How to install VestaCP on Ubuntu or CentOS

By Posted on

How to install VestaCP on Ubuntu or CentOS

How to install VestaCP on Ubuntu or CentOS

Introduction

VestaCP is a free and open-source hosting control panel designed for managing web servers, DNS, mail, and databases through an intuitive web interface. It supports popular software like Apache, Nginx, PHP, MySQL, Exim, and Dovecot.

This comprehensive guide will walk you through installing VestaCP from scratch on a freshly installed Ubuntu 20.04/22.04 or CentOS 7 server. We will cover each step in detail to get VestaCP fully configured and ready to manage hosting accounts.

Prerequisites

  • A freshly installed Ubuntu 20.04/22.04 or CentOS 7 server.
  • Root access to the server.
  • A registered domain name (optional, but recommended for mail server configuration).

Step 1 – Install Required Packages

First, we need to install some essential packages that VestaCP requires to function correctly.

For Ubuntu 20.04/22.04

Run the following commands to install curl, nano, htop, and wget:

$ sudo apt update
$ sudo apt install curl nano htop wget -y

For CentOS 7

Run the following commands to install curl, nano, htop, and wget:

$ sudo yum install epel-release -y
$ sudo yum update
$ sudo yum install curl nano htop wget -y

These packages provide helpful tools for downloading files, editing configurations, monitoring processes, and more.

Step 2 – Disable Apache/Exim

If Apache and Exim are installed by default, we need to remove them before installing Nginx and Postfix.

For Ubuntu 20.04/22.04

$ sudo apt remove apache2* exim4* -y
$ sudo apt purge apache2* exim4* -y
$ sudo rm -rf /etc/apache2 /etc/exim4

For CentOS 7

$ sudo yum remove httpd* exim -y
$ sudo rm -rf /etc/httpd /etc/exim

This completely removes those packages from the system to avoid conflicts.

Step 3 – Download the VestaCP Installer

Now, we will download the latest release of the VestaCP automatic installer script.

Run this command on both Ubuntu and CentOS to download the script:

$ curl -O http://vestacp.com/pub/vst-install.sh

Step 4 – Install VestaCP

We will now run the installer script to install VestaCP with the components we need.

On Ubuntu 20.04/22.04 run:

$ sudo bash vst-install.sh --nginx yes --apache no --phpfpm yes --named yes --remi no --vsftpd yes --proftpd no
--iptables yes --fail2ban yes --quota no --exim no --dovecot yes --spamassassin yes --clamav yes --softaculous no
--mysql yes --postgresql no --hostname yourdomain.com --email <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1372777e7a7d536a7c6661777c7e727a7d3d707c7e">[email&#160;protected]</a> --password myPassword1!

Explanation of the main options:

  • --nginx: Install and configure Nginx web server
  • --apache: Do not install Apache
  • --phpfpm: Install PHP-FPM for processing PHP pages
  • --named: Install BIND for DNS server
  • --remi: Not needed on Ubuntu
  • --vsftpd: Install Very Secure FTP daemon
  • --iptables: Configure firewall with iptables
  • --fail2ban: Install fail2ban for intrusion prevention
  • --quota: Not installing quota management
  • --exim: Do not install Exim mail server
  • --dovecot: Install Dovecot POP3/IMAP server
  • --spamassassin: Install SpamAssassin antispam protection
  • --clamav: Install ClamAV antivirus scanning
  • --mysql: Install MySQL server

On CentOS 7 run:

$ sudo bash vst-install.sh --nginx yes --apache no --phpfpm yes --named yes --remi yes --vsftpd yes --proftpd no
--iptables yes --fail2ban yes --quota no --exim no --dovecot yes --spamassassin yes --clamav yes --softaculous no
--mysql yes  --postgresql no --hostname yourdomain.com --email <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7110151c181f31081e0403151e1c10181f5f121e1c">[email&#160;protected]</a> --password myPassword1!

The only difference is we add --remi yes to enable the Remi repository for latest PHP on CentOS.

The installer will now run and install all the components and configure them automatically. This may take between 5-15 minutes depending on your server’s internet connection speed.

When it completes, take note of the admin URL, username and password given at the end. We will use those to login to VestaCP.

Step 5 – Log in to VestaCP Admin Panel

To access the VestaCP admin panel, simply open the URL printed at the end of the installer in your web browser:

https://yourdomain.com:8083

Enter the admin username and password provided.

You will then be greeted with the VestaCP dashboard.

The default admin username is admin.

Step 6 – Securing Access to VestaCP

By default, VestaCP allows login via HTTP which is insecure. We will now configure SSL and block HTTP access.

Activate SSL (HTTPS Access)

Go to the Web tab and SSL subsection in VestaCP. Select your domain and choose Let's Encrypt as the SSL Provider. Check the box for SSL and change the port to 443. Save changes.

