Harry Tang
Member
- Joined
- Jan 27, 2017
- Member Type
- Student or Learner
- Native Language
- Vietnamese
- Home Country
- Vietnam
- Current Location
- Vietnam
Title: DirectAdmin: Improve performance and security
------------------------------------------------------------
[FONT="]In this tutorial, I'm going to improve the DirectAdmin environment, make it faster and more secure. I assume that you have installed DirectAdmin on your server (for this guide, I use CentOS 7 64bit). A good understanding of Linux basics is needed to follow this guide. Now we begin:[/FONT]
[h=2]Use Nginx reverse proxy[/h][FONT="]Performance can be improved by the reverse proxy handling static content and from application requests. If your web server is not set to this mode, follow the commands below:[/FONT]
[removed][h=2]Enable HTTP/2[/h][FONT="]HTTP/2 is the latest update to the HTTP protocol with many advancements in efficiency, security and speed. Simply run the commands below to enable HTTP/2:[/FONT]
[removed][FONT="]Then we edit the configure file:
[/FONT]
[removed][FONT="]And add 2 lines:
[/FONT]
[removed][FONT="]
[/FONT]
[FONT="]Next, we update the nginx-vhosts:
[/FONT]
[removed][FONT="]Add http2 to all SSL listen like this:
[/FONT]
[FONT="]Finally, build and restart the service:
[/FONT]
[removed][h=2]Use PHP 7[/h][FONT="]Up to 2x faster performance and 50% better memory consumption than PHP 5.6.
[/FONT]
[removed][FONT="]If you have CloudLinux:
[/FONT]
[removed][FONT="]If you don't have CloudLinux:
[/FONT]
[removed][FONT="]Then build php:
[/FONT]
[removed][FONT="]Edit php.ini and double those settings: memory_limit, max_execution_time, max_input_time[/FONT]
[h=2]Enable OpCache[/h][FONT="]OpCache can improves PHP performance as well, run the following commands:
[/FONT]
[removed][h=2]Use MariaDB[/h][FONT="]A lot of optimizer enhancements in MariaDB, if your server is not set to use MariaDB, follow this:
[/FONT]
[removed][FONT="]Increase max allowed packet:
[/FONT]
[removed][FONT="]Set max_allowed_packet = 50M , innodb_log_file_size = 100M and bind-address = 127.0.0.1 in [mysqld] section.[/FONT]
[h=2]Enable SSL for all services[/h][FONT="]Assume that your server hostname is server.domain.com. We use "Let's Encrypt" tool to setup SSL for server hostname and all services, now edit the directadmin.conf file:
[/FONT]
[removed][FONT="]set enable_ssl_sni=1
set ssl_redirect_host=server.domain.com
set force_hostname=server.domain.com
set carootcert=/usr/local/directadmin/conf/carootcert.pem
set letsencrypt=1[/FONT]
[FONT="]Next run the following commands:
[/FONT]
[removed][FONT="]Now set SSL=1 in directadmin.conf and restart directadmin service again.[/FONT]
[FONT="]Next, update Roundcube config for SSL connection:
[/FONT]
[removed][FONT="]set $config['password_directadmin_host'] = 'ssl://localhost';[/FONT]
[FONT="]Testing SSL by running the following commands, one by one:
[/FONT]
[removed][FONT="]Make sure you can see the Certificate in the result like this:
[/FONT]
[FONT="][FONT="]Use hostname for alias
[/FONT][/FONT]
[removed][h=2]Enable DKIM[/h][FONT="]Enable this feature will help you keep emails sending from your server out of the Spam folder, download the dkim.conf file:
[/FONT]
[removed][FONT="]Edit your /etc/exim.conf, and find the code:
[/FONT]
[removed][FONT="]Then change it to look like:
[/FONT]
[removed][FONT="]If you don't want to see the hostname in user's emails "on behalf of":
[/FONT]
[removed][FONT="]Then restart exim:
[/FONT]
[removed][FONT="]Finally, update directadmin.conf file:
[/FONT]
[removed][FONT="]set dkim=1 dns_spf=1 hide_outlook=1 and then restart DirectAdmin[/FONT]
[FONT="]Now we can create DKIM for the server hostname:
[/FONT]
[removed][FONT="]Now go to DirectAdmin > DNS Administration and click on your server hostname to check and DKIM key, and update your SPF record (for IPv6).[/FONT]
[h=2]Enable IP Blocking[/h][FONT="]We will use BFM and CSF:
[/FONT]
[removed][FONT="]Download config fires:
[/FONT]
[removed][FONT="]Create the empty block list and exempt list files:
[/FONT]
[removed][FONT="]Open ports 465, 2525, 35000:35999 in CSF:
[/FONT]
[removed][FONT="]Enable and start the firewall. Edit /etc/csf/csf.conf:
[/FONT]
[removed][FONT="]Update Settings in Directadmin like below:
[/FONT]
[FONT="]Now you have an excellent hosting server! If you need any help please let me know.[/FONT]
------------------------------------------------------------
[FONT="]In this tutorial, I'm going to improve the DirectAdmin environment, make it faster and more secure. I assume that you have installed DirectAdmin on your server (for this guide, I use CentOS 7 64bit). A good understanding of Linux basics is needed to follow this guide. Now we begin:[/FONT]
[h=2]Use Nginx reverse proxy[/h][FONT="]Performance can be improved by the reverse proxy handling static content and from application requests. If your web server is not set to this mode, follow the commands below:[/FONT]
[removed][h=2]Enable HTTP/2[/h][FONT="]HTTP/2 is the latest update to the HTTP protocol with many advancements in efficiency, security and speed. Simply run the commands below to enable HTTP/2:[/FONT]
[removed][FONT="]Then we edit the configure file:
[/FONT]
[removed][FONT="]And add 2 lines:
[/FONT]
[removed][FONT="]
[FONT="]Next, we update the nginx-vhosts:
[/FONT]
[removed][FONT="]Add http2 to all SSL listen like this:
[FONT="]Finally, build and restart the service:
[/FONT]
[removed][h=2]Use PHP 7[/h][FONT="]Up to 2x faster performance and 50% better memory consumption than PHP 5.6.
