Tag: vestacp

  • How to change IP address of VestaCP Server

    How to change IP address of VestaCP Server

    Recently I upgraded a VestaCP server running on an Amazon Lightsail server. Upgrade resulted in a change of the internal IP address of the server, this made site hosted on the server stop working. To fix the problem, I run the command

    /usr/local/vesta/bin/v-update-sys-ip NEW_IP_HERE

    NEW_IP_HERE – replace with actual IP. If your server is behind NAT like Amazon lighsail/ec2, use the internal IP address instead of the public IP address.

    Example

    /usr/local/vesta/bin/v-update-sys-ip 172.26.8.137

    Now you need to restart the web server

    systemctl restart apache2
systemctl restart nginx
systemctl restart vesta

    Back to VestaCP

  • VestaCP disable Backups

    VestaCP disable Backups

    In VestaCP, each packages have option to specify how many backups it can take. First you need to click on packages, then change number of backups allowed for each package.

    VestaCP disable backup

    If backups allowed is more than 0, set it to 0.

    Users are created with these Packages. For all existing users, you need to manually edit file

    /usr/local/vesta/data/users/USERNAME_HERE/user.conf

    change value for backup to 0.

    If you have many users, instead o editing one by one, you can use following bash script.

    #!/bin/bash

FILES=$(find /usr/local/vesta/data/users/ -name "user.conf")

for USER_FILE in $FILES
do
    echo "Processing ${USER_FILE}"
    sed -i "s/^BACKUPS=.*$/BACKUPS='0'/g" $USER_FILE
    sed -i "s/^U_BACKUPS=.*$/U_BACKUPS='0'/g" $USER_FILE
done

    See VestaCP

  • Install PHP 7 on CentOS VestaCP

    To install PHP 7. you need to first enable epel and remi repo.

    yum install -y epel-release
rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm

    Remove existing PHP

    yum -y remove php

    Install PHP 7.3

    yum --enablerepo=remi-php73 install php73-php php73-php-mbstring php73-php-mysqlnd php73-php-gd php73-php-fpm php73-php-intl php73-php-cli php73-php-xml php73-php-opcache php73-php-pdo php73-php-gmp php73-php-process php73-php-pecl-imagick php73-php-devel

    start php-fpm

    service php-fpm stop
service php73-php-fpm start

    Set php 7.3 as default PHP for cli

    rm /usr/bin/php
ln -s /usr/bin/php73 /usr/bin/php

    Restart apache

    service httpd restart

  • MySQL root password in VestaCP

    In VestaCP server, MySQL root password is stored in file /usr/local/vesta/conf/mysql.conf, to find MySQL root password, run

    cat /usr/local/vesta/conf/mysql.conf

  • VestaCP Update

    To update VestaCP server, run

    v-list-sys-vesta-updates
v-update-sys-vesta-all

    Example

    [root@backendz ~]# v-list-sys-vesta-updates
PKG          VER    REL  ARCH    UPDT  DATE
---          ---    ---  ----    ----  ----
vesta        0.9.8  26   x86_64  yes   2019-09-30
vesta-php    0.9.8  26   x86_64  yes   2019-09-30
vesta-nginx  0.9.8  26   x86_64  yes   2019-09-30
[root@backendz ~]# v-update-sys-vesta-all
[root@backendz ~]#

  • CentOS 7 VestaCP Upgrade PHP to 7.x

    On CentOS 7 VestaCP install PHP 5.6 by default. This is very old version of PHP. To upgrade PHP to latest version 7.x, you can install remi repo.

    Install EPEL repo 

    yum install -y epel-release

    Install yum-utils

    yum install -y yum-utils

    Install remi repo

    rpm -ivh http://rpms.remirepo.net/enterprise/remi-release-7.rpm

    Select PHP version you need

    yum-config-manager --enable remi-php73

    Here i selected PHP 7.3. You can select differnt PHP versions with commands like.

    yum-config-manager --enable remi-php56
yum-config-manager --enable remi-php71
yum-config-manager --enable remi-php72
yum-config-manager --enable remi-php73
yum-config-manager --enable remi-php74

    Make sure you only enable one PHP version. If you enabled a PHP version from remi repo, disable it with

    yum-config-manager --disable remi-php56
yum-config-manager --disable remi-php70
yum-config-manager --disable remi-php71
yum-config-manager --disable remi-php72
yum-config-manager --disable remi-php73
yum-config-manager --disable remi-php74

    Once you have desired version enabled, run yum upgrade

    yum upgrade

    Or only for PHP, run

    yum upgrade php*

  • VestaCP redirect webmail to HTTPS

    To always force webmail to use HTTP on VeataCP, edit file

    vi /etc/roundcube/defaults.inc.php

    Find

    $rcmail_config['force_https'] = false;

    Replace with

    $rcmail_config['force_https'] = true;
  • VestaCP SSL for mail server

    VestaCP SSL for mail server

    VestaCP install self signed SSL for mail server by default. To install valid SSL, login to VestCP, go to sites. You will see a site with your sites hostname. If you don’t see it, create a site with your server hostname. Make sure DNS edited so hostname resolve to server IP. Now you should be able to get free LetsEncrypt SSL for this site.

