VestaCP Server Installer – The Perfect Server

I decided to create the perfect VestaCP server installer script (in my opinion) for CentOS 7 (I have only tried it on CentOS 7). Basically, you run it, it asks a few questions and then it sets up a perfect server including CSF, Monit and PHP 7 (if you want it). Amazing, right?

THIS SCRIPT SHOULD BE USED ON A NEW SERVER. THIS SCRIPT INSTALLS VESTACP TOO.
I DO NOT ACCEPT ANY RESPONSIBILITY, SHOULD THIS SCRIPT DAMAGE YOUR SERVER.

What this VestaCP Server Installer does:

  1. Installs VestaCP with: NGINX & PHP-FPM, MariaDB, Named, Remi repository, vsftpd, no firewall (CSF will be installed), Exim, Dovecot, and SpamAssassin.
  2. Makes the new LetsEncrypt in-built script work properly + creates an SSL certificate for the hostname.
  3. Installs CSF as a Firewall with common settings.
  4. Sets the hostname properly (so Exim uses the full hostname), and then prevents the system from editing the file (because of reboots).
  5. Makes the server use it’s own DNS server to perform lookups. This helps SpamAssassin to reduce more spam. It also prevents the server from editing the file.
  6. Hardens the /etc/sysctl.conf file for security.
  7. Enables Dovecot quotas and configures Dovecot performance.
  8. Installs SpamAssassin rules to help prevent further spam.
  9. Updates the file /etc/exim/dnsbl.conf to further reduce spam.
  10. Updates Exim to make sure there is no delay accepting email.
  11. Fixes NGINX and secures it even further so you receive a A (A+ requires you enable HSTS) at Quality SSL Labs.
  12. Fixes PHP-FPM to use less memory and crash less often.
  13. Installs and configures Monit to monitor your server.
  14. Asks you if you want to install PHP 7. WordPress supports PHP 7.
  15. Makes websites use HTTP2 instead of HTTP1.1

vestacp server installer  monit-logo  csf_large

 

Run the following commands to install the VestaCP Server Installer

Before installing please make sure your hostname resolves to an IP address otherwise the LetsEncrypt script won’t be able to secure your VestaCP Server Installer correctly!

wget https://vestacp.ss88.uk/VestaCP_Installer/CentOS7.sh
chmod 777 ./CentOS7.sh
sudo ./CentOS7.sh

 

Next hold tight and watch it set-up the server. It may take 15 minutes just securing the server as part of the script generates DH parameters to secure NGINX (this could take up to 1 hour on 1 core DigitalOcean VPS’s).

Right at the very end the console instructs you to reboot the server – you should.

  • yavuzselim

    I am not expert about VPS. So can i use this installation for Worpress (permalink). And do i need a caching software like Redis or anything else after this installation?

    • SSULLIVAN88

      This will only install a control panel to manage all your websites, databases, emails, and DNS. Once you have installed this you’ll have to manually install WordPress by using its own installer. With this install you shouldn’t need a cache, as PHP7 is very fast however, you can install it, or use a third party WordPress plugin to speed the website up even further.

      I hope this helps!

      • yavuzselim

        Thanks for reply. I will use your package with Redis cache. Good work…

  • António

    Great work!

    If I install this today, will it install the latest version of VestaCP (v. 0.9.8-17)?

    Also anyway, to install your script, but without named/dns and mail related services. Because I host all my DNS and Mail offsite? Thanks

    • SSULLIVAN88

      Yes – it will always install the latest version of VestaCP.

      A user reported that this install by default uses around 300MB of memory: https://forum.vestacp.com/viewtopic.php?f=10&t=12802&start=40#p54098

      So the fact it installs Exim and DNS should not be a problem. Exim would be used to send out notifications from Monit and CSF.

  • Andrew Hacker

    Brilliant. Love this script. 2 servers setup in under an hour. But…
    can’t get monit to run on https as letsencrypt only supports ports 80 and 443. Would be great to include private cert setup in the script as well…

    Thanks for your work on this.

    • SSULLIVAN88

      Thank you @abhacker:disqus! 🙂

      The good news is that it CAN work.The bad news is that there has to be a “hack”.

      Monit will run over SSL with LetsEncrypt however, not with Vesta’s current setup. Vesta creates a .pem file but does not include the RSA private key within that file. In order for Monit to work under SSL it needs to read one file with the certificate, RSA private key, and CA certificate (optional). Once that key and those certificates are in the file, it will read it and work. Unfortunately as LE expires once every 3 months it’s not a good idea to get this made into the script.

      The other option you suggested of creating a self-signed certificate for monit exclusively would work. We could even make sure it expires once every 10 years. I however am not one for the nasty “not secure” Google chrome shows — but in a funny way at least it means it’s secure.

  • Bill

    Thank you. A very brilliant script. A full working box setup in under 20 minutes.

    Not part of the script, but facing a couple of issues with WordPress though. I tried installing WP without issues, site is working fine. Copied files using Winscp. However, when I try to install a plugin from WP admin, there is a prompt asking for FTP username and pass. Guess the WP auto update is not working as well.

    I tried granting permission to nginx.niginx to the web directory, tried changing file permissions, but did not help.

    Can you please help?

    Thanks – Regards – Bill

    • SSULLIVAN88

      Hi Bill,

      Someone else has the same problem as you and it was because they uploaded WordPress as another user and/or with root access. VestaCP uses the actual user you set it up under, so if you set it up under the account named “admin” then you must chown it admin:admin — this is the same for if you set it up under the username “user20”, you must chown it user20:user20.

      I hope this helps!

      • Bill

        Phew! tried with admin:admin and It worked 🙂

        chown -R admin.admin /home/admin/web/

        This was killing me 🙂 – Thank you very much.

        Sorting one more thing, the LetsEncrypt works cool, but, when I try to change the WP URL to www, it displays as insecure connection. Works like a charm without the www.

        Cheers

        • SSULLIVAN88

          Not a million percent sure on this one but how did you create the SSL certificate? If you used the web interface, then I’m not sure what could be wrong (if it was successful). If you used the command line, you have to add www as part of the alias as by default Vesta doesn’t put this there.

          i.e. v-add-lets-encrypt-domain user20 mydomain.com http://www.mydomain.com

          P.S. Perhaps a reboot of NGINX might help too?

          • Bill

            SSL was created by your script, assigned automatically to the default host domain, which was brilliant.

            I can see the Vesta alias textbox contains the www, but for some reason it is not working.

            I am checking my domain control panel as well, just to be sure everything is pointed correctly.

            Tried the NGINX reboot, did not help. Let me try adding another domain name to VESTA and see what happens.

            Will come back and update you.

            Thanks again. Regards – Bill

          • SSULLIVAN88

            Hi @disqus_pBR8AzwZLv:disqus – by default it should be a hostname i.e. there is no www on hostnames. However, it’s a quick fix.

            Run this as root:

            v-add-letsencrypt-domain admin hostname.domain.com http://www.hostname.domain.com

            That should fix it!

          • Bill

            Thank you, it worked 🙂 – oh by the way, must say, you are awesome 🙂

  • Lfd service all time sends email with IP ban alert. It’s normal? Is it botnet attack?

    • SSULLIVAN88

      Can you let me know more information:

      * How many emails in a 5 minute period do you get?
      * Do the emails all contain different IP addresses?
      * What is the reason they are blocked? i.e. “sshd[24217]: pam_unix(sshd:auth): authentication failure;”

      • – Email interval is about 30 minutes.
        – Yes. On email end has list with blocked IP address.
        – Reason is “Invalid user”, “Failed password for invalid user 0″, ” Failed password for admin”.

        Screenshot: http://prnt.sc/f2i8ek

        • SSULLIVAN88

          That looks correct to me. I get a lot of emails every minute. I’ve had over 16,000 since February.

          Your server may just be under stress at the minute. If your let CSF do its job for a while it will eventually permanently ban the IP addresses that are causing the issue which will inturn reduce the amount of emails you receive.

  • File upload limit? Where can change it?
    I have made changes in VestaCP panel but phpinfo() shows: http://prnt.sc/f30n14

    • SSULLIVAN88

      PHP7: /etc/opt/remi/php70/php.ini

  • Loc Nguyen

    I can’t not install it. Can you help me please ?

    • SSULLIVAN88

      What are you having trouble with? Are there any error codes?

  • Ar1sC

    Can I Use this script on Debian?

    • SSULLIVAN88

      Sorry, not yet. 🙁

      • Ar1sC

        Will you create a Script for Debian or Ubuntu ?

  • When I’m running your script
    I receive this error :
    sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument
    net.ipv4.ip_local_port_range = 16384 65536

    Everything else works perfectly 😉

    • SSULLIVAN88

      Thank you for reporting.

      I’ve changed it so that there’s a TAB in-between the ranges (that’s the correct way).

      Also worth to note, sometimes some providers don’t allow you to change these values especially if you’re on a VPS but it won’t harm a system if these values are set.

  • Ar1sC

    Im Getting error with hostname…. My Hostname is pointed with my server IP using A Record… sub.hostname.tld and http://www.sub.hostname.tld….

    • SSULLIVAN88

      If it matches and you know it’s pointed correctly, edit CentOS.sh and uncomment out line 19 and comment out line 20 so it ends up like so:


      yum clean all
      yum -y install bind-utils
      IPAddress=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
      #IPAddress=$(hostname -i)
      DigResult=$(dig @8.8.8.8 +short $vHostname)

      • Ar1sC

        I get this error /etc/monit/monitrc:3: syntax error ‘port’
        probably because i typed $vSMTPPort and enter… How can I fix it?

        • SSULLIVAN88

          You need to edit file: /etc/monit/monitrc

          • Ar1sC

            What do i need to change?

          • Ar1sC

            Also I think i found a typo mistakee on this file https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/monitrc
            http://imgur.com/a/lcPMz
            But not sure..

          • SSULLIVAN88

            Thank you for the report. I have fixed this online.

            You’ll need to change the /etc/monit/monitrc file at the top to be something like:


            set daemon 60
            set logfile syslog facility log_daemon
            set mailserver SMTP.DOMAIN.COM port 587 username "EMAIL@DOMAIN.COM" password "PASSWORD"
            set mail-format { from: EMAIL@DOMAIN.COM }

          • Ar1sC

            set mailserver SMTP.DOMAIN.COM port 587 username “EMAIL@DOMAIN.COM” password “PASSWORD”
            set mail-format { from: EMAIL@DOMAIN.COM }

            EMAIL@DOMAIN.COM
            Something like admin@domain.com ? or should i make an email only for this?

          • SSULLIVAN88

            It needs to be a real working email address and e-mail server.

          • Ar1sC

            I get ERR_SSL_PROTOCOL_ERROR on this port 2812

          • SSULLIVAN88

            That’s not to do with emails.

            Send me your full monitrc details without these I cannot do anything.

          • Ar1sC

            Can We Talk On The Live Chat?

          • SSULLIVAN88

            Sure

  • Ahsan Habib Khan

    I need to increase the Max file size on phpmyadmin database import section. i use your provided vestacp .sh file to setup my server. can you please help to to increase this ? its 2MB only, I need it 50MB.

    • SSULLIVAN88

      Hi Ahsan,

      You need to edit the value `upload_max_filesize` and `post_max_size` in either one of the following:

      PHP 7: /etc/opt/remi/php70/php.ini

      PHP 5: /etc/php.ini

      • Ahsan Habib Khan

        yes its working. thank you so much for your quick reply.

  • Victoria Fyodorova

    I have a very poor idea about the server management but for a nonprofit religious organization, I have to build a server. Purchased a VPS from contabo. But the issue is, with your provided script my server(24GB RAM-Full SSD) loads like a shared hosting (WordPress- woo commerce), But with server pilot its working great. but the lack of server pilot others advantages I am looking to use Vesta cp. is there any solution for increasing the page load & full utilization of CPU + Ram per visitor. Thanks

    • SSULLIVAN88

      Hi Victoria. Firstly, thank you for using my script. Secondly, the speed issue could be a number of things:

      Are you using PHP 7? If not, please upgrade as this will give you a speed increase almost instantly.

      You might need to increase the memory usage in the php.ini file. This variable is named `memory_limit`. Don’t set it too high or you will experience a slow server when lots of visitors are on your website.

      With WordPress, the best way to test the speed is by logging in, and then logging out. When you are logged out, you can browse the website as a visitor would see it. When you are logged in, it uses more server resources because you’re loading more things (such as plugins, core updates, etc).

      The rest is heavily dependent upon your WordPress install. This script is optimized for smaller websites, not heavy ones. I do however use this on a very heavy WordPress + WooCommerce install with millions of hits and it runs great.

      I would also advise getting some kind of cache script (only non logged in visitors will see the cached result) and the only one I would recommend is called WP Fastest Cache.

  • Guido

    hi

    Thanks for your script. I installed it now with php 7.
    I need install mcrypt and zip php libraries. Opencart requires them…
    Can you help please?

    • SSULLIVAN88

      yum install php70-php-mcrypt php70-php-zip

      • Guido

        thanks!
        it is working now.

        • SSULLIVAN88

          Glad I could help!

        • SSULLIVAN88

          Glad I could help!

  • Guido

    Hi
    sorry for my issues.
    I see an old Monit version installed in your script. Is it possible to install the latest version?
    Or can you say how we can upgrade it, please ?

    Regards

    • SSULLIVAN88

      Unfortunately this is not my script — it’s the CentOS official repo that needs to be updated but they never are really once it’s flagged as stable.

      You would first need to remove the monit package via yum and then install from source to get the latest version.

      What features are in the new version you need?

      • Guido

        I understand it.
        I see many issues fixed in the last versions….so I asked if was possible to update it.
        Thanks for your soon reply.

  • António

    Hi,

    Again great script! Just installed on a new VPS and all looks amazing! Just 3 questions:

    1- How can I enable Monit access to be forced and only by HTTPS/SSL (it can be it’s own self-signed SSL)?

    2- How can I change Monit default admin password?

    Thanks and Keep up the good work! I will now setup a backup mx server using your other tutorial!

    • SSULLIVAN88

      Hi António,

      1) You have to set this up in Monit but you cannot use the normal VestaCP SSL. You would either have to create your own, or use a self-signed certificate. Check this tutorial out: http://terraltech.com/enabling-ssl-in-monit-and-mmonit/

      2) Edit the file /etc/monitrc an you’ll see where you need to change it. It’s on line 6.

      • António

        Thanks a lot for the information! Just one more question:

        I have installed your script on 2 different KVM VPSs and on both all went fine, and all seems to be working properly. But when checking in detail the installation log I saw the following 2 errors during instal on both servers.

        sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument
        sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory

        Are this errors something hat I should fix or worry about? Thanks!

        • SSULLIVAN88

          The “sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument” error is generated by my script.

          Can you open up /etc/sysctl.conf and at the bottom change the line to:

          net.ipv4.ip_local_port_range = 16384 65536

          The second error you can ignore because it was made by VestaCP. it’s currently a valid error. Again, nothing to worry about!

          • António

            Hi,

            About the error “sysctl: setting key “net.ipv4.ip_local_port_range”: Invalid argument” it’s strange because I checked my /etc/sysctl.conf ans the line: “net.ipv4.ip_local_port_range = 16384 65536” is present there. Any idea on why the error shows?

            Also about the SSL error “sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory” I maybe found the solution on the thread: https://forum.vestacp.com/viewtopic.php?t=13171

            I apply what it says on the last comment of that thread:
            touch /usr/local/vesta/data/queue/letsencrypt.pipe
            chmod 750 /usr/local/vesta/data/queue/letsencrypt.pipe

            What do you think? Is this a fix for the SSL error?

            Thanks!

          • SSULLIVAN88

            The “ip_local_port_range”: I thought the error was due to incorrect setting, but I am not sure. It’s either wrong (I don’t think it is), or it’s because your host will not allow you to modify that setting.

            Yes, the SSL fix should work. Don’t forget to set the permissions: https://forum.vestacp.com/viewtopic.php?t=13171#p60644

  • I am getting this errror when trying to add my hostname even though I know it’s pointing correctly to my server
    Error: Hostname does not match IP address yet, please wait otherwise LetsEncrypt will not work.

    • SSULLIVAN88

      Hi Jan,

      Comment out line 20, and uncomment line 19. So the file looks like so:

      IPAddress=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut -f1 -d’/’)
      #IPAddress=$(hostname -i)

      Then re-run the command – that should work.

  • António

    Hi,

    Try today to install on a new VPS and the hostname error equal to @janclaasen:disqus happen to me. I comment out the line 20 and uncomment line 19 and after that problem solved!

    But i’m having another issue: SSL is not installed. The following error shows up when installing:

    Error: Fetching http://server.mydomain.com/.well-known/acme-challenge/F3i7ophCTePP9QYv9x4GoHFYotc85Hxap7zb20C6BUk: Error getting validation data
    sed: can’t read /usr/local/vesta/data/queue/letsencrypt.pipe: No such file or directory
    Generating DH parameters, 4096 bit long safe prime, generator 2
    This is going to take a long time
    …………………………….

    Can you give me any advice on how to resolve this? Thanks!

    • SSULLIVAN88

      Hi Antonio,

      I would wait a few hours and try a fresh install. If Let’s Encrypt cannot create an SSL Certificate then it’s usually because the DNS has not properly propagated around the internet yet.

      • António

        It’s strange because DNS was already changed 48 hours ago and when check on https://www.whatsmydns.net/ it shows that DNS is already propagated.

        Also after the install was made I try to manually install Let’s Encrypt using a different script on this server and it worked out fine. So if the issue was due to DNS propagation it will not work with neither scripts.

        Any way will wait a few more hours and test again.

        • SSULLIVAN88

          You can also run the following commands to get an SSL Certificate on the hostname:

          Replace HOSTNAME with your server’s hostname.

          /usr/local/vesta/bin/v-add-letsencrypt-domain admin HOSTNAME

          If that works as expected, then run the following to secure everything.

          rm -f /usr/local/vesta/ssl/certificate.crt
          rm -f /usr/local/vesta/ssl/certificate.key
          ln -s /home/admin/conf/web/ssl.HOSTNAME.pem /usr/local/vesta/ssl/certificate.crt
          ln -s /home/admin/conf/web/ssl.HOSTNAME.key /usr/local/vesta/ssl/certificate.key
          chown root:mail /usr/local/vesta/ssl/certificate.*

          You will need to restart Vesta, Exim, and Dovecot.

          • António

            SSL still does not work. So I have try your advice and it shows the following. Is this what you mean as work as expected? Or should I make anything different?

            /usr/local/vesta/bin/v-add-letsencrypt-domain server1.mydomain.com
            Usage: v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART] [NOTIFY]

            If I try just with the domain (that is not hosted on this server) it shows the following:

            /usr/local/vesta/bin/v-add-letsencrypt-domain admin mydomain.com
            Error: web domain mydomain.com doesn’t exist

            Thanks

          • SSULLIVAN88

            Your first command should be this:

            /usr/local/vesta/bin/v-add-letsencrypt-domain admin server1.mydomain.com

          • António

            Hi. I made a new a clean installation and now it worked all properly! the change I made was to stop “firewalld” running the command:

            systemctl stop firewalld

            After that your script worked out perfect! Should I also disable firewalld from booting running the commmand:

            systemctl disable firewalld

            Or I can just leave it as it is? I don’t know how CSF will interact with firewalld.

            Once again thanks for all your help! Great script!

          • SSULLIVAN88

            You can run the command to disable it. 🙂

  • Loc Nguyen

    Hello

    I’m using this great script without any problem. But since some days ago, my VPS kept crashing and I can only reboot it to make it available again. After inspection from the VPS provider, they said that the lfd service caused the problem. But I am not sure exactly that how to solve that. It will be crashed again soon. Can you help me ? Thank you very much !

    • SSULLIVAN88

      Hi Loc,

      I need more details about the spec. of your VPS (CPU, RAM, etc). Can you supply me those?

      I find it hard to believe CSF crashes the VPS if the RAM is adequate. Have you checked the logs? Is CSF up-to-date?

      • Loc Nguyen

        Hi Steven

        My VPS has 3GB RAM, 40 GB Storage and 3 Cores CPU. I have just updated the CSF to the latest version (v10.22) but I’m not sure if the problem has been solved or not. If possible, can you have a closer look at my system to inspect the issue ? I’m not an expert in VPS administration. I can provide you the root account to do that. Thank you very much Steven

        • António

          Hi @disqus_3bJgyg8Ptd:disqus

          Can you share what steps/commands did you use to update CSF to latest version? Thanks!

          • Loc Nguyen

            Hi António

            If you are using this server installer script from Steven, it’s easy. Just go to the VestaCP -> CSF -> and press the Upgrade button. This button is available if there’s a new version of CSF.

  • Hi, I’ve been having a hard time loging into phpmyadmin. I am using the username and password used to create the script. I’ve tried loging in as root. No luck any suggestions?

    • SSULLIVAN88

      Hi Jan,

      If you’re logging in as root, it’s going to be the username root and the password you used when installing. You can find out the password of the root user by looking at the file: /usr/local/vesta/conf/mysql.conf

      • Yeah, that’s the thing that has been bothering me. I’ve been using those credentials. I’ve also checked the mysql.conf file and using this. But it instead of logging in or even giving me an error code the page just reloads, regardless of using the right or wrong password? Super strange.

        Update: So after a bit of searching the interwebs I figured out it’s something to do with session folder that’s not writeable. Got no Idea how that happened. I found a few suggestions on fixing this. But it being your script I feel more relax following your suggestion on fixing this.

  • António

    Hi,

    In the past week I have used your excelent script on 3 different VPS servers and all seems to work properly except for one thing: network speed.

    In a simple way, before I run your script I always make 2 different network speed tests to ensure server is working properly. The problem is that after installation the network speed becomes very low. On one of the servers I have already disable the CSF to see if the problem was related with the firewall, but the results are the same.

    Do you have any idea on what may be causing this? Can you test the bellow speed scripts on your server to see if the speed is good?

    The speed tests I use are:

    a) wget freevps.us/downloads/bench.sh -O – -o /dev/null|bash
    b) wget –no-check-certificate bench.sh && mv “index.html” “bench.sh” && chmod +x bench.sh && ./bench.sh

    Thanks!

    • SSULLIVAN88

      The problem is /etc/sysctl.conf

      However it is not a problem. The current config allows for fair network usage across multiple connections, thus slowing it down. If you were to allow one user utilize the entire bandwidth other users/services will see performance issues.

      You would have to read up on sysctl and/or truncate the file so the server defaults.

      • António

        Thanks for the explanation. All my 3 VPS host only one application and they are only used by me.

        Can you tell me what are the specific sysctl.conf lines that I should comment/delete to avoid this issue? Thanks!

        • SSULLIVAN88

          Hi António,

          It’s been a long time since I used sysctl so I do not know the answer. I believe I used a combination of values from best practice tutorials around the Internet, but I can’t remember which values are which. You will have to research by yourself.

          • António

            Ok, I understand. But since I don’t have experience optimizing sysctl.conf can you tell me what lines should I comment on your script in order to ignore the “Step 6 – Hardens the /etc/sysctl.conf file for security” to be ignored during installation?

            Also I have replace the default sysctl with the one I found at: https://gist.github.com/kgriffs/4027835 and with this new config network speed issue seems to be resolved.

          • SSULLIVAN88

            Comment out lines 71-78

            # Harden sysctl.conf

            a=”`netstat -i | cut -d’ ‘ -f1 | grep eth0`”;
            b=”`netstat -i | cut -d’ ‘ -f1 | grep venet0:0`”;
            if [ “$a” == “eth0” ]; then
            curl https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/sysctl.conf-eth0 > /etc/sysctl.conf
            elif [ “$b” == “venet0:0” ]; then
            curl https://vestacp.ss88.uk/VestaCP_Installer/CentOS7/sysctl.conf-venet0 > /etc/sysctl.conf
            fi
            sysctl -p

          • António

            Thank you! Just one final question:

            If I coment the lines 71-78 the sysctl.conf with me generated by default by VestaCP with VestaCP default values, correct? In a simple way, the sysctl.conf will be equal to a default VestaCP install using VestaCP default install script, correct?

            Thanks

          • SSULLIVAN88

            You are correct. It will be the default of a CentOS install as VestaCP does not edit these files.