If you have recently purchased a Cloud Server or VPS and you do not have experience with managing a Linux Server, this guide will be very useful for you. VestaCP is an open source control panel to manage a Linux Server. It is a free alternative to cPanel or Plesk. It provides a powerful graphical user interface through which we can deploy and manage services with just few clicks.
VestaCP is widely used for deploying web servers. The default VestaCP installation installs the Web Server, DNS Server, Database Server, Mail and FTP Server. We can host as many domains as we want on a single server or VPS. We can also install SSL certificates through VestaCP. It automatically configures DKIM and SPF for authentication and encryption in Mail Server.
VestaCP is fast as it uses responsive user interface. It uses the nginx web server which is known for its speed and considered better than Apache in many cases. VestaCP uses less RAM and CPU hence you can also install VestaCP on servers having RAM around 1 GB or less. VestaCP uses iptables and fail2ban firewall which makes it more secure from hacking. Additionally phpMyAdmin is installed to manage database graphically and RoundCube webmail client is installed to send and read emails online. Any person having basic knowledge of linux can install and use VestaCP manage a Linux Server.
In this tutorial we will learn to Install VestaCP in a fresh CentOS 7.2 installation. VestaCP supports multiple platforms which are RHEL/CentOS 5,6,7, Debian 6,7,8 and Ubuntu 12.04 to 15.10. Procedure to install VestaCP on these platforms is nearly same. VestaCP installation Script automatically detects the Operating System and installs the application accordingly. we will also learn to configure the server and DNS through GUI. Additionally We will learn to create private nameservers, configure firewalls, add packages, users and domains plus creation of email addresses.
To install VestaCP login to your server as the
root user and download installation script by issuing following command.
curl -O http://vestacp.com/pub/vst-install.sh
This will download and save the installation script in current directory.
Run the installation script by issuing the following command.
It is recommended that you use fresh/minimal installation of any operation system which it supports to install VestaCP because if installer script detects that some packages are already installed, it will ask you to remove the package. Also if you have a user account with the username
admin then it will ask you to remove the user - as VestaCP will create and configure this account as Administrator of Control Panel during installation.
Although it is not recommended, you can also ignore the warnings and forcefully proceed with the installation by issuing the above command with
-f parameter. Hence the command will look like this.
bash vst-install.sh -f
If there are not any errors then you will be shown the message about the packages it will install during installation and you will get a screen similar to shown below.
_| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| _| _| _| _| _| _| _| _| _| _|_|_| _|_| _| _|_|_|_| _| _| _| _| _| _| _| _| _|_|_|_| _|_|_| _| _| _|
Vesta Control Panel
Following software will be installed on your system: - Nginx Web Server - Apache Web Server (as backend) - Bind DNS Server - Exim mail server + Antivirus Antispam - Dovecot POP3/IMAP Server - MariaDB Database Server - Vsftpd FTP Server - Iptables Firewall + Fail2Ban
Would you like to continue [y/n]:
y to continue the installation. Then it will ask you for administrator's email address, after installation VestaCP will send login details to this email address.
Next it will ask you for your FQDN hostname, which stands for Full Qualified Domain Name, You many want to use something like
yourdomain.com is the main domain you wish to host on this server. We will use this domain to create your private nameservers. you can use any subdomain for your hostname but make sure that it must be a subdomain of your main domain. Proceed further by providing your hostname. It will now tell you to wait as Installation will take around 15 minutes.
Once the installation is complete you will get a message on terminal that you have successfully installed VestaCP. You will also see the URL of your control panel with port number on which the control panel is accessible. It will also show you the username and password of your control panel login. VestaCP is accessible using
https connection and on port number
8083. A copy of this login information is also sent to your admin email address.
Logging into VestaCP
Now that we have VestaCP installed in our server we can login to the control panel to start configuring it. To login to your VestaCP control panel go to the address that was provided after the successful installation of VestaCP. Your login URL will be
for example if your Server has an IP address of
188.8.131.52 then you will have to open the following link into your browser.
You might get an error via your browser that Certificate is invalid, this is happening because the VestaCP control panel loads over a secured connection and the certificate it uses to make the connection is self generated and self signed, most browsers does not recognise a self generated certificate but still it is safe and secure as other Third Party Certificates are. Add an exception and proceed further to login.
Once you configure DNS and point your domain to the Server IP address, you can login using domain name instead of IP address. Login page for VestaCP is shown in following screenshot.
Enter your username which is
admin and password which you got after the installation was finished, and press login button to login into VestaCP. You will be shown a dashboard similar to this.
