We have Sieve build in…
FWIW, when I tried shared hosting at a2hosting in late '21, it came with imunify, which was like a ghost in the machine, not only intercepting my calls to my web pages from my web browser, thus sharing my (unpublished) web addresses with google, and also making it impossible to stay logged in to roundcube, but it even messed with (clobbered) age-old standard *nix environmental variables as seen by my age-old perl scripts. Sometimes the script would see that it was being called from my actual IP address, sometimes it would see that it was being called from 127.0.0.1. IMHO, a true computing abomination; a cure (and attack surface) that’s worse than whatever it’s supposedly curing.
1 Like
Thanks for your quick response. But I do not understand; [how] does “We have Sieve build in…” help me? (this newbie still can not even tell if spamassassin is doing anything…)
Why must hestia things be so cryptic??? (like, for example, having “RRD” as the title for the “Task Monitor” web page…) I do understand and appreciate that you view the hestia world from the other side of the looking glass, but that is a 2-way street, and thus greater reciprocity (and even a hint of explanation/direction/detail) in your response would be very greatly appreciated.
Maybe I’m just suffering from hardening of the brain; I guess I do not enjoy receiving additional clues/puzzles nearly as much as I used to? Sorry… 
Thanks for the much better clue!
why is this a manually-installed ‘upgrade’ and not always part of hestia? (huge system resource requirements? is it buggy?)
are there any instructions/advice/faq anywhere? A screen shot of what the finish line looks like, or how it shows up (in hestia?)?
Or is it just plug and pray, and I shouldn’t even try to look before I leap?
Hello @new2vps,
Each panel has its own objectives and its own audience.
There is an option to include it when installing Hestia: Install | Hestia Control Panel
Feel lucky that there is a script to add sieve after installation 
You won’t see it in Hestia Web UI, you will see it on webmail.
If you are using Roundcube: Settings → Filters
Cheers,
sahsanu
1 Like
Because not every “Setup” want / needs it so it is additional… As it als takes extra resources …
1 Like
I would like to suggest one option to add in next update.
“PowerDns resolver” during installation with complete automatic basic setup.
I know we can add this directly if we needed but if this added during installation then it’s really helpful and because of this lots of mail related problem is easy to solve.
This feature I seen in Cyberpanel installation, they give option to add powerdns during fresh setup.
I’ve put in VSCode in a heavily modded, NodeJS enabled version; but personally I’d like to see Tiny File Manager. It’s simple, clean, and more full featured than the current file manager.
3 Likes
I don’t know how hard would be to implement Tiny File Manager into Hestia but I didn’t know it and I love it
3 Likes
how do we get our hands on this heavily modded one 
It’s only in semi-beta and NOT for production/live servers. Or at least I couldn’t recommend it. I am working on a with plugin to accompany it in the future for maybe live server use.
It’s apart of the heavy mods “pluginabke” project I’m playing with:
Use it your own risk.
2 Likes
working on my own modification as well.
so far i have.
nodejs from quick install with git clone , pm2 as well.
laravel + github
codeigniter + github
docker.
another option to add reverse proxy incase u still need to run something manually just forward its reverse proxy port.
all the nodejs/docker/reverseproxy are using a single template and autodetecting ports.
its still under development , all features are working but still testing heavily with my team to make sure all bugs are squashed before we move for production.
It would be convenient to be able to restrict access via htpasswd in the hestia web interface, as implemented by the ISP panel. In the current version, after each update, we have to fix the nginx template. In the firewall settings, we need the ability to configure for individual sites (for example, there may be a working project and a demo project in development in the panel, there is no possibility to restrict access to the demo project)
If access to a website need to be configured via htpasswd should be done via edit web and not via the firewall settings… Normal users won’t have access to it.
Feel free to submit a PR for it it only needs an UI via CLI it is already possible to do for the domain level…
For the panel feel free to add a PR so it can be intergrated … It is opensource for a reason…
I never had any issues with any attack via the panel it self. Users are banned after 5 failed attacks. Password restore function can be disabled or only valid for 15 min so good luck a 13 character long password…
And 2FA can be enabled if needed…
I meant access not to the panel itself, but to the sites. For example, block access to everyone except developers by ip. It will also help to restrict access from scanning robots that ignore the ban in robots.txt
I often use htpasswd blocking to block the admin panel of the site, but after each hestia update I have to fix the nginx template(((
We have support for iplist so if you want to create a white it should be possible:
For example I only allow access from the NL … to Hestia…
1 Like
You don’t quite understand. I have a VPS with hestia (cp.wordpress.com ), on which the site 1 is installed wordpress.com , there is a copy of this site dev.wordpress.com . Through hestia, I can’t restrict access only to dev.wordpress.com (as I understand it, through lists of ip addresses, they are blocked to all projects at once: cp.wordpress.com/ wordpress.com/dev.wordpress.com ) Also, for security reasons, I am blocking WordPress.com
You talked about Hestia access then you can use ip list
For dev.wordpress.org only method is hard code in nginx templates…
so basically create a clone nginx template and add whitelist ips on it, and use it for all dev projects?