Skip to main content

Posts

Showing posts with the label VestaCP

How to install development tools on Debian or Ubuntu 16.04 LTS ?

Development tools are required to install on your system if you have planned to build software. It’s also useful for building packages on your system. To install development tools on a server running Debian or Ubuntu, follow these steps: # apt-get update -y # apt-get install build-essential # apt-get install autoconf automake gdb git libffi-dev zlib1g-dev libssl-dev # sudo apt install libcurl4-gnutls-dev libxml2-dev # reboot If you want to install R Packages using DevTools, Follow the below Link: https://www.digitalocean.com/community/tutorials/how-to-install-r-packages-using-devtools-on-ubuntu-18-04

VestaCP Tweaks : Vesta Dashboard Customization

VestaCP is a free and Best hosting control panel ever i used. Very fast and light weight control than others Control Panel. I am using Ubuntu 16.04 LTS. In today’s guide, I’m going to show you some customization for your Branding purposes But this is not recommended by VestaCP.   1. How to Change Default Index Page ? Default Index page Location: # vi /usr/local/vesta/data/templates/web/skel/public_html/index.html 2. Change Default Page using Gist :  https://gist.github.com/pitch-gist/2999707  3. Create php info page to collect PHP information <?php // Show all information, defaults to INFO_ALL phpinfo(); ?> 4. Rename apache2 default index page [  Don't restart apache2, because we are using nginx  # service apache2 restar t [Don't restart apache2] # mv /var/www/html/index.html /var/www/html/index.html.old # cp -a /usr/local/vesta/data/templates/web/skel/public_html/index.html /var/www/html/ 5. Change Vesta Admin Port # vi /usr/local/vesta/nginx/conf/nginx....

How to Configure Browser Caching for Nginx?

The first time you visit a domain, these files are downloaded and stored in the browser’s cache. On subsequent visits, the browser can serve the local versions instead of downloading the files again. This enables the web page to load much faster as it only needs to retrieve the data that has changed since the last visit. It offers a much better experience for users and is the reason Google’s PageSpeed Insights recommends that it be implemented. You will add a small piece of code that will tell browsers to store CSS, JavaScript, images, and PDF files in their cache for a period of seven days or max. Insert the following snippet inside the server block directly after the previous code for Gzip compression: # vi /home/admin/conf/web/mail.datahead.biz.nginx.ssl.conf location ~* ^.+\.(3gp|gif|bmp|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ { expires max; ad...

How to enable GZIP compression to increase PageSpeed Score for Nginx?

Gzip is a popular compression algorithm and format on the web. Gzip requires browser support, but you don’t have to worry because most popular browsers have support for it. Although Instructions to enable Gzip varies with different web servers, they are still very similar.  Here’s how Gzip works with Nginx: Now add the following Code to your Nginx Configuration file or you can add it to your vhost domain # Compression gzip gzip on; gzip_vary on; gzip_comp_level 6; gzip_min_length 512; gzip_buffers 8 64k; gzip_types application/atom+xml application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/xml+rss application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/png image/svg+xml image/x-icon image/gif image/jpeg text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location....

How to Install Vesta Plugin "Tools" ?

A found a plugin for VestaCP named "Tools" . This tool currently lets you view all the users, mail domains, cron jobs, databases, and more in one global view without having to login to each individual user. # wget https://raw.githubusercontent.com/SS88UK/VestaCP-Tools-Plugin/master/Install_Tools.sh -O ./Install_Tools.sh # chmod 777 ./Install_Tools.sh # sudo ./Install_Tools.sh Open the Configuration file and Add the Following Code that mentioned snapshot # vi /usr/local/vesta/web/templates/admin/panel.html Source Details: https://forum.vestacp.com/viewtopic.php?t=12819

How to Strengthening Nginx Security and Website Security Headers with SSL?

Using a SSL certificate that doesn't mean you are secure, but there is a lot more to Strengthening Web Site Security. Whilst most people are happy with just having their site running under SSL after successfully figuring out how certbot and Let’s Encrypt works. Strengthening Web Site Security is very easy as it only requires you to set up what is called a Content Security Policy (CSP). What a Content Security Policy does is tell a browser what external resources can be loaded within your site without being regarded and Non-Secure Origins. It’s an essential part of good security especially when it comes to SSL. But Strengthening Web Site Security does not stop there as there are additional server headers that need to be implemented to prevent cross browser sniffing, people loading parts of your site with a frame in their site and what is called an XSS header which prevents cross scripting attacks from browsers and then also a strict transport security header call...

How to Change Admin Port for Vesta Admin Control Panel?

I will show you  how to change the default Vesta port from port 8083 to port 2087. You could change your port number to any other number. I will use 2087 port because Cloudflare  supports that port in their free subscription. So I can protect my server from DDOS Attack using Cloudflare Free Subscription. In brief the steps to change your port are: Add the new port(2087) on VestaCP firewall Edit Nginx to Listen to the new port Restart vesta Delete the old port, 8083 . I am not using VestaCP firewall, I am using CSF firewall to my Vesta Control Panel. So I not showing you Step 1. 2.Edit Nginx to Listen to the new port # vi /usr/local/vesta/nginx/conf/nginx.conf

How to enable http2 and Secure Server FQDN for VestaCp in Ubuntu 16.04 L.T.S?

We have already secure nginx and vesta-nginx using Let's Encrypt SSL in our previous tutorial. Now it is very important to secure Server FQDN where my Server FQDN is mail.datahead.biz. At first I will enable http2   then i will redirect all http request to https . 1. At first Enable http2 in server block # vi /home/admin/conf/web/mail.datahead.biz.nginx.ssl.conf server { listen 192.146.82.3:443 ssl http2; server_name mail.datahead.biz ; server_tokens off; root /home/admin/web/mail.datahead.biz/public_html; index index.php index.html index.htm; access_log /var/log/nginx/domains/mail.datahead.biz.log combined; access_log /var/log/nginx/domains/mail.datahead.biz.bytes bytes; error_log /var/log/nginx/domains/mail.datahead.biz.error.log error; #ssl on; ssl_certificate /home/admin/conf/web/ssl.mail.datahead.biz.pem; ssl_certificate_key /home/admin/conf/web/ssl.mail.datahead.biz.key; 2. Redirect all ht...

How to Harden Vesta Nginx with Let's Encrypt SSL Certificate ?

Nginx 1.17.10 working as a reverse proxy for Vesta Admin Control Panel where it is installed as nginx-vesta. You can check the vesta-nginx version: # /usr/local/vesta/nginx/sbin/vesta-nginx -v nginx version: nginx/1.12.2 Vesta Nginx Location # cd /usr/local/vesta/nginx Take Backup vesta-nginx configuration file # cd /usr/local/vesta/nginx/conf # cp -a nginx.conf nginx.conf-bak 1. Replace the below code  # vi /usr/local/vesta/nginx/conf/nginx.conf # SSL PCI Compliance ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_session_cache shared:SSL:10m; ssl_prefer_server_ciphers on; With # SSL Settings #ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2 ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 #ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ciphers E...

How to Harden Nginx with Let's Encrypt SSL Certificate and get A+ Score from Qualys Lab ?

I have written those article previously for CentOS Web Panel for both Nginx + Varnish + Apache + PHP-FPM & Apache server only. Source Details: 1.  Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working 2.  Install Let'sEncrypt for Admin Panel & User Panel Again, 100% Working My Certificate Score after SSL hardening: There are some changes needed for both article that i mentioned above. I will do it later for CentOS Web Panel. Now I have started to like VestaCP which is very lightweight control panel and It has many templates based on nginx for many CMS. I am using Nginx+PHP-FPM on Ubuntu 16.04 L.T.S . I have added 4096 bits Let's Encrypt SSL for VestaCP Admin Panel which is working perfectly and no warning getting from any browser. Article :  How to Configure 4096 bits Let's Encrypt SSL for VestaCP Control (Admin) Panel? Using a SSL certificate that doesn't mean you are secure . You have to harden(secure) your SSL configu...

How to Configure 4096 bits Let's Encrypt SSL for VestaCP Control (Admin) Panel?

VestaCP uses self-sign certificates for VestaCP control panel for login url and you will get warning from your browser. We will generate 4096 bits Let's Encrypt SSL VestaCP Control Panel. It's very easy process to generate the SSL certificate for VestaCP Control Panel. We will link the SSL certificate for Server FQDN that will use for login to VestaCP Control Panel. # mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.crt.old # mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate.key.old # ln -s /home/admin/conf/web/ssl.mail.datahead.biz.pem /usr/local/vesta/ssl/certificate.crt # ln -s /home/admin/conf/web/ssl.mail.datahead.biz.key /usr/local/vesta/ssl/certificate.key # reboot

Part 1: VestaCP Basic Configuration after Fresh Installation

We need to change some basic configuration after VestaCP successfully installation. There are four default Packages in vestacp as follow :  default, gainsboro, palegreen, slategrey . 1. Change the Name Servers on each packages as per your needs where my name server are  ns1.datahead.biz &  ns2.datahead.biz 2. Create a package as per your needs 3. Change admin password and set SSH Access to nologin 4. Delete alias for Server FQDN 5. Configure DNS for Server FQDN 6. Delete Default database and user from PhpMyAdmin 7. Configure Authoritative DNS from your domain panel

How to Update & Upgrade APT on Ubuntu 16.04 LTS?

You should first run update , then upgrade . Neither of them automatically runs the other. apt update updates the list of available packages and their versions, but it does not install or upgrade any packages. apt upgrade actually installs newer versions of the packages you have. After updating the lists, the package manager knows about available updates for the software you have installed. This is why you first want to update. Additionally, you can use apt update && apt upgrade to do both steps after each other. # apt update && apt upgrade

How to Disable AppArmor in Ubuntu 16.04 LTS ?

AppArmor is a kernel enhancement to confine programs to a limited set of resources. AppArmor's unique security model is to bind access control attributes to programs rather than to users. AppArmor confinement is provided via profiles loaded into the kernel via apparmor_parser, typically through the /etc/init.d/apparmor SysV initscript (on Ubuntu, Follow the below link for details), which is used like this: # /etc/init.d/apparmor start # /etc/init.d/apparmor stop # /etc/init.d/apparmor restart # sudo apparmor_status AppArmor can operate in two modes: enforcement, and complain or learning: enforcement - Profiles loaded in enforcement mode will result in enforcement of the policy defined in the profile as well as reporting policy violation attempts to syslogd. complain - Profiles loaded in "complain" mode will not enforce policy. Instead, it will report policy violation attempts. This mode is convenient for developing profiles. To manage complain mode for i...

How to Configure Chrony NTP Server on Ubuntu 16.04 LTS?

Since Ubuntu 16.04 timedatectl / timesyncd (which are part of systemd) replace most of ntpdate / ntp.  timesyncd is available by default and replaces not only ntpdate, but also the client portion of chrony (or formerly ntpd). So on top of the one-shot action that ntpdate provided on boot and network activation, now timesyncd by default regularly checks and keeps your local time in sync. It also stores time updates locally, so that after reboots monotonically advances if applicable. Accurate time keeping is important for a number of reasons in IT. This setup is the best practice that helps with problem diagnosis and informal server monitoring. I am living in Asia that's why i'm using this pool. Install Chrony and Configure The NTP server: # sudo apt install chrony # vi /etc/chrony/chrony.conf #pool 2.debian.pool.ntp.org offline iburst server 0.asia.pool.ntp.org iburst server 1.asia.pool.ntp.org iburst server 2.asia.pool.ntp.org iburst server 3.asia.pool.ntp.org iburst...

How to Disable Network Manager and Configure static IP address on Ubuntu 16.04 LTS?

Static configurations usually need IP addresses as well as DNS resolvers plus routing. In this tutorial, we will cover Linux static configuration on Ubuntu 16.04. Note: We have three(03) networking interfaces including  loopback(lo) etho0 = ipv4 eth1 = private LAN &  eth2 = ipv6 . Step 1. Edit the /network/interfaces file # vi /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 94.37.87.2XX netmask 255.255.252.0 gateway 94.37.X.1 dns-nameservers 8.8.8.8 8.8.4.4 dns-search datahead.biz auto eth1 iface eth1 inet dhcp auto eth2 iface eth2 inet6 auto Step 2. Restart the networking service (or reboot) Once you are confident the change has been made, and if you don’t want to reboot you can just restart the networking service. # sudo /etc/init.d/networking restart After doing this, and provided you don’t get any errors, your primary network interface should now be configured wi...