First thing you must do is to change your
admin account's password, to do this click on admin link which can be found on the top right corner of menu bar. From here you can change password for your admin user, additionally you can change email, default language and also Full name of the user
We can configure global settings for the server through here and we can also see technical information about the current state of server. Click on Server link from the menu bar at the top to access server settings and you will get the list of services running on your server. The first entry will be the hostname of your server, if you hover your mouse over it you will see restart option, you can restart your server through here. You can also restart or stop any services which is listed there.
You can go to server configuration panel by clicking on icon. You can configure your hostname, time zone and default language. Next scroll down to see different services like WEB, DNS, DB etc. You can configure settings for these services through here. At the end of the page you will see Vesta Control Panel Plugins options, through here you can disable firewall and FileSystem Disk Quota. VestaCP also provides two commercial plugins which are SFTP Chroot, this plugin hides all the files for user except their home directory, another is File Manager, this plugin enables you to use VestaCP's interactive file manager to upload and edit your files through web browser. You will need a licence key to enable these features.
Configuring DNS and Private Nameservers
We already have the BIND DNS server installed in our server as a part of default installation. We can use this DNS server as our main DNS server, but many times there is only one IP address assigned to a Cloud Server, although it is recommended that we use two different IPs for running a DNS server but we can also run the DNS server on the same IP on which web server is running.
We can also use the third party DNS service but using these DNS servers you will have to create a DNS zone each time you want to setup a new hosting for a domain on your server also you will have to use nameservers provided by third party. Insted you can create your own private nameserver for example
ns2.yourdomain.com, in this case you will need to have full control on your domain and also the domain must be the same which we have used during installation of VestaCP.
To create a private nameserver we will need to set up nameservers as hosts on domain control panel. Some domain registrars call this registering child nameservers. In this tutorial we will see how to setup hostnames on Godaddy. If you have domain registered with HostPresto, you can simply ask support team to do this for you.
Login into your domain control panel, and you will see the domains you have registered, click on the settings icon above the domain you want to create the hosts. Select Manage DNS scroll down to find Hostnames link under Advanced Features and click on it.
Enter hostname for the nameserver you want to create for example
vps1 or whatever you want. Next, enter the IP address of your Server on the textbox saying IPv4 or IPv6 address. Click Add and do the same procedure with your second nameserver which may be
vps2 according to your choice. Enter the same IP address and finally click save button.
Now go back to DNS management and click on Change button next to the Nameservers. Choose your nameserver type as Custom and enter the full nameservers you have recently created for example
ns2.yourdomain.com, click on save button.
Although now days DNS changes takes effect immediately but it can take up 24 hours to propagate through internet.
Configuring VestaCP to use Custom Nameservers
Once the private nameservers registration is complete now you will have to configure VestaCP to use your private nameservers. Login to your VestaCP and click on Web link to add a domain.
Now click on button to add a new domain. Enter your main domain name and leave everything as it is, make sure that DNS support checkbox is selected. click on Add button, this will add a new domain to your webserver, which is your main domain.
Now go to DNS menu and click Edit under your domain. Now change Template to child-ns and change SOA to one of the nameserver you have created. Click on Save button to save the changes.
Now Go to Packages and Scroll down to see default package, click Edit and scroll down to see Nameservers textboxs, enter your nameservers by replacing the existing ones, and click on save button.
All done! By now you have configured your DNS to and created your nameservers successfully. You may check this by going to your browser and entering your domain name. Also you can now edit all the other packages to use your custom name servers.
In future if you host another domain in your server you will not have to configure DNS and Nameserver for your domain, VestaCP will automatically do that for you, you will just have to add a new domain and point it to your private nameservers from domain control panel
Configuring the Firewall
Your firewall is already configured by VestaCP but you can configure it to make it even more secure. Go to Firewall configuration panel by clicking on Firewall from the menu.
You will see many entries in this section of different types of connections. For example SSH, FTP, SMTP, PING etc.
You can block these connections by editing them and selecting Drop instead of Accept in Action. For example if you want to block all the PING or ICMP connections, then just edit the entry for PING and select Drop instead of Accept in Action, now if somebody tries to ping to your server, the server will drop the connection and it will not send any reply.
You can also add a custom rule for Firewall to Accept or Drop any connection, Click on icon to add a new rule. Select Action, which may be Drop or Accept. Select the Transport Protocol, which may be TCP or UDP. Enter the Port number, which may be in a range like
9005-9020 now enter IP address of which you want to add the firewall, to accept or reject from all IP address enter
0.0.0.0/0. In comment box you can enter a phrase to identify the rule in future, you may also leave it blank. Click Add to add this firewall rule. Rule will take effect immediately.
