Post installation steps for vestaCP (Nameservers, LetsEncrypt SSL, Redirect HTTP to HTTPS, Upgrading PHP and MariaDB)

Step 1

Set up own Name Servers (vanity/private/child nameservers)

Use the guide here.

Step 2

Install free LetsEncrypt Certificate for the main domain in Vestacp

Log into the admin panel

Go to Web Menu

Click on Edit next to the main domain

Select the SSL Support and LetsEncrypt

Click save.

Step 3 (Optional)

By default the vestacp main host domain will show the site as unsecure, coz it uses the expired certificate of VestaCP, we need to change it to make VestaCP to use the certificate files that we obtained from earlier step above.

Use SFTP and go to /home/admin/conf/web/ and look for file names “ssl.autdot.com.crt” and “ssl.autdot.com.key” (autdot will be different for everyone)

Duplicate and Rename the duplicated ssl files to certificate.crt and certificate.key

Upload them via SFTP to /usr/local/vesta/ssl/

In /usr/local/vesta/nginx/conf/nginx.conf change ssl_ciphers to:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;

and then go to VestaCP panel and click on server option in the top bar menu and Reboot the Nginx server and PHP-FPM (You may use ssh comands also to reboot)

 

After reboot refresh or clear browser cache or use incognito mode and you will see the site as secure now.

Step 4 (Optional) – Upgrading the PHP and MariaDB Versions

The issue with vestaCP it that by default it uses old versions of PHP and Mariadb and today most of the PHP script uses the latest versions.

This is only required when the PHP script that you want to install on any of your domain requires higher version of PHP and MYSQL or MariaDB Database servers.

The procedure includes uninstalling the current PHP and MariaDB version and then re-installing it.

The very first time i found several guides that removes the PHP completely and also the dependencies and this messes up with other components of VestaCP like Roundcube email service not working, Exim and Named Servers not starting or restarting

Follow the below steps to upgrade PHP and mariadb

Upgrading PHP:

Remove all traces of PHP 5.x (including RoundCube):

SSH into server and use the following commands

yum remove php

Now install PHP 7.0 or 7.1 or 7.2 (as per your need)

yum -y --enablerepo=remi install php70 php70-php php70-php-pear php70-php-bcmath php70-php-pecl-jsond-devel php70-php-mysqlnd php70-php-gd php70-php-common php70-php-fpm php70-php-intl php70-php-cli php70-php php70-php-xml php70-php-opcache php70-php-pecl-apcu php70-php-pecl-jsond php70-php-pdo php70-php-gmp php70-php-process php70-php-pecl-imagick php70-php-devel php70-php-mbstring

change the digits 70 everywhere to the php version you want (Example: for 7.1 use php71)

Now you will have the latest version of PHP, check by ssh command:  php-v

The above step remove the Roundcube and we need to install it.
Visit https://roundcube.net/download/ to check the latest versions that are released, select one and then visit http://rpms.remirepo.net/enterprise/7/test/x86_64/ and copy the url for CentOS 7

Download roundcube file by ssh into server and execute the following command (you need to change the url for the specific versions or you can use the following directly)

wget http://rpms.remirepo.net/enterprise/7/test/x86_64/roundcubemail-1.4~beta-1.el7.remi.noarch.rpm

Install roundcube by following command

rpm -i --nodeps roundcubemail-1.4~beta-1.el7.remi.noarch.rpm

Run these commands (the version 0.9.8 in below command need to be changed to the one vestacp version that is installed on your server, to check your vestacp version go here.)

wget c.vestacp.com/0.9.8/rhel/httpd-webmail.conf -O /etc/httpd/conf.d/roundcubemail.conf
wget c.vestacp.com/0.9.8/rhel/roundcube-main.conf -O /etc/roundcubemail/main.inc.php
wget c.vestacp.com/0.9.8/rhel/roundcube-db.conf -O /etc/roundcubemail/db.inc.php
wget c.vestacp.com/0.9.8/rhel/roundcube-driver.php -O  /usr/share/roundcubemail/plugins/password/drivers/vesta.php
wget c.vestacp.com/0.9.8/rhel/roundcube-pw.conf -O /usr/share/roundcubemail/plugins/password/config.inc.php
chmod a+r /etc/roundcubemail/*

