Skip to main content

Posts

How to Install Vesta Plugin "Tools" ?

A found a plugin for VestaCP named "Tools". This tool currently lets you view all the users, mail domains, cron jobs, databases, and more in one global view without having to login to each individual user.
# wget https://raw.githubusercontent.com/SS88UK/VestaCP-Tools-Plugin/master/Install_Tools.sh -O ./Install_Tools.sh # chmod 777 ./Install_Tools.sh # sudo ./Install_Tools.sh Open the Configuration file and Add the Following Code that mentioned snapshot
# vi /usr/local/vesta/web/templates/admin/panel.html Source Details:
https://forum.vestacp.com/viewtopic.php?t=12819

How to Strengthening Nginx Security and Website Security Headers with SSL?

Using a SSL certificate that doesn't mean you are secure, but there is a lot more to Strengthening Web Site Security. Whilst most people are happy with just having their site running under SSL after successfully figuring out how certbot and Let’s Encrypt works.

Strengthening Web Site Security is very easy as it only requires you to set up what is called a Content Security Policy (CSP).
What a Content Security Policy does is tell a browser what external resources can be loaded within your site without being regarded and Non-Secure Origins. It’s an essential part of good security especially when it comes to SSL.
But Strengthening Web Site Security does not stop there as there are additional server headers that need to be implemented to prevent cross browser sniffing, people loading parts of your site with a frame in their site and what is called an XSS header which prevents cross scripting attacks from browsers and then also a strict transport security header called HSTS.
To check th…

How to Change Admin Port for Vesta Admin Control Panel?

I will show you  how to change the default Vesta port from port 8083 to port 2087. You could change your port number to any other number. I will use 2087 port because Cloudflare supports that port in their free subscription. So I can protect my server from DDOS Attack using Cloudflare Free Subscription.

In brief the steps to change your port are:
Add the new port(2087) on VestaCP firewallEdit Nginx to Listen to the new portRestart vestaDelete the old port, 8083 . I am not using VestaCP firewall, I am using CSF firewall to my Vesta Control Panel. So I not showing you Step 1.
2.Edit Nginx to Listen to the new port
# vi /usr/local/vesta/nginx/conf/nginx.conf

How to enable http2 and Secure Server FQDN for VestaCp in Ubuntu 16.04 L.T.S?

We have already secure nginx and vesta-nginx using Let's Encrypt SSL in our previous tutorial. Now it is very important to secure Server FQDN where my Server FQDN is mail.datahead.biz. At first I will enable http2  then i will redirect all http request to https.
1. At first Enable http2 in server block
# vi /home/admin/conf/web/mail.datahead.biz.nginx.ssl.conf server { listen 192.146.82.3:443 ssl http2; server_name mail.datahead.biz ; server_tokens off; root /home/admin/web/mail.datahead.biz/public_html; index index.php index.html index.htm; access_log /var/log/nginx/domains/mail.datahead.biz.log combined; access_log /var/log/nginx/domains/mail.datahead.biz.bytes bytes; error_log /var/log/nginx/domains/mail.datahead.biz.error.log error; #ssl on; ssl_certificate /home/admin/conf/web/ssl.mail.datahead.biz.pem; ssl_certificate_key /home/admin/conf/web/ssl.mail.datahead.biz.key;2. Redirect all http request…

How to Harden Vesta Nginx with Let's Encrypt SSL Certificate ?

Nginx 1.17.10 working as a reverse proxy for Vesta Admin Control Panel where it is installed as nginx-vesta. You can check the vesta-nginx version:
# /usr/local/vesta/nginx/sbin/vesta-nginx -v nginx version: nginx/1.12.2 Vesta Nginx Location
# cd /usr/local/vesta/nginx Take Backup vesta-nginx configuration file
# cd /usr/local/vesta/nginx/conf # cp -a nginx.conf nginx.conf-bak 1. Replace the below code 
# vi /usr/local/vesta/nginx/conf/nginx.conf # SSL PCI Compliance ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_session_cache shared:SSL:10m; ssl_prefer_server_ciphers on;With
# SSL Settings #ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2 ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 #ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ciphers ECDHE-RSA-AES256-GC…

How to Harden Nginx with Let's Encrypt SSL Certificate and get A+ Score from Qualys Lab ?

I have written those article previously for CentOS Web Panel for both Nginx + Varnish + Apache + PHP-FPM & Apache server only.
Source Details:
1. Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working
2. Install Let'sEncrypt for Admin Panel & User Panel Again, 100% Working
My Certificate Score after SSL hardening:

There are some changes needed for both article that i mentioned above. I will do it later for CentOS Web Panel. Now I have started to like VestaCP which is very lightweight control panel and It has many templates based on nginx for many CMS. I am using Nginx+PHP-FPM on Ubuntu 16.04 L.T.S . I have added 4096 bits Let's Encrypt SSL for VestaCP Admin Panel which is working perfectly and no warning getting from any browser.
Article : How to Configure 4096 bits Let's Encrypt SSL for VestaCP Control (Admin) Panel?

Using a SSL certificate that doesn't mean you are secure. You have to harden(secure) your SSL configuration. My default SSL…

How to Configure 4096 bits Let's Encrypt SSL for VestaCP Control (Admin) Panel?

VestaCP uses self-sign certificates for VestaCP control panel for login url and you will get warning from your browser. We will generate 4096 bits Let's Encrypt SSL VestaCP Control Panel.
It's very easy process to generate the SSL certificate for VestaCP Control Panel.
We will link the SSL certificate for Server FQDN that will use for login to VestaCP Control Panel.
# mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.crt.old # mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/certificate.key.old # ln -s /home/admin/conf/web/ssl.mail.datahead.biz.pem /usr/local/vesta/ssl/certificate.crt # ln -s /home/admin/conf/web/ssl.mail.datahead.biz.key /usr/local/vesta/ssl/certificate.key # reboot