To disallow certain IP address to access the services from your server, you can add a FAIL2BAN restriction. Click on LIST FAIL2BAN and click on icon to Ban an IP address. Select the protocol you wish to ban and then enter the IP address you want to ban, if you want to ban everyone then use
0.0.0.0/0 as IP address.
Click Add button and the firewall rule will take effect immediately.
We can configure packages through this interface. Packages define how much resources a user account can use. If you want to allow a user to use maximum 2 GB of your disk and he can add maximum 10 domains, for that you will have to create a Package of this configuration and then you will have to assign the package to that user. By default in VestaCP there is 4 packages is already created, one of them is default, this package is assigned to admin user, and 3 others having different limits. If you want you can edit and keep them or you can create a new package according to your choice.
To create a new package go to Packages from top menu bar and click on icon. Give a name to your package. Do not change Web Template, Proxy Template and DNS template unless required. Choose SSH login option, if you want your user to have access to SSH choose Bash, if you choose nologin then they will not have access to server through SSH. Choose how many domains the user cana add, also number of databases or emails the user can create. You can specify a number in here or if you want user to have unlimited resources you can click on infinity sign at the end of text box. Choose Quota in megabytes which specifies that how much disk space user can use. Choose Bandwidth a user can use per month. Finally Add the nameservers you have created previously.
Click on Add button to add the package. Now that you have created a package, you can assign it to a user.
Go to Users and click on the icon to create a new user. Enter a new username/password then choose the package you want for your new user. Enter the first and last name of your new user. Click Add to create this user. An email will be sent to the email id of newly created user with his login information. Now your new user can login through the same url through the web browser. As your new user is not an Administrator, they will not be shown as many configurations as you have seen in Admin account.
Hosting a Website
We can host a new website on our server by adding a new domain in server. To add a new domain click on WEB and you will see a list of domains hosted in your account. As we are logged in as newuser account which we have just created, we will add a new domain to this account. Click on and enter domain name, Leave DNS and Mail support checked. If you click on advanced options, you will see the aliases field, if you want the website to be accessed from some more different domain, like your main domain is
example.com but you also want the same website to be accessed from
example.in, you can add Aliases here.
Adding SSL Certificates to Website
In the same advanced options if you scroll down you will see SSL support, you can add SSL to your website through here. If you are using a third party commercial SSL certificate you will need to generate CSR which stands for Code Signing Request. Upon submission of CSR the company will provide you SSL certificate. You have to paste the text in certificate file into the SSL certificate. In SSL key text box you will have to paste the key which is also generated during CSR generation. In SSL Certificate Authority / Intermediate text box you will have to paste the code of certificate authority, in case if you are using self generated SSL then you can leave this field blank.
Next you have option for web statistics, you can choose from two different options for showing web statistics or analytics, these statistics will tell you about how many users has opened your website, number of hits to your website and many more. If you are using a third party analytical tool like Google Analytics etc then you can choose none.
You can also add additional FTP accounts to this website, although your new user will have access to the website by FTP but if you want to create additional FTP for this domain, you can create it through here. Finally click Add to add this domain into your account. Now you will have to point the nameservers of this domain to the nameserver we have created through domain control panel.
Creating E-Mail Addresses
Click on MAIL. Through thiss interface you can create email address for your domain. To create email addresses of a domain you have already hosted here. Hover your mouse to the account and you will see some options like List Accounts, Add account, Edit etc. Click on Add account.
Assign an Account name, this will be your part before @. Provide a password for your email account. In advanced options you can specify Quota for your email address, and also you will have option to forward the email address. In right hand side it will display some information which is required to send and receive the mails through any desktop mail client software. Click Add button to add the email.
You can also check and send your emails through web browser, using RoundCube webmail client. To open RoundCube webmail client go to
http://server_ip/webmail or if you have already configured the nameservers of your domain then you can also go to roundcube webmail client by using your domain, for example
http://yournewdomain.com/webmail Now you can login through your full email address and password for your email.
As we have DKIM and SPF already activated in our server, most of the emails you send will be delivered to primary inbox of recipients instead of Spam folders.
In same way you can also create a MySQL database through your user interface. You can access phpMyAdmin through web browser using following link
http://yournewdomain.com/phpmyadmin You can use any FTP client like FileZilla to upload your website to the server.
In this tutorial we have learned to deploy a full featured web server using VestaCP. We have done most of the configuration from installing VestaCP to creating e-mail addresses. But there are still so many more features we have in VestaCP which we have not discussed.