VestaCP will now install an SSL certificate for your domain issued by Let’s Encrypt and activate it. This may take a few minutes.

Once active, access VestaCP at the new HTTPS URL:

https://yourdomain.com

Log back in to confirm it works.

Block HTTP Access

To prevent unsecured HTTP access, you need to disable port 80 and save firewall rules in VestaCP:

Web Tab -> Firewall

  • Remove the rule allowing inbound traffic on port 80 (HTTP).
  • Ensure you have a rule allowing inbound traffic on port 443 (HTTPS).

You should now only be able to access VestaCP at the HTTPS URL.

Step 7 – Add Hosting Packages

We can now start adding hosting packages that can later be assigned to user accounts.

Go to the Packages tab and click Add New Package

Let’s create a basic shared hosting package with the following options:

  • Package Name: Basic
  • Disk Quota: 10 GB
  • Bandwidth: 100 GB
  • Domains: 5
  • Databases: 5
  • Mail Accounts: 5
  • Cron Jobs: 5

Click Save to add the package.

Create additional packages based on the resources you want to assign to user accounts.

Step 8 – Add Hosting User Accounts

Now we can start creating hosting accounts and assigning them packages we created earlier.

Go to the Users tab and click Create User

For the first account, use these sample details:

  • Username: testuser
  • Password: SomeSecurePassword1!
  • Email: [email protected]
  • Package: Basic

Click Create User to add the account.

This will automatically create all the required directories, databases, email accounts and configurations for the hosting account based on the allocated package limits.

You can repeat to create more accounts.

Step 9 – Configure Nameservers in VestaCP

In order for your domain names to point to this server, you need to configure the nameservers in VestaCP.

DNS Tab -> Domain -> Add Domain

Simply enter your registered domain name, for example:

yourdomain.com

Save changes.

This will automatically generate the default nameservers for your server:

ns1.yourdomain.com
ns2.yourdomain.com

You can create A records for your domain and sub-domains here as well.

Step 10 – Change Nameservers at Domain Registrar

Login to your domain name registrar account and update the nameservers to point to:

ns1.yourdomain.com
ns2.yourdomain.com

This will delegate DNS control for your domain to the VestaCP server. Propagation may take between 2-24 hours to fully take effect.

Your VestaCP server is now the official nameserver for domains you own.

Step 11 – Configure Mail Services

Now that we have hosting accounts set up, let’s configure the mail services to send and receive emails properly.

Configure Postfix for Sending Emails

VestaCP uses Postfix for sending outgoing emails. We need to specify the hostname and domains it will handle.

Go to:

Mail Tab -> Mail Server -> Configure Mail Server

  • Hostname: yourdomain.com
  • Domains: Add any domains you want to send email from

Save changes and restart Postfix when prompted.

This allows Postfix to accept outbound mail for those domains which will be sent to other mail servers.

Configure Dovecot POP3/IMAP Service

Dovecot is used to allow receiving and retrieving emails through POP3 and IMAP protocols.

Go to:

Mail Tab -> Mail Server -> Configure Mail Server

  • Enable POP3: Yes
  • Enable IMAP: Yes

Save changes and restart Dovecot when prompted.

Enabling those protocols allows users to check email with any email client.

Configure SpamAssassin

SpamAssassin will process incoming emails to detect and tag spam. Enable it under the Mail tab:

Mail Tab -> SpamAssassin -> Activate SpamAssassin

Save changes and restart SpamAssassin.

Emails detected as spam will now be tagged in the subject line for users.

Configure ClamAV Antivirus Scanning

ClamAV provides antivirus protection for incoming emails. Enable it via:

Mail Tab -> ClamAV -> Activate ClamAV

Save changes and restart ClamAV.

Emails with detected viruses can configured to be rejected, deleted or simply flagged.

Step 12 – Configure Backup Service

It is critical to setup automated backups that run regularly in case disaster strikes. VestaCP has built-in backup capabilities.

Go to:

Backup Tab -> Backup & Restore -> Add Backup Job

Create a backup job with these settings:

  • Backup Frequency: Daily
  • Backup Time: 02:00
  • Backup Suspend: No
  • Backup Files: All
  • Backup Databases: All
  • Backup Mail: All
  • Backup DNS: All
  • Compression: Yes

This will backup websites, DNS zones, mail accounts and databases on a daily basis and store them locally compressed.

You should also setup offsite backups to a remote server.

Step 13 – Install SSL/TLS Certificates

To configure HTTPS access for your hosting accounts, you need to install SSL/TLS certificates.

VestaCP makes it easy to add free Let’s Encrypt SSL certs.

Simply go to:

SSL Tab -> Let’s Encrypt

Then enter each domain name you want on its own line and click Issue SSL Cert.

