How to install VestaCP on Ubuntu or CentOS

Introduction

VestaCP is an open-source hosting control panel that allows you to easily manage web servers, DNS servers, mail servers, databases and more through a simple web interface. It supports popular software like Apache, Nginx, PHP, MySQL, Exim, Dovecot and more.

In this comprehensive guide, we will cover how to install VestaCP from scratch on a freshly installed Ubuntu 20.04/22.04 or CentOS 7 server. We will go through every step in detail to have VestaCP fully configured and ready to manage hosting accounts.

Prerequisites

• A server running Ubuntu 20.04/22.04 or CentOS 7 with root access or a user with sudo privileges.
• A static IP address assigned to the server.
• Ports 80 and 443 open on the firewall for web traffic.
• A registered domain name pointed to the server’s IP address. This will be used to access VestaCP admin panel.

Step 1 – Install Required Packages

First we need to install some required packages that VestaCP needs to function properly.

For Ubuntu 20.04/22.04

Run the following commands to install curl, nano, htop, wget:

$ sudo apt update
$ sudo apt install curl nano htop wget -y

For CentOS 7

Run the following commands to install curl, nano, htop, wget:

$ sudo yum install epel-release -y
$ sudo yum update 
$ sudo yum install curl nano htop wget -y

These packages provide useful tools to download files, edit configurations, monitor processes and more.

Step 2 – Disable Apache/Exim

If Apache and Exim are installed by default, we need to remove them before installing Nginx and Postfix.

For Ubuntu 20.04/22.04

$ sudo apt remove apache2* exim4* -y
$ sudo apt purge apache2* exim4* -y
$ sudo rm -rf /etc/apache2 /etc/exim4 

For CentOS 7

$ sudo yum remove httpd* exim -y
$ sudo rm -rf /etc/httpd /etc/exim

This completely removes those packages from the system to avoid conflicts.

Step 3 – Download the VestaCP Installer

Now we will download the latest release of the VestaCP automatic installer script.

Run this command on both Ubuntu and CentOS to download the script:

$ curl -O http://vestacp.com/pub/vst-install.sh

Step 4 – Install VestaCP

We will now run the installer script to install VestaCP with the components we need.

On Ubuntu 20.04/22.04 run:

$ sudo bash vst-install.sh --nginx yes --apache no --phpfpm yes --named yes --remi no --vsftpd yes --proftpd no 
--iptables yes --fail2ban yes --quota no --exim no --dovecot yes --spamassassin yes --clamav yes --softaculous no  
--mysql yes --postgresql no --hostname yourdomain.com --email [email protected] --password mypassword

Explanation of the main options:

–nginx: Install and configure Nginx web server
–apache: Do not install Apache
–phpfpm: Install PHP-FPM for processing PHP pages
–named: Install BIND for DNS server
–remi: Not needed on Ubuntu
–vsftpd: Install Very Secure FTP daemon
–iptables: Configure firewall with iptables
–fail2ban: Install fail2ban for intrusion prevention
–quota: Not installing quota management
–exim: Do not install Exim mail server –dovecot: Install Dovecot POP3/IMAP server
–spamassassin: Install SpamAssassin antispam protection
–clamav: Install ClamAV antivirus scanning
–mysql: Install MySQL server

On CentOS 7 run:

$ sudo bash vst-install.sh --nginx yes --apache no --phpfpm yes --named yes --remi yes --vsftpd yes --proftpd no  
--iptables yes --fail2ban yes --quota no --exim no --dovecot yes --spamassassin yes --clamav yes --softaculous no   
--mysql yes  --postgresql no --hostname yourdomain.com --email [email protected] --password mypassword

The only difference is we add --remi yes to enable the Remi repository for latest PHP on CentOS.

The installer will now run and install all the components and configure them automatically. This may take between 5-15 minutes depending on your server’s internet connection speed.

When it completes, take note of the admin URL, username and password given at the end. We will use those to login to VestaCP.

Step 5 – Log in to VestaCP Admin Panel

To access the VestaCP admin panel, simply open the URL printed at the end of the installer in your web browser:

https://yourdomain.com:8083

Enter the admin username and password provided.

You will then be greeted with the VestaCP dashboard.

The default admin username is admin

Step 6 – Securing Access to VestaCP

By default, VestaCP allows login via HTTP which is insecure. We will now configure SSL and block HTTP access.

Activate SSL (HTTPS Access)

Go to the Web tab and SSL subsection in VestaCP. Select your domain and choose Let's Encrypt as the SSL Provider. Check the box for SSL and change the port to 443. Save changes.

VestaCP will now install an SSL certificate for your domain issued by Let’s Encrypt and activate it. This may take a few minutes.

Once active, access VestaCP at the new HTTPS URL:

https://yourdomain.com

Log back in to confirm it works.

Block HTTP Access

To prevent unsecured HTTP access, you need to disable port 80 and save firewall rules in VestaCP:

Web Tab -> Firewall

• Uncheck box for Port 80
• Click Save Changes

You should now only be able to access VestaCP at the HTTPS URL.

