I decided to create the perfect VestaCP server installer script (in my opinion) for CentOS 7 (I have only tried it on CentOS 7). Basically, you run it, it asks a few questions and then it sets up a perfect server including CSF, Monit and PHP 7 (if you want it). Amazing, right?
THIS SCRIPT SHOULD BE USED ON A NEW SERVER. THIS SCRIPT INSTALLS VESTACP TOO.
I DO NOT ACCEPT ANY RESPONSIBILITY, SHOULD THIS SCRIPT DAMAGE YOUR SERVER.
What this VestaCP Server Installer does:
- Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.
- Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.
- Installs CSF as a Firewall with common settings.
- Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).
- Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to reduce more spam. It also prevents the server from editing the file.
- Hardens the /etc/sysctl.conf file for security.
- Enables Dovecot quotas and configures Dovecot performance.
- Installs SpamAssassin rules to help prevent further spam.
- Updates the file /etc/exim/dnsbl.conf to further reduce spam.
- Updates Exim to make sure there is no delay accepting email.
- Fixes NGINX and secures it even further so you receive a A (A+ requires you enable HSTS) at Quality SSL Labs.
- Fixes PHP-FPM to use less memory and crash less often.
- Installs and configures Monit to monitor your server.
- Asks you if you want to install PHP 7. WordPress supports PHP 7.
- Makes websites use HTTP2 instead of HTTP1.1
Run the following commands to install the VestaCP Server Installer
Before installing please make sure your hostname resolves to an IP address otherwise the LetsEncrypt script won’t be able to secure your VestaCP Server Installer correctly!
wget https://vestacp.ss88.uk/VestaCP_Installer/CentOS7.sh chmod 777 ./CentOS7.sh sudo ./CentOS7.sh
Next hold tight and watch it set-up the server. It may take 15 minutes just securing the server as part of the script generates DH parameters to secure NGINX (this could take up to 1 hour on 1 core DigitalOcean VPS’s).
Right at the very end the console instructs you to reboot the server – you should.