Hestia CP — это панель управления с открытым исходным кодом.
Установка
Установка Docker
Ubuntu
1)
`#Install docker` sudo apt install docker.io -y
`#Start docker` sudo systemctl start docker
`#Autostart docker` sudo systemctl enable docker
`#Freeing port 53` sudo systemctl stop systemd-resolved && sudo systemctl disable systemd-resolved && sudo rm /etc/resolv.conf && sudo echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" >> /etc/resolv.conf && sudo sed -i 's/main]/main] \ndns=default/' /etc/NetworkManager/NetworkManager.conf && sudo service network-manager restartCentOS
1)
`#Install docker` yum install docker -y
`#Start docker` systemctl start docker
`#Autostart docker` systemctl enable docker
`#Freeing port 25` systemctl stop postfix && systemctl disable postfix Fedora
1)
`#Install docker` sudo dnf install docker -y
`#Start docker` sudo systemctl start docker
`#Autostart docker` sudo systemctl enable docker
`#Switch to cgroup v1` sudo dnf install grubby -y && sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
`#Reboot system` rebootСкачать Control Panel
2) sudo docker pull smied/hestia-cp:latest `#Download/update image`Установка панели управления на Ubuntu/CentOS/Fedora
Используя сеть docker (вы не увидите реальный ip пользователей, но можете удобно переназначить порты)
3.1) sudo docker network create `#Docker network for made static ip of container` \
--driver=bridge \
--subnet 10.1.0.0/16 \
--ip-range 10.1.1.0/24 \
--gateway=10.1.0.1 \
Docker_Networkили в одной строке
3.1) sudo docker network create --driver=bridge --subnet 10.1.0.0/16 --ip-range 10.1.1.0/24 --gateway=10.1.0.1 Docker_Network3.2) sudo docker run -d \
--privileged `#(For iptables work)` \
--name=Hestia-CP -e TZ=Europe/Moscow --restart=always `#Set your time zone` \
--hostname cp.yourdomain.com `#Set your hostname` \
--network Docker_Network --ip=10.1.1.30 \
-p 8083:8083/tcp -p 23:23/tcp -p 80:80/tcp -p 443:443/tcp -p 20:20/tcp -p 21:21/tcp -p 12000-12100:12000-12100/tcp -p 25:25/tcp -p 53:53/udp -p 53:53/tcp -p 465:465/tcp -p 587:587/tcp -p 110:110/tcp -p 993:993/tcp -p 995:995/tcp -p 143:143/tcp -p 3306:3306 \
--volume Hestia-home:/home -v Hestia-usr:/usr -v Hestia-backup:/backup -v Hestia-etc:/etc -v Hestia-var:/var `#(For backup work)` \
--tmpfs /tmp --tmpfs /run --tmpfs /run/lock `#(For systemd work)` \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro `#(For systemd work)` \
smied/hestia-cp:latestили в одной строке
3.2) sudo docker run -d --privileged --name=Hestia-CP -e TZ=Europe/Moscow --restart=always --hostname cp.yourdomain.com --net Docker_Network --ip=10.1.1.30 -p 8083:8083/tcp -p 23:23/tcp -p 80:80/tcp -p 443:443/tcp -p 20:20/tcp -p 21:21/tcp -p 12000-12100:12000-12100/tcp -p 25:25/tcp -p 53:53/udp -p 53:53/tcp -p 465:465/tcp -p 587:587/tcp -p 110:110/tcp -p 993:993/tcp -p 995:995/tcp -p 143:143/tcp -p 3306:3306 --volume Hestia-home:/home -v Hestia-usr:/usr -v Hestia-backup:/backup -v Hestia-etc:/etc -v Hestia-var:/var --tmpfs /tmp --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro smied/hestia-cp:latestИспользуя хост-сети (вы увидите реальный IP-адрес пользователей, но не сможете удобно переназначить порты)
3.1) sudo echo -e "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf && sysctl -p /etc/sysctl.conf3.2) sudo docker run -d \
--privileged `#(For iptables work)` \
--name=Hestia-CP -e TZ=Europe/Moscow --restart=always `#Set your time zone` \
--hostname cp.yourdomain.com `#Set your hostname` \
--network host \
--volume Hestia-home:/home -v Hestia-usr:/usr -v Hestia-backup:/backup -v Hestia-etc:/etc -v Hestia-var:/var `#(For backup work)` \
--tmpfs /tmp --tmpfs /run --tmpfs /run/lock `#(For systemd work)` \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro `#(For systemd work)` \
smied/hestia-cp:latestor in one line
3.2) sudo docker run -d --privileged --name=Hestia-CP -e TZ=Europe/Moscow --restart=always --hostname cp.yourdomain.com --network host --volume Hestia-home:/home -v Hestia-usr:/usr -v Hestia-backup:/backup -v Hestia-etc:/etc -v Hestia-var:/var --tmpfs /tmp --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro smied/hestia-cp:latestCron
