Skip to content

Instantly share code, notes, and snippets.

@yashodhank

yashodhank/vestacp best install approach for vps from securiace.com rayscloud.in.md

Forked from inerba/server scaleway pronto.md
Last active August 4, 2016 10:46
Show Gist options
  • Save yashodhank/eede27f0954bf68a346fb9e024993f70 to your computer and use it in GitHub Desktop.
Save yashodhank/eede27f0954bf68a346fb9e024993f70 to your computer and use it in GitHub Desktop.
Download ZIP
Let's Encrypt SSL setup instructions
Raw
vestacp best install approach for vps from securiace.com rayscloud.in.md

Required

Ubuntu 14.04+ LTS

Update OS packages

sudo apt-get update && sudo apt-get -y upgrade

VestaCP

Installation

Install parameters as follows:

  • Web Server > Nginx + Apache > Yes
  • FTP Server > VSFtpd > Yes
  • Mail Server > No
  • DNS Server > No
  • Firewall > iptables + fail2ban > Yes
  • Database Server > MySQL > Yes
  • Additional Repository > remi > Yes
  • FileSystem Quota > No
  • Hostname > server.hostname.tld # change it to match with yours
  • Email > email # change it to match with yours
  • Password > adminpass # change it to match with your choise
curl -O http://vestacp.com/pub/vst-install.sh
bash vst-install.sh --nginx yes --apache yes --phpfpm no --vsftpd yes --proftpd no --exim no --dovecot no --spamassassin no --clamav no --named no --iptables yes --fail2ban yes --mysql yes --postgresql no --remi yes --quota no --hostname server.hostname.tld --email email --password adminpass

Install Let's Encrypt Addon (cli)

sudo su -
cd /usr/local
git clone https://github.com/certbot/certbot.git
git clone https://github.com/interbrite/letsencrypt-vesta.git
mkdir -p /etc/letsencrypt/webroot
ln -s /usr/local/letsencrypt-vesta/letsencrypt.conf /etc/apache2/conf.d/letsencrypt.conf
service apache2 restart

New SSL Certificate with automatically Renewal after 60 days.

letsencrypt-vesta -a 60 USERNAME DOMAIN

Vesta Interface Certificates

The self-signed SSL certificates for the actual Vesta UI are located in /usr/local/vesta/ssl:

certificate.crt
certificate.key

These can be replaced with certificates issued by Let’s Encrypt:

mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.crt.orig
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate.key.orig
ln -s /etc/letsencrypt/live/<domain>/privatekey.pem /usr/local/vesta/ssl/certificate.key
ln -s /etc/letsencrypt/live/<domain>/cert.pem /usr/local/vesta/ssl/certificate.crt

Restart the Vesta services:

service vesta restart

The UI (Admin Panel) will now use the trusted certificates.

Install additional templates

  • curry cms
  • laravel
  • drupal
  • redmine

(https://github.com/errogaht/vesta_templates)

cd /usr/local/vesta/data/templates/web
git clone https://github.com/errogaht/vesta_templates.git
cp -R vesta_templates/apache2 .
cp -R vesta_templates/nginx .
rm -R vesta_templates

Fix PHPMyAdmin errors

(https://forum.vestacp.com/viewtopic.php?f=14&t=10307)

curl -O -k https://raw.githubusercontent.com/skurudo/phpmyadmin-fixer/master/pma-ubuntu.sh && chmod +x pma-ubuntu.sh && ./pma-ubuntu.sh

Create SWAP (2GB)

sudo fallocate -l 2G /swap
mkswap /swap && chown root. /swap && chmod 0600 /swap && swapon /swap
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
echo vm.swappiness = 0 >> /etc/sysctl.conf && sysctl -p
echo vm.vfs_cache_pressure = 50 >> /etc/sysctl.conf && sysctl -p

Install Composer System-wide (Shared access for all users)

curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

NPM & node.js install

sudo apt-get install nodejs npm

Memcached

sudo apt-get install php5-memcached memcached
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment