Introduction
The Hestia Control Panel is a powerful, open source web hosting control panel with website, email, database, and DNS functionalities designed for Debian and Ubuntu. With the help of Hestia, system administrators can easily perform many system management tasks in a single place.
Prerequisites
- A new Vultr Ubuntu 18.04 x64 server instance with at least 512 Mb of memory. A modified system may not install properly.
- The server instance has a static public IP address
203.0.113.1. - A domain name
example.comhas been configured to point to the server. - The server’s FQDN should be different from its hostname. For example, hostname and FQDN are
hcpandhcp.example.comrespectively. - SSH to the server as root.
- The server is up to date with the latest package versions.
1. Install Hestia Control Panel
Install the ca-certificate package.
# apt-get update && apt-get install ca-certificatesDownload the official Hestia installation script.
# wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.shRun the installer.
# bash hst-install.shThe installer may detect conflicting packages.
Would you like to remove the conflicting packages? [y/n]If so, type Y and Enter.
After performing the initial dependency checks, the script will ask for confirmation to begin the main installation.
Would you like to continue with the installation? [Y/N]:Enter Y and Enter again.
Enter your email address and domain name.
Please enter admin email address: admin@example.com
Please enter FQDN hostname [vultr.guest]: hcp.example.comThe installation script automatically downloads and installs all required dependencies, including Nginx, MariaDB, PHP, and more. When complete the script displays:
Ready to get started? Log in using the following credentials:
Admin URL: https://hcp.example.com:8083
Username: admin
Password: [password redacted]
...
Do you want to reboot now? [Y/N]Save your credentials for future reference, then type Y and Enter to reboot system.
2. Install Let’s Encrypt SSL Certificate
SSH to the server as root and run the following:
# v-add-letsencrypt-hostIf successful, nothing will be displayed on the screen.
3. Access Hestia From a Web Browser
After the system restarts, access Hestia Control Panel at https://hcp.example.com:8083.
Additional installation notes:
To perform an unattended installation with default options:
bash hst-install.sh -f -y no -e admin@example.com -p [your password] -s hcp.example.comStep Five — Configure SSH Daemon
Now that we have our new account, we can secure our server a little bit by modifying its SSH daemon configuration (the program that allows us to log in remotely) to disallow remote SSH access to the root account.
Begin by opening the configuration file with your text editor as root:
nano /etc/ssh/sshd_config
Next, we need to find the line that looks like this:
/etc/ssh/sshd_config (before)
PermitRootLogin yes
Here, we have the option to disable root login through SSH. This is generally a more secure setting since we can now access our server through our normal user account and escalate privileges when necessary.
Modify this line to “no” like this to disable root login:
/etc/ssh/sshd_config (after)
PermitRootLogin no
Disabling remote root login is highly recommended on every server!
When you are finished making your changes, save and close the file using the method we went over earlier (CTRL-X, then Y, then ENTER).
Step Six – Reload SSH
Now that we have made our change, we need to restart the SSH service so that it will use our new configuration.
Type this to restart SSH:
service ssh restart
Now, before we log out of the server, we should test our new configuration. We do not want to disconnect until we can confirm that new connections can be established successfully.
Open a new terminal window on your local machine. In the new window, we need to begin a new connection to our server. This time, instead of using the root account, we want to use the new account that we created.
For the server that we showed you how to configure above, you would connect using this command. Substitute your own user name and server IP address where appropriate:
ssh demo@SERVER_IP_ADDRESS
Note: If you are using PuTTY to connect to your servers, be sure to update the session’s port number to match your server’s current configuration.
You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.
Remember, if you need to run a command with root privileges, type “sudo” before it like this:
sudo command_to_run
If all is well, you can exit your sessions by typing:
exit