Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Dev Section Modification & Patches
  • Search

[MOD] VestaCP improved Installer

Section with modification and patches for Vesta
Post Reply
  • Print view
Advanced search
8 posts • Page 1 of 1
maman
Posts: 17
Joined: Mon Aug 27, 2018 3:05 pm

Os: CentOS 4x
Web: apache
[MOD] VestaCP improved Installer
  • Quote

Post by maman » Mon Aug 27, 2018 4:59 pm

Hi,

I made my own Installer to make vestacp run smoother even on very low specs vps also hardening the server even more. With this build hopefully it will survived with all vesta exploit in the future.

What This installer do is:

1. Installs VestaCP with: Apache, MariaDB, Remi repository, iptables + Fail2ban
-) no dns (use 3rd party dns hosting such as cloudflare to hide your server ip)
-) no mail (use 3rd party mail hosting, to hide your server ip)
-) no ftp but we use SFTP so its much more safer
-) no nginx (i know a lot of people will ask why, for me too much software will increase bug and error level on the server so i tend to use as few software as possible, and I will set cloudflare as my cache server as the 1st layer)
2. Install monit (to make sure all service auto restart after crash) I dont know why vestacp doesnt include monit as built in package (they even already have the setting for monit here: http://c.vestacp.com/rhel/7/monit/)
3. install php selector
4. add swapfile (virtual memory) and it will automagically calculate the best swapfile size based on server's specs. (also make sure it reattached even after server reboot)
5. install ssh key (for additional protection please enable this, and it will only allow ssh login from ssh key, and will disable login using password, to protect you from bruteforce) You know even when you just created an instance on DO/Vultr/OVH, the first time you login into ssh, sometime it already have 'xxx failed login' GEEZ. so this is a must.
6. optimize server's max process (maxclients) based on server specs (vestacp default setting is out of mind, it is set to 200, for static content its ok but for dynamic content its crazy. lets say each process need 50 mb for wordpress the average need 80mb, so 50mb x 200 = 10G. server with 10G will also crash with this setting because theres not enough memory for other process)
7. Disable only the most dangerous php functions like exec,system,passthru,shell_exec,proc_open,popen
8. Disable admin shell (never host a site as admin, its safer to create a user to host your sites)
9. make admin panel, phpmyadmin, mysql only accessible via localhost (you can still access all of this feature by using ssh tunnel its much more safer this way)
10. automatically make backup and upload it to your dropbox every week (you need dropbox api access, but its free)

Here's the recommendation for 3rd party services:

(For DNS Hosting)
Hurricane Electric Hosted DNS
CloudFlare DNS
ClouDNS
NameCheap FreeDNS
Afraid Free DNS
NSONE.NET

(For Mail Hosting)
Zoho Mail
PawnMail
Inbox.eu
Yandex
Mail.ru


How to install:
https://github.com/erikdemarco/VestaCP-Improved

Recommended OS: CentOS7
Last edited by maman on Fri Aug 31, 2018 3:43 pm, edited 1 time in total.
Top

grayfolk
Support team
Posts: 1111
Joined: Tue Jul 30, 2013 10:18 pm
Contact:
Contact grayfolk
Website Facebook Skype Twitter

Os: CentOS 6x
Web: nginx + php-fpm
Re: [MOD] VestaCP improved Installer
  • Quote

Post by grayfolk » Mon Aug 27, 2018 6:25 pm

Not sure about daily reboot are good idea :)
Also, keep in mind about some issue while updating php version - rights to /var/lib/php/session folder will be resetted after update.

I'm sure about all updates should be carried out under the control of admin, not automatically.
Top

maman
Posts: 17
Joined: Mon Aug 27, 2018 3:05 pm

Os: CentOS 4x
Web: apache
Re: [MOD] VestaCP improved Installer
  • Quote

Post by maman » Fri Aug 31, 2018 3:45 pm

Its updated with more security features and improvements. Hope you guys like it :)
Top

mehargags
Support team
Posts: 1096
Joined: Sat Sep 06, 2014 9:58 pm
Contact:
Contact mehargags
Website Skype

Os: Debian 8x
Web: apache + nginx
Re: [MOD] VestaCP improved Installer
  • Quote

Post by mehargags » Fri Aug 31, 2018 7:54 pm

Hello Maman,
nice to see someone trying to improve. Any chance you can make this script for Debian/Ubuntu ? More seasoned and hardcore sysadmins are Debian fanatics and literally don't touch CentOS (including me).

Would love to help and try this for Debian/Ubuntu. PM me if you need a test VPS or other requirements.
Top

maman
Posts: 17
Joined: Mon Aug 27, 2018 3:05 pm

Os: CentOS 4x
Web: apache
Re: [MOD] VestaCP improved Installer
  • Quote

Post by maman » Sun Sep 02, 2018 8:28 am

Hi.

Yes it will be available on debian soon. :)

I recommend centos because its more stable overall. (just 2 cents)
Even cpanel & directadmin (big 3 control panel in my opinion) recommend centos. Cloudlinux and amazon linux also based on centos. But centos official repo update is really slow.

Is there any causes you dont want to touch centos at all?
Top

mehargags
Support team
Posts: 1096
Joined: Sat Sep 06, 2014 9:58 pm
Contact:
Contact mehargags
Website Skype

Os: Debian 8x
Web: apache + nginx
Re: [MOD] VestaCP improved Installer
  • Quote

Post by mehargags » Mon Sep 03, 2018 6:02 pm

Debian is and will always be miles ahead in stability... and things just work flawless. OS upgrades (even major releases) work like a charm, something CentOS would never be even ever close to. The Software and apps in the Debian repo are a bit outdated too... but the rigorous testing they go under ensures stability over features.

CentOS is not more stable, it is just more "used" because it is backed by RedHat and has been made more commercially viable with cPanel. Performance wise and stability wise it will never come close to Debian anyday soon.
Top

mephivio
Posts: 198
Joined: Thu Mar 27, 2014 7:35 am

Os: Debian 8x
Web: nginx + php-fpm
Re: [MOD] VestaCP improved Installer
  • Quote

Post by mephivio » Sat Jan 05, 2019 8:16 pm

Hi
Is your Debian copy in the way ?
Great work !
Top

huloza
Posts: 32
Joined: Thu Jul 28, 2016 5:15 am

Re: [MOD] VestaCP improved Installer
  • Quote

Post by huloza » Fri Jan 25, 2019 2:58 am

hi, why you disable open_basedir in template ?

thanks
Top


Post Reply
  • Print view

8 posts • Page 1 of 1

Return to “Modification & Patches”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password