Hi, I tried installing HestiaCP on 3 different VPS and had the following experiences/issues:
Installed on a KVM NAT VPS running Debian 10. Install script said only 8 and 9 were supported, but it seemed to download the same package, so patched the script and tried again. Script installed nginx and another thing or two and crashed. Ok, Debian 10 isn’t supported, so I’ll just wait, for now I can’t call this a Hestia issue.
Installed on OpenVZ VPS running Debian 9. Installation seemed to complete after a few minutes, but an “ssl-params” was left running hogging all available cpu for several minutes on a somewhat cpu starved system (VPS host gets upset about heavy cpu use). I killed the process, but rebooting the VPS restarted it hogging again. It seems to be part of dovecot so I uninstalled dovecot, which got rid of the immediate issue but I reinstalled the whole VPS just to be sure.
Installed on a new 1gb Vultr high frequency instance running Debian 9. This is a stupendously fast VM, like 5x the speed of the OpenVZ mentioned above. Installation proceeded as before, resulting in ssl-params process hogging cpu for somewhere between 3 and 5 minutes. This is really excessive. It would have been 30+ minutes real time on the slow, overloaded OpenVZ mentioned above, that should have been ok for a simple Hestia instance. I don’t know if it’s a Hestia issue per se or a problem with Dovecot, but web search indicates that Dovecot re-does this procedure every week or so. Whatever it’s doing should be considered broken. I don’t know how or whether to report this to dovecot dev though.
I found I had closed the window where I installed Hestia, so I lost the initial password that I used. Looked at the docs and saw lots of nice command line tools, but no indication how to run them (they were not in PATH, so docs should say where they are). Docs or FAQ should also say specifically how to reset this password. I didn’t bother investigating but simply reinstalled the Vultr instance to try installing Hestia again. I hit a snag or two (not Hestia problems) while doing this so haven’t tested further yet but will do so later.
Thanks for working on Hestia. I’m not really a panel user, but am playing with Hestia because of the recent drama surrounding cpanel that you’ve probably seen.
Followup: I chased down the slow dh_param generation a little more. First, this step took over 10 minutes on the vultr instance when I re-ran it, which is imho completely intolerable for this type of operation. Second, it’s a dovecot utility but it calls the deprecated OpenSSL DH_generate_parameters function which per its documentation “can take several hours”. Looking at the code for that function, it seems at first glance to be using a rather silly (i.e. much slower than necessary) algorithm, though I haven’t completely analyzed it yet. This gets a bit deep into crypto geekery but a few different fixes are in order, both in dovecot and maybe in OpenSSL itself. I can bring it up with the OpenSSL devs. I’m less familiar with the dovecot world but will check into it.