In our previous two articles, we explained how to create and configure a Linux computer. In this article, we will summarize how to use your secure Linux computer to create your own secure Debian VPS and then install the Hestia Control Panel on it.
Why Canhost is the Best Option for Hosting your Social Network
I have written a detailed article explaining why I recommend Canhost to host your VPS. Here is a link to this article:
In a nutshell, due to the Draconian Patriot Act, it is not secure to host your social network VPS on any server located in the US. It is also essential to use a VPS host with an easy graphical DNS Manager. Finally, it is important to use a VPS host that is not so small that they may go out of business but also not so large that they will have poor customer service. CanHost is located in Canada, has excellent customer service and uses an extremely easy DNS Manager.
Step 1: Use a Secure Linux Computer
Do not use a Windows or Apple computer as using either will compromise your CanHost account security.
Step 2 Use a Secure ProtonMail Email address
Do not use a Gmail address as it is not secure. You will be sent your initial password via email and it is therefore essential to use a secure Proton Mail email address. Also do not use a Windows computer to get your Proton Mail account as your Windows computer is simply not secure. Set up a Linux Laptop first. Then use your secure Linux laptop to get your secure Proton Mail account.
Step 3 Create an Account at Canhost
To register for an account, use your secure Linux computer to open a web browser. Then go to the Canhost Home page: https://www.canhost.ca/
Click Log In in the top menu. Then click Sign Up.
Use your secure Protonmail email address to create your CanHost account. Do not use Gmail or any other insecure email address. Also use a password that is at least 10 digits long with at least one capital letter, one lower case letter, one digit and one special character.
Step 4 Use your Canhost account to get a new domain name hosted by CanHost to use for your VPS name server
Alternately you can transfer a domain name to Canhost. However, because the domain name should be directed to CanHost servers, you will also need to transfer the files and database to CanHost if you want to use an existing domain name.
While you can use any domain name, such as mynetwork.com - or subdomain name, such as friends.mynetwork.com, it is not possible to change the domain name later. Therefore give some thought to this question.
In our example, we have obtained two primary domain names. The first is called Better Future Network dot com. The second is called Better Network dot us. Each domain name costs about $12 per year or $1 per month.
However, you could use the same domain name for all three by using the subdomain ns1.yourwebsite.com for your server, yourwebsite.com for your Joomla website and a different sub-domain, for example, friends.yourwebsite.com for your social network. This will allow us to later create a number of sub-domains such washington.betternetwork.us. In order to eventually set up a statewide or national network of Freedica websites to provide folks with an alternative to Facebook and Twitter.
Before you order your Virtual Private server, your domain name should initially point to the Canhost servers.
Eventually, you should transfer all of your domain names to Canhost in order to use the Canhost DNS Manager to point these domain names to your Canhost VPS.
Step 5 Order a Debian 12 VPS with at least 4 GB of RAM
Once you have your CanHost domain name, from the Canhost Home page, click Hosting, Canadian VPS. Then click VPS EXPRESS 2.
Change the Currency to US. Change the Operating System from CentOS 8 to Debian 12. Change Control Panel from cPanel to No Control Panel.
For Hostname, type ns1.yourdomain.com where yourdomain.com is a domain name pointing at the default Canhost servers.
For System Username, use a name with lowercase letters and no spaces. Use a password has at least 10 digits long with at least one capital letter, one lower case letter, one digit and one special character. Write down your VPS username and password as you will need both to log into your VPS server!
The monthly fee for this VPS is about $19 US Dollars. The DISC space is 40 GB.
Leave the remaining boxes including the SSH box empty and click Continue. Pay for the VPS and wait a few hours. You will get an email letting you know your two custom VPS IP addresses.
Once you have received your VPS confirmation email, log into your Canhost account and click on Client Area, Services.