[/FONT]
[removed][FONT="]If you have CloudLinux:
[/FONT]
[removed][FONT="]If you don't have CloudLinux:
[/FONT]
[removed][FONT="]Then build php:
[/FONT]
[removed][FONT="]Edit php.ini and double those settings: memory_limit, max_execution_time, max_input_time[/FONT]
[h=2]Enable OpCache[/h][FONT="]OpCache can improves PHP performance as well, run the following commands:
[/FONT]
[removed][h=2]Use MariaDB[/h][FONT="]A lot of optimizer enhancements in MariaDB, if your server is not set to use MariaDB, follow this:
[/FONT]
[removed][FONT="]Increase max allowed packet:
[/FONT]
[removed][FONT="]Set max_allowed_packet = 50M , innodb_log_file_size = 100M and bind-address = 127.0.0.1 in [mysqld] section.[/FONT]
[h=2]Enable SSL for all services[/h][FONT="]Assume that your server hostname is server.domain.com. We use "Let's Encrypt" tool to setup SSL for server hostname and all services, now edit the directadmin.conf file:
[/FONT]
[removed][FONT="]set enable_ssl_sni=1
set ssl_redirect_host=server.domain.com
set force_hostname=server.domain.com
set carootcert=/usr/local/directadmin/conf/carootcert.pem
set letsencrypt=1[/FONT]
[FONT="]Next run the following commands:
[/FONT]
[removed][FONT="]Now set SSL=1 in directadmin.conf and restart directadmin service again.[/FONT]
[FONT="]Next, update Roundcube config for SSL connection:
[/FONT]
[removed][FONT="]set $config['password_directadmin_host'] = 'ssl://localhost';[/FONT]
[FONT="]Testing SSL by running the following commands, one by one:
[/FONT]
[removed][FONT="]Make sure you can see the Certificate in the result like this:
[FONT="][FONT="]Use hostname for alias
[/FONT][/FONT]
[removed][h=2]Enable DKIM[/h][FONT="]Enable this feature will help you keep emails sending from your server out of the Spam folder, download the dkim.conf file:
[/FONT]
[removed][FONT="]Edit your /etc/exim.conf, and find the code:
[/FONT]
[removed][FONT="]Then change it to look like:
[/FONT]
[removed][FONT="]If you don't want to see the hostname in user's emails "on behalf of":
[/FONT]
[removed][FONT="]Then restart exim:
[/FONT]
[removed][FONT="]Finally, update directadmin.conf file:
[/FONT]
[removed][FONT="]set dkim=1 dns_spf=1 hide_outlook=1 and then restart DirectAdmin[/FONT]
[FONT="]Now we can create DKIM for the server hostname:
[/FONT]
[removed][FONT="]Now go to DirectAdmin > DNS Administration and click on your server hostname to check and DKIM key, and update your SPF record (for IPv6).[/FONT]
[h=2]Enable IP Blocking[/h][FONT="]We will use BFM and CSF:
[/FONT]
[removed][FONT="]Download config fires:
[/FONT]
[removed][FONT="]Create the empty block list and exempt list files:
[/FONT]
[removed][FONT="]Open ports 465, 2525, 35000:35999 in CSF:
[/FONT]
[removed][FONT="]Enable and start the firewall. Edit /etc/csf/csf.conf:
[/FONT]
[removed][FONT="]Update Settings in Directadmin like below:
[FONT="]Now you have an excellent hosting server! If you need any help please let me know.[/FONT]