Now restart your nginx and php-fpm server by going to vestacp admin panel and then clicking on server on the top bar menu and then click restart next to the Nginx and PHP-FPM servers,

Check if the roundcube app is running properly or not

Goto vestacp panel and then click on mail menu, click on OPEN WEBMAIL and a popup window will open that shows the mail login screen. if you don’t see this or see an error then there was something wrong done by you. If you get error message (Roundcube: Connection to storage server failed) after try login to the email address the first time after installation then go here for a solution.

 

Upgrading MariaDB to versions 10.1 or 10.2 or 10.3 or 10.4 in VestaCP:

Use sftp and go to /etc/yum.repos.d/ and create a new file: MariaDB10.repo (if the file is already present then just edit it)

paste following into the above file (below code is for version 10.1)

http://mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.1/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1

If you would like to change the version to others like 10.2 or 10.3 or 10.4 then visit http://yum.mariadb.org/ and then move inside the desired version folder and paste the baseurl in the second line above, like for Mariadb version 10.4 you need to change the baseurl, use the following code for version 10.4 instead of above

[mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64/ gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1

Now remove the old version of mariadb, use following ssh command

yum remove mariadb-server mariadb mariadb-libs

Next, clean the repository cache

yum clean all

Now the old mariadb is removed, we need to install the new one by the following command

yum -y install MariaDB-server MariaDB-client

After installation if finished, start the MariaDB service with:

systemctl start mariadb

Enable mariadb to start automatically after every server restart

systemctl enable mariadb

Finally run the upgrade command to upgrade MariaDB

mysql_upgrade

now, Verify the new mariadb version

mysql -V

and you will now have the upgraded versions of PHP and Mariadb on Vestacp

the above guide do not messes up with the default installation of VestaCP.

 

Step 5 – VestaCP Redirect HTTP to HTTPS Domain (optional)

After installing vestaCP i didn’t find any working guide as how to redirect HTTP traffic to HTTPS

Heres the solution

Step 1

Install SSL certificates for your domains using the Vestacp panel

Step 2

Redirect HTTP to HTTPS

If you’re running NGINX on VestaCP then the following will redirect all HTTP traffic to HTTPS

Create a new file at /home/admin/conf/web/nginx.autdot.com.conf (replace admin with your VestaCP Username and autdot.com in file name to your domain name)

Add the following codes:

if ($scheme = http) { return 301 https://autdot.com$request_uri; }

Replace https://autdot.com with your own domain name.

 

Using if is evil i know that, if your site has extremely large number of visitors at a time then you need to find some other solution.

 

Step 6 – Activate Free File Manager (Optional)

SSH into server using the root account

Edit the file located at /usr/local/vesta/conf/vesta.conf

sudo nano /usr/local/vesta/conf/vesta.conf

Add the following lines at the bottom of the file

FILEMANAGER_KEY='ILOVEREO'

Save the file by pressing “control + x” key and then “y” and press enter

 

Everytime vestacp checks for updates, the above code is removed. we need to add the following cron job

crontab -e
0 */1 * * * /usr/bin/sed -i "/FILEMANAGER_KEY=''/d" /usr/local/vesta/conf/vesta.conf >> /usr/local/vesta/conf/vesta.conf && sudo /usr/bin/grep -q -F "FILEMANAGER_KEY='ILOVEREO'" /usr/local/vesta/conf/vesta.conf || /usr/bin/echo "FILEMANAGER_KEY='ILOVEREO'" >>

Leave a comment

Your email address will not be published. Required fields are marked *