Let’s Encrypt will automatically validate domain ownership and generate the certificates which will be automatically configured for the domains in VestaCP.

Very easy!

Conclusion

That covers a complete installation guide of VestaCP on Ubuntu and CentOS.

Some key takeaways:

  • VestaCP is a powerful, free, and open-source hosting control panel.
  • It supports a wide range of services, including web, DNS, mail, and databases.
  • The installation process is relatively straightforward, but requires careful attention to detail.
  • Securing your VestaCP installation with SSL and proper firewall rules is crucial.
  • Regular backups are essential for disaster recovery.

With VestaCP installed, you now have a platform that can power hosting for potentially thousands of users while providing reliability, security and ease of use.

Alternative Solutions for Server Management

While VestaCP offers a convenient way to manage a server, other solutions are available that might better suit specific needs. Here are two alternative approaches:

1. Using a Configuration Management Tool (Ansible, Chef, Puppet)

Configuration management tools like Ansible, Chef, and Puppet automate server provisioning and configuration. Instead of a GUI-based control panel, you define the desired state of your server in code (Infrastructure as Code – IaC). This approach offers several advantages:

  • Automation: Automates repetitive tasks, reducing manual errors and saving time.
  • Idempotency: Ensures that applying the same configuration multiple times results in the same state.
  • Version Control: Configurations can be stored in version control systems like Git, enabling tracking of changes and easy rollbacks.
  • Scalability: Easily manage multiple servers with consistent configurations.

Example using Ansible:

This example demonstrates installing Nginx on an Ubuntu server using Ansible.

Create a file named nginx.yml with the following content:

---
- hosts: all
  become: true
  tasks:
    - name: Update apt cache
      apt:
        update_cache: yes
    - name: Install nginx
      apt:
        name: nginx
        state: present
    - name: Start nginx
      service:
        name: nginx
        state: started
        enabled: yes

Explanation:

  • hosts: all: Specifies that the playbook should be executed on all hosts defined in your Ansible inventory.
  • become: true: Indicates that tasks should be executed with elevated privileges (sudo).
  • tasks: A list of tasks to be executed.
  • apt: An Ansible module for managing APT packages on Debian/Ubuntu systems.
  • service: An Ansible module for managing services.

To run this playbook, you would need to have Ansible installed and configured, and an inventory file that defines the target servers. Then, execute the following command:

ansible-playbook nginx.yml

This command will connect to the server, update the package cache, install Nginx, and start the service.

Elaboration:

While requiring a steeper learning curve than a GUI-based control panel, configuration management tools offer superior control, automation, and scalability for managing servers. This approach is particularly beneficial for managing complex infrastructures and ensuring consistency across multiple servers. You can manage all the components that VestaCP installs using Ansible, Chef, or Puppet. This provides a highly customizable and maintainable solution.

2. Using a Containerization Platform (Docker, Kubernetes)

Containerization platforms like Docker and Kubernetes allow you to package applications and their dependencies into containers, which can then be deployed and managed consistently across different environments. This approach offers several benefits:

  • Isolation: Containers provide isolation between applications, preventing conflicts and ensuring that each application has its own dependencies.
  • Portability: Containers can be easily moved between different environments, from development to production.
  • Scalability: Container orchestration tools like Kubernetes allow you to easily scale your applications by deploying multiple instances of containers.
  • Resource Efficiency: Containers share the host operating system kernel, making them more resource-efficient than virtual machines.

Example using Docker:

To run a simple Nginx web server in a Docker container, you would use the following Dockerfile:

FROM nginx:latest
EXPOSE 80

Explanation:

  • FROM nginx:latest: This line specifies the base image to use for the container. In this case, it’s the latest version of the official Nginx image from Docker Hub.
  • EXPOSE 80: This line exposes port 80 on the container, allowing it to receive HTTP traffic.

Build the image using the following command:

docker build -t my-nginx .

Run the container using the following command:

docker run -d -p 80:80 my-nginx

Explanation:

  • docker run: The command used to run a Docker container.
  • -d: Runs the container in detached mode (in the background).
  • -p 80:80: Maps port 80 on the host machine to port 80 on the container.
  • my-nginx: The name of the Docker image to use.

You can then access the Nginx web server by opening your web browser and navigating to http://localhost.

Elaboration:

Containerization provides a modern and flexible approach to server management. By containerizing applications, you can simplify deployment, improve resource utilization, and enhance scalability. Kubernetes builds on Docker by providing orchestration capabilities, such as automated deployment, scaling, and management of containerized applications. Instead of managing the entire server environment like VestaCP, you focus on managing individual application containers. This allows for a more granular and efficient approach to server management. You can deploy web applications, databases, and mail servers as separate containers, making them easier to manage and scale independently.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *