Very impressed with the fork, genuine thanks to all involved.
Having time to review my serving options I have recently built 2 test servers with Hestia using -
Cloudflare & various Registrar DNS managers - obviously new users need knowledge of Networking & DNS to even be here.
Linode 2GB VPS
Deb 10.3
Minimal install - LEMP (multi php) with exim and firewall options
Imported Vesta Backups and manual rebuilds from backups
Mostly Wordpress and Joomla Sites
3 very minor issues:
FRUSTRATING for new user - The install script password setting didn’t work - easy workaround with the CLI command - /usr/local/hestia/bin/v-change-user-password - Docs update maybe would help save time.
On each reboot slightly worrying email (yay exim works) about sshd didn’t restart - it’s a boot timing issue according to forum posts - not a problem with sshd configuring and service restarts etc…
2FA - First attempt didnt generate QR - v-delete-user-2fa XXX - fixed that - Second attempt got the QR code but then again no code input field from Auth app - I need this to work ASA
All in all very impressed with the panel, docs and forum.
As you already wrote, this is a known issue - we plan to add a delay on boot to prevent the message.
I just checked and can confirm, that 2FA is working properly on v1.1.1. If you follow the docs, a QR Code will be shown in user settings: Getting Started | Hestia Control Panel
After that, you need to logout - as soon as you enter the username (the field needs to be clicked in and clicked out to start the js validation part) and tab out to password, it will show you the 2FA field.
Regarding point nr.1: To be clear, the password set during the installation did not work right after and you had to reset it with v-change-user-password?
Yes the 2fa field does appear using Tab, this step is not intuitive though. I’ll try to contribute to the Docs project.
After that 1 slight niggle with 2fa - If I turn on 2fa for 2 accounts (say admin & unpriv) there is no difference in Authenicator, i.e. they both show the hostname and not the user email as would normally be the case.