Step 7 – Add Hosting Packages

We can now start adding hosting packages that can later be assigned to user accounts.

Go to the Packages tab and click Add New Package

Let’s create a basic shared hosting package with the following options:

• Package Name: starter
• Disk Space Quota: 5 GB
• Bandwidth Quota: 100 GB
• Email Accounts: 10
• Email Forwarders: 20
• Email Autoresponders: Enabled
• Disk inodes: 300000
• Apache directives: Default
• Max Domains: 5
• Max Subdomains: 10
• Max Aliases: 20
• Max Parked Domains: 5
• Max Addon Domains: 3

Click Save to add the package.

Create additional packages based on the resources you want to assign to user accounts.

Step 8 – Add Hosting User Accounts

Now we can start creating hosting accounts and assigning them packages we created earlier.

Go to the Users tab and click Create User

For the first account, use these sample details:

• Username: john
• Package: starter
• Password: password123
• Email: [email protected]
• First name: John
• Last name: Doe

Click Create User to add the account.

This will automatically create all the required directories, databases, email accounts and configurations for the hosting account based on the allocated package limits.

You can repeat to create more accounts.

Step 9 – Configure Nameservers in VestaCP

In order for your domain names to point to this server, you need to configure the nameservers in VestaCP.

DNS Tab -> Domain -> Add Domain

Simply enter your registered domain name, for example:

yourdomain.com

Save changes.

This will automatically generate the default nameservers for your server:

ns1.yourdomain.com 
ns2.yourdomain.com

You can create A records for your domain and sub-domains here as well.

Step 10 – Change Nameservers at Domain Registrar

Login to your domain name registrar account and update the nameservers to point to:

ns1.yourdomain.com
ns2.yourdomain.com 

This will delegate DNS control for your domain to the VestaCP server. Propagation may take between 2-24 hours to fully take effect.

Your VestaCP server is now the official nameserver for domains you own.

Step 11 – Configure Mail Services

Now that we have hosting accounts set up, let’s configure the mail services to send and receive emails properly.

Configure Postfix for Sending Emails

VestaCP uses Postfix for sending outgoing emails. We need to specify the hostname and domains it will handle.

Go to:

Mail Tab -> Mail Server -> Configure Mail Server

• Hostname: mail.yourdomain.com
• Domains: yourdomain.com

Save changes and restart Postfix when prompted.

This allows Postfix to accept outbound mail for those domains which will be sent to other mail servers.

Configure Dovecot POP3/IMAP Service

Dovecot is used to allow receiving and retrieving emails through POP3 and IMAP protocols.

Go to:

Mail Tab -> Mail Server -> Configure Mail Server

• IMAP server: yes
• POP3 server: yes
• IMAP port: 143
• POP3 port: 110
• SSL/TLS port: 995

Save changes and restart Dovecot when prompted.

Enabling those protocols allows users to check email with any email client.

Configure SpamAssassin

SpamAssassin will process incoming emails to detect and tag spam. Enable it under the Mail tab:

Mail Tab -> SpamAssassin -> Activate SpamAssassin

Save changes and restart SpamAssassin.

Emails detected as spam will now be tagged in the subject line for users.

Configure ClamAV Antivirus Scanning

ClamAV provides antivirus protection for incoming emails. Enable it via:

Mail Tab -> ClamAV -> Activate ClamAV

Save changes and restart ClamAV.

Emails with detected viruses can configured to be rejected, deleted or simply flagged.

Step 12 – Configure Backup Service

It is critical to setup automated backups that run regularly in case disaster strikes. VestaCP has built-in backup capabilities.

Go to:

Backup Tab -> Backup & Restore -> Add Backup Job

Create a backup job with these settings:

• Name: Daily Backup
• Backup directories: Select all under Web, DNS and Mail sections
• Databases: Select all MySQL databases
• Compression level: 9
• Destination: Local backup
• Schedule: Daily

This will backup websites, DNS zones, mail accounts and databases on a daily basis and store them locally compressed.

You should also setup offsite backups to a remote server.

Step 13 – Install SSL/TLS Certificates

To configure HTTPS access for your hosting accounts, you need to install SSL/TLS certificates.

VestaCP makes it easy to add free Let’s Encrypt SSL certs.

Simply go to:

SSL Tab -> Let’s Encrypt

Then enter each domain name you want on its own line and click Issue SSL Cert.

Let’s Encrypt will automatically validate domain ownership and generate the certificates which will be automatically configured for the domains in VestaCP.

Very easy!

Conclusion

That covers a complete installation guide of VestaCP on Ubuntu and CentOS.

Some key takeways:

• VestaCP provides an intuitive interface to manage hosting services
• Automated installation makes deployment easy
• Capability to handle websites, emails, DNS, databases and more
• Built-in security features like firewall, fail2ban, ClamAV
• SSL certificates available with Let’s Encrypt integration
• Backup solutions to prevent loss of data
• Designed for scaling to handle increasing workloads

With VestaCP installed, you now have a platform that can power hosting for potentially thousands of users while providing reliability, security and ease of use.