Installing for the first time a Hestia panel on Debian 11, on my own.
I don’t have much sysadmin knowledge, so I’ll ask around:
I have installed Hestia with :
bash hst-install.sh --interactive no --email
[email protected] --password p4ssw0rd --hostname hostname.domain.tld -f
I have installed memcached and opcache (nginx)
And I have my control panel working. I have installed my website and everything seems to work fine.
Should I install something else to improve performance, security or …something?
Thanks (I’m a newbie)
Customize fail2ban rules to match your apps. Whitelisting is done there too.
Try 7g firewall.
Set the limits to emails sent.
Set the firehol blacklist IP set in the firewall.
Don’t use the admin user for hosting. Create a new user.
March 4, 2023, 1:34pm
To be honest with you - hestiaCP out the box very secure, fast, and good.
If you have no sysadmin knowledge, why need to install something else if you do not understand for what do you need that and why?
Thank you for your answers.
Well, I wanted to know if everything will be safe in my new hestia panel with the basic installation or if on the contrary, it is recommended to install something else.
First thing i have done is setup block list in the firewall page, also blocked regions i dont need (basically everything outside the EU) as i host from home and just a couple of personal sites.
I white list my local ip ( my pc and laptop) i use to access the panel and website admin pages etc in the fail2ban configuration.
I tend to look for regular ip addresses that are blocked and block them in the firewall.
Disable the admin account or disable admin access or what ever the option is and use a user to host sites and email for a domain.
Use f2a on hestia accounts.
Thats all i can think of, its pretty secure but there will aleays be attempts on your system as soon as you open ports.
I bought a router with 2way ips (intrusion prevention system) such as asus AIprotect, that stops access from known malicious sources and stops me from accessing know malicious websites etc.
The 2wayips system uses trendmicro on asus routers.
I run hestia on a vm that i backup regular so if the worst happens i just restore and change all passwords.