    if you check Apache Virtual Host for the site, you will see someting like

    SSLCertificateFile /home/admin/conf/web/ssl.HOSTNAME.crt
SSLCertificateKeyFile /home/admin/conf/web/ssl.HOSTNAME.key
SSLCertificateChainFile /home/admin/conf/web/ssl.HOSTNAME.ca

    In VeataCP the config files for exim and dovecot located at

    /etc/exim4/exim4.conf.template
/etc/dovecot/conf.d/10-ssl.conf

    These configs use SSL located at /usr/local/vesta/ssl/certificate.crt and /usr/local/vesta/ssl/certificate.key.

    To use the FREE SSL, create a bash script.

    mkdir /usr/serverok/
vi /usr/serverok/ssl-renew-hostname

    Add

    #!/bin/bash
# Author: ServerOk Software
# Web: www.serverok.in
# Email: [email protected]

cat /home/admin/conf/web/ssl.HOSTNAME.crt > /usr/local/vesta/ssl/certificate.crt
cat /home/admin/conf/web/ssl.HOSTNAME.ca >> /usr/local/vesta/ssl/certificate.crt
cat /home/admin/conf/web/ssl.HOSTNAME.key > /usr/local/vesta/ssl/certificate.key
systemctl restart apache2
systemctl restart exim4
systemctl restart dovecot
/usr/local/vesta/nginx/sbin/vesta-nginx -s reload

    make the file executable

    chmod 755 /usr/serverok/ssl-renew-hostname

    Run the script

    /usr/serverok/ssl-renew-hostname

    Now SSL will work for mail server and VestaCP. To access VestaCP, use

    https://HOSTNAME:8083/login/

    Verify Mail Server SSL

    You can view mail server SSL with command

    openssl s_client -showcerts -connect HOSTNAME:993
openssl s_client -showcerts -connect HOSTNAME:465
openssl s_client -starttls smtp -showcerts -connect HOSTNAME:587

    Replace HOSTNAME with actual hostname of your server.

    Auto Renew SSL

    LetsEncrypt SSL expire every 90 days. So we will create a cronjob to auto renew SSL. Ff you have a paid SSL, you don’t need this cronjob

    Create a cronjob with

    crontab -e

    Add

    @weekly  /usr/serverok/ssl-renew-hostname > /dev/null 2>&1

    Related Posts

    VestaCP Free Hosting Control Panel

  • Change Server Hostname in VestaCP

    To change server hostname in VestaCP control panel, login to SSH as user root, run

    /usr/local/vesta/bin/v-change-sys-hostname HOSTNAME_HERE

    Example

    /usr/local/vesta/bin/v-change-sys-hostname server1.serverok.in

    Related Posts

    vestacp

  • Reset VestaCP admin password

    To reset VestaCP admin password, loign to SSH, run

    v-change-user-password admin NEW_PASSWOARD

    if above method did not work, try

    passwd admin

    See VestaCP Free Hosting Control Panel

  • VestaCP Installer Compromised

    VestaCP Installer Compromised

    VestaCP Free Hosting control panel compromised again. Hackers where able to get access to VestaCP infrastcuture server, allowing them to modify installation script, so it sent root password of servers to hacker.

    Here is post from VestaCP on their forum

    I’m sorry about inactivity in this post from our side. It was a complex issue and we were not sure we understand the whole picture. Leak in the installer is just one piece of the puzzle. All pieces together lead to cumulative effect.

    The issue number one

    Our infrastructure server was hacked. Presumably using API bug in the release 0.9.8-20. The hackers then changed all installation scripts to log admin password and ip as addition to the distro name we used to collect stats.

    Please check if your server IP here

    http://vestacp.com/test/?ip=127.0.0.1

    If it’s there you should change admin passwords as soon as possible. Also please make sure there is no /usr/bin/dhcprenew binary installed on your server. This binary is some sort of trojan that is able to launch remote DDoS attack or open shell to your server

    For more information, see

    https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907

  • VestaCP Zero-day exploit

    VestaCP Zero-day exploit

    On 07 April 2018, many servers using VestaCP got hacked. Hacker was able to get root acceess on these servers.

    VestaCP Free Hosting Control Panel

    Hacker installed some trojan software known as Chinese Chicken that is used to DDoS other servers.

    To see if your server is hacked, check if file /etc/cron.hourly/gcc.sh is present in your server.

    ls -l  /etc/cron.hourly/gcc.sh

    You can read more about this DDoS Trojan at

    https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/

    If you are running VestaCP, stop it until a solution for this exploit is released.

    service vesta stop
systemctl stop vesta

    You can find discussion on this exploit on VestaCP form

    https://forum.vestacp.com/viewtopic.php?f=10&t=16556

    Once server is rooted, it is better to take backup of all your data and restore OS.