4) `# Add admin default cron to your system`
(crontab -l 2>/dev/null; echo '00 6 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-hestia-all"') | crontab -
(crontab -l 2>/dev/null; echo '*/5 * * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-rrd"') | crontab -
(crontab -l 2>/dev/null; echo '20 00 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-user-stats"') | crontab -
(crontab -l 2>/dev/null; echo '10 05 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-backup-users"') | crontab -
(crontab -l 2>/dev/null; echo '*/5 * * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-queue backup"') | crontab -
(crontab -l 2>/dev/null; echo '30 03 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-queue webstats"') | crontab -
(crontab -l 2>/dev/null; echo '10 00 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-queue traffic"') | crontab -
(crontab -l 2>/dev/null; echo '15 02 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-queue disk"') | crontab -
(crontab -l 2>/dev/null; echo '10 00 * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-queue daily"') | crontab -
(crontab -l 2>/dev/null; echo '*/2 * * * * sudo -u root docker exec Hestia-CP su - admin -c "sudo /usr/local/hestia/bin/v-update-sys-queue restart"') | crontab -Использование
5) Open in browser - https://<yourip>:8083/Панель управления
login: admin
mail: [email protected]
password: changethispassword
host: localhost.localdomainSSH
ssh [email protected]<yourip> -p 23root password: changethispasswordHestia CP
Быстрый доступ:
Data base web access:
https://<YourSite>/phpmyadmin/
(Opens for any your site/Access for all databases):
Web Mail:
https://webmail.<YourSite>/ or alias https://mail.<YourSite>/
(Opens for any your site where enabled mail authorization works for all mail accounts added in Control Panel)
Stats:
https://<YourSite>/vstats/
(Opens for any your site where enabled stats/Stats for only this site)
(You must enable the password so that no one else can access the statistics)Mail:
Username: Email address - <Yourmail> / Email address and Site - <<Yourmail>.<Yoursite>>
IMAP/POP3, SMTP Hostname: mail.<YourSite> (not imap.<YourSite>/pop.<YourSite>, smtp.<YourSite>)
IMAP - Incoming mail server
143 - No secure
143 - STARTTLS
993 - SSL
POP3 - Incoming mail
110 - No secure
110 - STARTTLS
995 - SSL
SMTP - Outgoing mail server
25/587 - No secure
Auto - STARTTLS
465 - SSL/TLSFTP:
ftp.<YourSite>:21
or
<YourIp>:21MySQL
see root password:
cat /usr/local/hestia/conf/mysql.confSettings:
- 1 Site on multiple domains or subdomains:
1) Add site test1.com 2) Add aliases sub.test2.com
And the site test1.com will be available at sub.test2.com
- Catch all email:
MAIL — [domain] — Edit domain mail — Catch-All Email
- Subdomain:
Just add site like subdomain.mysite.com
- Control panel as a subdomain and use in subdomains other services like gitlab:
Use Nginx proxy manager or Traefik
Nginx proxy manager
1) docker run -d \
--name=Proxy-Manager \
--network host -e TZ=Europe/Moscow --restart=always \
-e DB_MYSQL_HOST=IP -e DB_MYSQL_NAME=Proxy-Manager -e DB_MYSQL_USER=DataBaseUser -e DB_MYSQL_PASSWORD=Password -e DB_MYSQL_PORT=3307 \
--volume /Docker/Proxy-Manager/data:/data --volume /Docker/Proxy-Manager/letsencrypt:/etc/letsencrypt \
jc21/nginx-proxy-manager:github-real_ipdocker cp Proxy-Manager:/app/config/default.json /root/default.json
cp default.json production.json
rm default.json
Change base in production.json
docker cp production.json Proxy-Manager:/app/config/production.jsonInfo
Used ports:
81, 80, 443
Email: [email protected]
Password: changeme
Clean logs
0 * * * * rm -rf /Docker/Proxy-Manager/data/logs/*Config
HTTPS
proxy_set_header Accept-Encoding ""; # no compression allowed
sub_filter "https://" "https://";
sub_filter_once off;Real IP
proxy_set_header X-Real-IP $remote_addr;Other
Change default passwords
root:
echo 'root:yournewpassword' | chpasswd
admin:
echo 'admin:yournewpassword' | chpasswdCron
View CRON tasks for different users:
crontab -u root -l #standard system user
crontab -u admin -l #standard control panel user
crontab -u hosting -l #example user of control panelRights:
| root | sudo | without sudo |
|---|---|---|
| command | + | + |
| command run script | + | + |
| cron run script | — | — |
| admin | sudo | without sudo |
|---|---|---|
| command | + | + |
| command run script | + | — |
| cron run script | — | — |
| hosting | sudo | without sudo |
|---|---|---|
| command | — | + |
| command run script | — | + |
| cron run script | — | — |
| System to Docker | sudo | without sudo |
|---|---|---|
| command | + | — |
| command run script | + | — |
| cron run script | + | — |
Example
System to Docker:
0 * * * * * sudo -u root docker exec Hestia-CP su - hosting -c "/bin/bash /home/hosting/web/Script.sh |& tee -a /home/hosting/web/Script.log"Also:
* Get access to the terminal as user of Control Panel
Edit user in Control Panel settings (system /etc/passwd)
* Should always specify the full path (Home folder for terminal commands /usr/local/hestia/bin/)
Example:
hosting example user: /bin/bash /home/hosting/web/Script.sh |& tee -a /home/hosting/web/Script.logLogs
See system logs inside the container:
cat /var/log/syslog
See the CRON logs:
grep CRON /var/log/syslogBackup
/var/lib/docker/volumes/Hestia-home #/home - Websites
/var/lib/docker/volumes/Hestia-usr #/usr - Control panel (/usr/local/hestia)
/var/lib/docker/volumes/Hestia-backup #/backup - Backups
/var/lib/docker/volumes/Hestia-etc #/etc - Configs
/var/lib/docker/volumes/Hestia-var #/var - Logs: system (/var/log/syslog), control panel (/var/log/hestia/)
After restore:
1) Update password
admin:
echo 'admin:yournewpassword' | chpasswd
2) Update access to the terminal as user of Control Panel if this was usedHestia CP Копии
v-restore-user USER BACKUP [WEB] [DNS] [MAIL] [DB] [CRON] [UDIR] [NOTIFY]
Пример:
Востановить WEB каждые 15 минут (Для демо сайта)
*/15 * * * * sudo -u root docker exec Hestia-CP su - root -c "/usr/local/hestia/bin/v-restore-user user user.xxxx-xx-xx_xx-xx-xx.tar 'site.com' no no no no no no"Удаление
1) docker exec Hestia-CP bash -c 'userdel -rfRZ admin' && docker container rm --force Hestia-CP
2) mv /var/lib/docker/volumes/Hestia-home/ /tmp && docker volume rm --force Hestia-usr && docker volume rm --force Hestia-backup && docker volume rm --force Hestia-etc && docker volume rm --force Hestia-var && rebootОшибки
| Ошибка | Решение |
|---|---|
| 502 | Перезагрузите контейнер |
| При обновлении панели управления пароль администратора сбрасывается по умолчанию | Не используйте cron «/usr/local/hestia/bin/v-update-sys-hestia-all» |
| Не удается удалить volume Hestia-home | mv /var/lib/docker/volumes/Hestia-home/_data /tmp && reboot |
Если вы нашли ошибку, пожалуйста, выделите фрагмент текста и нажмите Ctrl+Enter.
Спасибо за статью!
Подскажите как правильно «завернуть» в docker-compose и связать с Nginx Proxy Manager. Заранее спасибо.
1) Создайте docker-compose nano docker-compose.yml 2) Вставьте следующее version: '3' services: nginxproxy: container_name: Proxy-Manager image: jc21/nginx-proxy-manager:github-real_ip volumes: - /Docker/Proxy-Manager/data:/data - /Docker/Proxy-Manager/letsencrypt:/etc/letsencrypt \ restart: always network_mode: host environment: TZ: Europe/Moscow DB_MYSQL_HOST: IP DB_MYSQL_NAME: Proxy-Manager DB_MYSQL_USER: DataBaseUser DB_MYSQL_PASSWORD: Password DB_MYSQL_PORT: 3307 hestiacp: privileged: true container_name: Hestia-CP hostname: 'cp.yourdomain.com' image: smied/hestia-cp:latest volumes: - Hestia-home:/home - Hestia-usr:/usr - Hestia-backup:/backup - Hestia-etc:/etc - Hestia-var:/var - /sys/fs/cgroup:/sys/fs/cgroup:ro restart: always network_mode: host environment: TZ: Europe/Moscow tmpfs: - /tmp - /run - /run/lock volumes: Hestia-home: Hestia-usr: Hestia-backup: Hestia-etc: Hestia-var: 3) Запускайте docker-compose -f docker-compose.yml --project-name WEB-Server up -d 4) Поменять порты в контейнере Hestia-CP docker exec -ti Hestia-CP… Подробнее »
How to Configure Nginx to Execute PHP Using PHP-FPM (remove apache2)?