How to Configure Hostname Permanently on Ubuntu 16.04 LTS?

A hostname is a label that identifies a machine on the network. You shouldn’t use the same hostname on two different machines on a same network..You might ask yourself why you would need to change your hostname? The most common scenarios would be due to a domain name change, your business has changed its course, or because you have thought of something better. The hostname is used by many of the networking programs (such as sendmail, Apache servers) to identify the machine. By default, your server is started with the server’s given name as the hostname. Some software, such as cPanel, CWP , VestaCP requires a valid Fully Qualified Domain Name (FQDN) for the hostname. Types of hostnames (The hostname can be configured as follows): Static host name assigned by sysadmin. For example, “server1”, “wwwBot2”, or “host.datahead.biz”. Transient/dynamic host name assigned by DHCP or mDNS server at run time. Pretty host name assigned by sysadmin/end-users and it is a free-form UTF8 ho...

How to Disable/Remove Firewalld/UFW/fail2ban on Ubuntu 16.04 LTS ?

There are many Open Source Hosting Control Panel comes with predefined firewall. VestaCP uses Iptables+Fail2ban . But sometimes the UFW firewall is the default firewall that ships standard with the Ubuntu Linux Distribution. UFW stands for Uncomplicated Firewall. We are removing ufw because we will use CSF (ConfigServer Security & Firewall :- requires correct iptables configuration on host server) , So We will not remove default IPtables . To enable the ufw firewall, open a new Terminal window and execute the following command: # sudo ufw enable To disable the ufw firewall, open a new Terminal windows and execute the following command: # sudo ufw disable To view the status of the ufw execute the below command: # sudo ufw status To remove UFW completely # sudo apt remove --auto-remove ufw # sudo apt purge ufw # sudo apt purge --auto-remove ufw # sudo apt remove ufw How to remove firewalld from Ubuntu 16.04 (Xenial Xerus)? Uninstall firewalld To remove just firew...

How to Upgrade PHP 5.6 to PHP 7.3.x Stable Release on CentOS 7 for VestaCP ?

In this tutorial I’ll show you how to upgrade from PHP 5.6.x to PHP 7.3.x , I’ve tested on production server before writing this tutorial and its just working fine without any issue.  Now go to yum repo directory and Check  remi repo is available for php73 Note: If you want use Presta 1.7.5 then use PHP 7.2 , Details : Link 1 For Apache : update to PHP 7.2.x & MariaDB 10.1 For NGINX : update to PHP 7.2.x & MariaDB 10.1 Go to Yum Directory: # cd /etc/yum.repos.d # ll Now install yum-utils, a group of useful tools that enhance yum’s default package management features. Yum-utils can be used for manipulating package repositories and additional package management operations such as enabling or disabling packages without any manual configuration by a system administrator. You can install it as follows: # yum install yum-utils In this step, you need to enable Remi repository using yum-config-manager utility, as the default repository for installing PHP. # yum...

How to Upgrade MariaDB 5.5 to MariaDB 10.1 Stable Release on CentOS 7 for VestaCP ?

By Default VestaCP will install old base version of Mariadb 5.5 when installing on Centos 7 . I am using VestaCP with Version: 0.9.8 (x86_64), Release: 23 5.5.60-MariaDB - MariaDB Server PHP version: 5.6.40 In this tutorial we are going to show you how to upgrade MariaDB 5.5 to MariaDB 10.1 latest stable version. You will need to have root access to the machine, where you will be performing the upgrade. Note that if you are running earlier version of MariaDB the recommended course of upgrading is by going through each version. For example MariaDB 5.1 -> 5.5 -> 10.1. Clean all yum cache & update yum # yum clean all # rm -rf /var/cache/yum # yum update -y Step 1: Backup or Dump All MariaDB Databases As always when performing an upgrade creating backup of your existing databases is important. You can either dump the databases with command such: # mysqldump -u root -pPassbMUs1Pbu --all-databases > /tmp/all-database.sql Or alternatively, you can stop the M...