We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Server Optimization / Security tips
Server Optimization / Security tips
Hey all,
I thought there could be a thread were everybody could post optimization / security tips for VestaCP servers.
It would be great to have this thread sticky.
So on new server install i ussually do:
After that follows install:
if you get error message, use:
After installation what i recommend doing:
/etc/php.ini increase post_max_size and upload_max_filesize to somewhat 200MB
/etc/services change SSH ports from 22 to some more than 1024 (fail2ban uses this file)
/etc/ssh/sshd_config uncomment and set port you have set above.
/etc/nginx/nginx.conf increase proxy_read_timeout to something like 500
/etc/exim/exim.conf add disable_ipv6=true (if your system does not support ipv6)
/etc/httpd/httpd.conf at the bottom add
Open firewall tab in vesta panel, and edit SSH port.
Add Allow 12000-12100 port range for Passive FTP too.
Usually i tweak backup days. To make backups everyday is not very good idea.
To change that open Cron tab and edit sudo /usr/local/vesta/bin/v-backup-users
I add 0, 2, 4 in day of week field, for Sunday, Tuesday and Thursday backups.
Now you should restart server for all changes to take place.
Tips:
If you don't like /var/log/messages spammed with rejected DNS queries,
open /etc/named.conf and add
To enable automatic System updates on Centos 6 (not vesta updates)
I thought there could be a thread were everybody could post optimization / security tips for VestaCP servers.
It would be great to have this thread sticky.
So on new server install i ussually do:
Which removes not needed packages and updates system.yum remove httpd bind-9 httpd-tools
su -c 'yum update'
After that follows install:
Some servers will still have BIND installed,curl -O http://vestacp.com/pub/vst-install.sh
bash vst-install.sh
if you get error message, use:
Today when installing a new server i got error:bash vst-install.sh --force
So as a temp fix i have openened /etc/dovecot/dovecot.conf and added "ssl = no" after installation remove this line.Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
After installation what i recommend doing:
/etc/php.ini increase post_max_size and upload_max_filesize to somewhat 200MB
/etc/services change SSH ports from 22 to some more than 1024 (fail2ban uses this file)
/etc/ssh/sshd_config uncomment and set port you have set above.
/etc/nginx/nginx.conf increase proxy_read_timeout to something like 500
/etc/exim/exim.conf add disable_ipv6=true (if your system does not support ipv6)
/etc/httpd/httpd.conf at the bottom add
Which will disable server info.ServerSignature Off
ServerTokens Prod
Open firewall tab in vesta panel, and edit SSH port.
Add Allow 12000-12100 port range for Passive FTP too.
Usually i tweak backup days. To make backups everyday is not very good idea.
To change that open Cron tab and edit sudo /usr/local/vesta/bin/v-backup-users
I add 0, 2, 4 in day of week field, for Sunday, Tuesday and Thursday backups.
Now you should restart server for all changes to take place.
Tips:
For real time Apache monitoring
If you don't like /var/log/messages spammed with rejected DNS queries,
open /etc/named.conf and add
Code: Select all
logging {
category security { null; };
};
yum -y install yum-cron
chkconfig yum-cron on
service yum-cron start
chkconfig yum-cron on
Re: Server Optimization / Security tips
We have sticky topic now, but it'll be great if info will be updated (new topic I think).sim wrote: I thought there could be a thread were everybody could post optimization / security tips for VestaCP servers.
It would be great to have this thread sticky.