also worth to note, sometimes some providers don’t allow you to change these values especially if you’re on a VPS but it won’t harm a system if these values are set.
Can I Use this script on Debian?
Sorry, not yet. 🙁
Will you create a Script for Debian or Ubuntu ?
I can’t not install it. Can you help me please ?
What are you having trouble with? Are there any error codes?
File upload limit? Where can change it?
I have made changes in VestaCP panel but phpinfo() shows: http://prnt.sc/f30n14
PHP7: /etc/opt/remi/php70/php.ini
Lfd service all time sends email with IP ban alert. It’s normal? Is it botnet attack?
Can you let me know more information:
* How many emails in a 5 minute period do you get?
* Do the emails all contain different IP addresses?
* What is the reason they are blocked? i.e. “sshd[24217]: pam_unix(sshd:auth): authentication failure;”
– Email interval is about 30 minutes.
– Yes. On email end has list with blocked IP address.
– Reason is “Invalid user”, “Failed password for invalid user 0″, ” Failed password for admin”.
Screenshot: http://prnt.sc/f2i8ek
That looks correct to me. I get a lot of emails every minute. I’ve had over 16,000 since February.
Your server may just be under stress at the minute. If your let CSF do its job for a while it will eventually permanently ban the IP addresses that are causing the issue which will inturn reduce the amount of emails you receive.
Thank you. A very brilliant script. A full working box setup in under 20 minutes.
Not part of the script, but facing a couple of issues with WordPress though. I tried installing WP without issues, site is working fine. Copied files using Winscp. However, when I try to install a plugin from WP admin, there is a prompt asking for FTP username and pass. Guess the WP auto update is not working as well.
I tried granting permission to nginx.niginx to the web directory, tried changing file permissions, but did not help.
Can you please help?
Thanks – Regards – Bill
Hi Bill,
Someone else has the same problem as you and it was because they uploaded WordPress as another user and/or with root access. VestaCP uses the actual user you set it up under, so if you set it up under the account named “admin” then you must chown it admin:admin — this is the same for if you set it up under the username “user20”, you must chown it user20:user20.
I hope this helps!
Phew! tried with admin:admin and It worked 🙂
chown -R admin.admin /home/admin/web/
This was killing me 🙂 – Thank you very much.
Sorting one more thing, the LetsEncrypt works cool, but, when I try to change the WP URL to www, it displays as insecure connection. Works like a charm without the www.
Cheers
Not a million percent sure on this one but how did you create the SSL certificate? If you used the web interface, then I’m not sure what could be wrong (if it was successful). If you used the command line, you have to add www as part of the alias as by default Vesta doesn’t put this there.
i.e. v-add-lets-encrypt-domain user20 mydomain.com http://www.mydomain.com
P.S. Perhaps a reboot of NGINX might help too?
SSL was created by your script, assigned automatically to the default host domain, which was brilliant.
I can see the Vesta alias textbox contains the www, but for some reason it is not working.
I am checking my domain control panel as well, just to be sure everything is pointed correctly.
Tried the NGINX reboot, did not help. Let me try adding another domain name to VESTA and see what happens.
Will come back and update you.
Thanks again. Regards – Bill
Hi @disqus_pBR8AzwZLv:disqus – by default it should be a hostname i.e. there is no www on hostnames. However, it’s a quick fix.
Run this as root:
v-add-letsencrypt-domain admin hostname.domain.com http://www.hostname.domain.com
That should fix it!
Thank you, it worked 🙂 – oh by the way, must say, you are awesome 🙂
Brilliant. Love this script. 2 servers setup in under an hour. But…
can’t get monit to run on https as letsencrypt only supports ports 80 and 443. Would be great to include private cert setup in the script as well…
Thanks for your work on this.
Thank you @abhacker:disqus! 🙂
The good news is that it CAN work.The bad news is that there has to be a “hack”.
Monit will run over SSL with LetsEncrypt however, not with Vesta’s current setup. Vesta creates a .pem file but does not include the RSA private key within that file. In order for Monit to work under SSL it needs to read one file with the certificate, RSA private key, and CA certificate (optional). Once that key and those certificates are in the file, it will read it and work. Unfortunately as LE expires once every 3 months it’s not a good idea to get this made into the script.
The other option you suggested of creating a self-signed certificate for monit exclusively would work. We could even make sure it expires once every 10 years. I however am not one for the nasty “not secure” Google chrome shows — but in a funny way at least it means it’s secure.
Great work!
If I install this today, will it install the latest version of VestaCP (v. 0.9.8-17)?
Also anyway, to install your script, but without named/dns and mail related services. Because I host all my DNS and Mail offsite? Thanks
Yes – it will always install the latest version of VestaCP.
A user reported that this install by default uses around 300MB of memory: https://forum.vestacp.com/viewtopic.php?f=10&t=12802&start=40#p54098
So the fact it installs Exim and DNS should not be a problem. Exim would be used to send out notifications from Monit and CSF.
I am not expert about VPS. So can i use this installation for Worpress (permalink). And do i need a caching software like Redis or anything else after this installation?
This will only install a control panel to manage all your websites, databases, emails, and DNS. Once you have installed this you’ll have to manually install WordPress by using its own installer. With this install you shouldn’t need a cache, as PHP7 is very fast however, you can install it, or use a third party WordPress plugin to speed the website up even further.
I hope this helps!
Thanks for reply. I will use your package with Redis cache. Good work…