Click on the word Active to view the VPS summary. The Server Hostname should read ns1.yourdomain.com. This is your server Fully Qualified Domain Name (FQDN) we will use when installing the Hestia Control Panel. Below the FQDN is your primary IP address we will use to SSH into your VPS after we have changed the DNS records. Below this is the Reinstall Icon you can use if you make a mistake and need to start over.
Step 6 Change your server domain name DNS Records
Once you know your VPS primary IP address, log into your Canhost account and click Domains, My DNS. Then click on the Edit button to the right of your server domain name to view your domain name DNS records. In our example, the server domain name is Better Future Network.com.
Change the IP addresses of the first four A Records
At the top of the Records table, there are four A records which all point to the Canhost IP address. In the RDATA column, fully delete the Canhost IP addresses. Then copy paste your primary IP address in all four boxes. Then click Save and the bottom of the screen.
Create A records for ns1 and ns2
ns1 and ns2 are sub domains of our primary domain. For example, if your domain is example.com and you want to name your server ns1.example.com, then create the A record for ns1 in the example.com DNS zone pointing to your VPS primary IP address. To create an A Record, click Create Record. Then change the record type to an A record and type ns1 for the name.
Copy paste your VPS Primary IP address and put it in the RDATA box. Then save and close the file and repeat to create an A record for the sub domain ns2.
Create two CAA records
Create CAA records by clicking on Add Record. Use the Type drop down arrow to choose CAA.
Then type your domain name such as mywebsite.com into the Name box. Type the number 0 into the Flag box and the word issue into the Tag box. Then type the domain name letsencrypt.org into the Target box. Then click Add Record. Then click Add Record again and create a second CAA record with the Tag issuewild.
Here are my records for my domain name collegeintheclouds dot com. Note that there are A records for ns1 and ns2. that point to my primary IP address. Also there are two CAA records:
Leave the Canhost DNS records at the bottom of the DNS Records Table:
Then click Save at the bottom of the DNS Zone Records table to save these changes.
DNS Summary… Why you should not register your Private Nameserver
Log into your Canhost account and click Client Area, Domains. Then to the right of the domain name you are using for your name server, click on the Wrench. Then click Manage Domain. In the left side menu is a menu item called Private Nameservers. Click on this menu item to bring up a form where you can register your name server simply by typing in the Nameserver name and IP address.
Registering your nameserver may seem like a good idea as it means you can change the nameservers you are using from the default Canhost nameservers to your own custom nameservers.
However, there is a serious drawback in registering your own private name server and then pointing your domains to your own private name server. The drawback is that you will need to set up your own DNS server to handle the DNS records for these domains.
Setting up a DNS server is a complicated process and is generally not worth your time and effort in learning how to do this. While I think there is a significant security benefit in creating your own Virtual Private Server, there is no real benefit in setting up your own DNS routing server.
I therefore recommend that you not register your Private Nameserver unless you are willing to take the time needed to learn how to properly set up your own DNS server – a subject that is beyond the scope of this course.
Instead, I recommend that you use the 4 default Canhost Nameservers (aka ns1.managedns.ca).
This means you should also not change the nameserver records at the bottom of your My DNS table:
However, you should use Canhost My DNS to edit the first four A Records to point your domain names at your primary IP address instead of the default Canhost IP addresses.
And you should create two CAA records for each of your domain names:
You should also create A records for each of your nameserver sub domains in the DNS records for the domain name you are using for your server (note that these two special A records are not needed for any other domain names you will be using):
Once you have completed these changes to your Canhost DNS settings, you are ready to log out of your Canhost account and add a Hestia Control Panel to your VPS.
Step 7 SSH into your VPS from your home computer terminal
Open a terminal on your home computer. Use the Primary IP address given to you by Canhost in their email to SSH into your new server from our home computer terminal with this command:
Press Enter. Then type yes to accept the SSH connection. Then enter your VPS password and press Enter. Your terminal screen should then display the line that looks something like: david@ns1>:
This means you are logged into your Debian VPS and can begin to edit its settings.
Step 8: Create a Root User and Password
We need to create a Root User in order to install the Hestia Control Panel. However, we need to change the SSH configuration file before we can create a root user. Once logged into your user SSH session, copy paste: sudo nano /etc/ssh/sshd_config
to open the ssh configuration file. Use the down arrow to scroll down to PermitRootLogin. Delete the hash at the beginning of the line PermitRootLogin and set the value to yes:
Save this file by pressing the Control key and the lower case o key at the same time, followed by pressing the Enter key. Close the file by pressing Control plus the x key at the same time. To make the new setting take effect, restart the ssh service:
sudo systemctl restart sshd.service
While VPS is running, and still in your user ssh session, copy paste the following into the ssh terminal: sudo passwd root
Enter your sudo user password. Then add a root password typing it twice. Reply should be: passwd: password updated successfully
Log out of the user SSH with exit. Then close the home terminal.
Step 9 SSH into your VPS as the root user
SSH into your VPS from your home computer terminal with this command: ssh root@yourIPaddress>
For example, ssh
When prompted for the password, use the root password you just created. Once logged in as the root user, uninstall the Canhost firewall called CSF with these commands: cd /etc/csf
Press enter, then copy paste: sh uninstall.sh
Then press Enter again. Go back to root with
Next, install the Midnight Commander graphical file manager with this command: apt install mc
Midnight Commander is a graphical file manager that makes it easier to edit and move files in our VPS. We will use Midnight Commander to change some settings after we install Hestia.
Step 10 Install the Hestia Control Panel to your VPS
While logged in as root, copy and paste the following commands:
Then open a browser and go to the Hestia Install page.
Uncheck clamav. Then click Submit. The Installation Instructions say: Log in to your server as root via SSH: ssh
Then copy paste this into the ssh root terminal:
sudo bash hst-install.sh --port '8083' --lang 'en' --apache yes --phpfpm yes --multiphp yes --vsftpd yes --proftpd no --named yes --mysql yes --mysql-classic no --postgresql no --exim yes --dovecot yes --sieve no --clamav no --spamassassin yes --iptables yes --fail2ban yes --quota no --api yes --interactive yes --force no
Wait for the Thank you screen to appear. Then type Y. Then type your email and FQDN:
Then press Enter. After the installer finishes, it will end with Press any key to continue. Do not press any key! First, scroll up the page and copy paste the Hestia URL and password!!!
Admin URL: https://188.8.131.52:8083
Username: admin Password: ImQwmOHv1rg1Yi9g
Then scroll back down the page and press Enter. Then close the terminal. The server will restart. You do not need to log into the server. Instead, open a browser and copy paste the Hestia URL: https://184.108.40.206:8083
You can also log in with the domain name:port number
Either way, Firefox will state: Warning: Potential Security Risk Ahead. Click Advanced. Then click Accept Risk and Continue. The Hestia Control Panel Log in screen will appear:
For username, type admin. Then click Next. For password, copy and paste the complex password: ImQwmOHv1rg1Yi9g
Step 11 Change the Background Color of the Panel
The dark panel is hard to read and hard to see on screenshots. Therefore, our first task is to change the background color of the panel to a lighter color. Click on the Settings wheel in the upper right corner. Then click Configure on the left side of the screen.
Then click Basic Options. Then use the Appearance drop down arrow to change from dark to default and click Save. Then click on the word Back to return to the main panel Settings screen.
Step 12 Change the Admin Password
Click on Users in the top menu.
Then select the Admin User and click the Edit pencil. Type in an easier to remember password. Each Hestia password must be at least 8 characters long with 1 uppercase & 1 lowercase character and 1 number. Then click Save and Back to go back to the User screen.
Now that we have installed the Hestia Control Panel on our Debian VPS, in the next article, we will learn how to use Midnight Commander to change some settings on our Hestia Control Panel.