HestiaCP Installation Free Hosting Panel

HestiaCP is a free, open-source hosting control panel built on modern technologies that provides a powerful yet lightweight solution for managing web hosting infrastructure. Designed with simplicity and efficiency in mind, HestiaCP enables administrators to manage multiple domains, email accounts, DNS records, SSL certificates, databases, and system services through a responsive web interface. This comprehensive guide covers the complete installation, configuration, and management of HestiaCP for production hosting environments.

Table of Contents

• Introduction
• System Requirements
• Pre-Installation Setup
• HestiaCP Installation
• Initial Configuration
• Domain and Website Management
• Email Setup and Management
• DNS Configuration
• Database Administration
• SSL Certificate Management
• Firewall Configuration
• Backup and Restoration
• Web Templates
• Advanced Features
• Troubleshooting
• Conclusion

Introduction

HestiaCP stands out as a lightweight, open-source hosting control panel that eliminates the bloat associated with traditional panels while maintaining comprehensive hosting management capabilities. Built on Nginx, Apache, and Exim mail server, HestiaCP provides efficient resource utilization and fast performance. With a focus on modern web standards, API support, and containerization, HestiaCP serves small hosting providers, enterprise environments, and individual administrators seeking professional infrastructure management tools.

System Requirements

HestiaCP operates efficiently on minimal hardware, making it ideal for various hosting scenarios:

• Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS
• Debian 9, 10, or 11
• CentOS 7 or Rocky Linux 8+
• Minimum 1 GB RAM (2 GB recommended)
• At least 30 GB free disk space
• Root or sudo access
• Clean server installation
• Port 8083 available (HestiaCP dashboard)

Verify system compatibility:

# Check operating system
cat /etc/os-release

# Verify available memory
free -h

# Check disk space
df -h

# Confirm port availability
sudo ss -tulpn | grep 8083
sudo netstat -tulpn | grep 8083

# Check systemd is running
systemctl status

Pre-Installation Setup

System Update and Preparation

# Update all packages
sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y

# Install required dependencies
sudo apt install curl wget git software-properties-common -y

# Ensure required tools are present
which curl wget git
which systemctl
which ufw

# Check hostname is set
hostname
hostnamectl set-hostname hestiacp.example.com

# Update hosts file
echo "127.0.0.1 hestiacp.example.com" | sudo tee -a /etc/hosts

Firewall Configuration

# Enable UFW firewall
sudo ufw enable

# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow essential services
sudo ufw allow 22/tcp        # SSH
sudo ufw allow 80/tcp        # HTTP
sudo ufw allow 443/tcp       # HTTPS
sudo ufw allow 8083/tcp      # HestiaCP Dashboard
sudo ufw allow 25/tcp        # SMTP
sudo ufw allow 587/tcp       # Submission port
sudo ufw allow 993/tcp       # IMAP SSL
sudo ufw allow 995/tcp       # POP3 SSL
sudo ufw allow 110/tcp       # POP3
sudo ufw allow 143/tcp       # IMAP
sudo ufw allow 53/tcp        # DNS
sudo ufw allow 53/udp        # DNS
sudo ufw allow 3306/tcp      # MySQL

# Verify configuration
sudo ufw status verbose

Disable Conflicting Services

# Stop Apache if installed
sudo systemctl stop apache2
sudo systemctl disable apache2
sudo apt remove apache2 apache2-utils -y

# Stop Nginx if running (HestiaCP will manage it)
sudo systemctl stop nginx
sudo systemctl disable nginx
sudo apt remove nginx -y

# Stop Postfix if installed
sudo systemctl stop postfix
sudo systemctl disable postfix
sudo apt remove postfix -y

# Verify no conflicting services
sudo netstat -tulpn | grep -E "80|443|25|587|993"

HestiaCP Installation

Downloading and Running Installer

# Download HestiaCP installer script
wget https://raw.githubusercontent.com/hestiacp/hestiacp/master/install/hestia-install.sh

# Make installer executable
chmod +x hestia-install.sh

# Run installer with desired options
sudo bash hestia-install.sh \
  --hostname hestiacp.example.com \
  --email [email protected] \
  --password hestiacp-password \
  --interactive no

# Monitor installation progress
sudo tail -f /var/log/hestia-install.log

# Installation typically takes 10-20 minutes

Installer Options Explanation

# Common installation flags:
# --hostname: Server hostname
# --email: Administrator email
# --password: Admin panel password
# --interactive: Run in interactive mode (yes/no)
# --skip-hostname-check: Skip hostname validation
# --skip-ip-check: Skip IP address validation
# --with-debs: Install from Debian packages
# --backups: Enable backup functionality
# --ssl: Enable SSL for panel

# Example custom installation
sudo bash hestia-install.sh \
  --hostname hosting.example.com \
  --email [email protected] \
  --password 'ComplexPassword123!@#' \
  --interactive no \
  --with-debs yes \
  --backups yes \
  --ssl yes

Verifying Installation

# Check HestiaCP service status
sudo systemctl status hestia

# Verify all required services are running
sudo systemctl status hestia
sudo systemctl status nginx
sudo systemctl status apache2
sudo systemctl status mysql
sudo systemctl status exim4
sudo systemctl status dovecot

# Check HestiaCP is listening
sudo ss -tulpn | grep 8083

# View installation summary
sudo cat /var/log/hestia-install.log | tail -50

# Verify HestiaCP directory structure
ls -la /home/*/conf/
ls -la /etc/hestia/
ls -la /var/log/hestia/

Initial Configuration

Accessing HestiaCP Dashboard

# Access HestiaCP web interface
# URL: https://your-server-ip:8083
# or https://your-hostname:8083

# Login with credentials provided during installation
# Username: admin
# Password: [installation-provided]

# Accept self-signed SSL certificate warning

Changing Administrator Password

1. Log in to HestiaCP dashboard
2. Click on username in top-right corner
3. Select "Change Password"
4. Enter current password
5. Set new strong password (minimum 12 characters recommended)
6. Confirm password change

# Via command line (if needed)
sudo hestia-cli user update admin --password 'NewStrongPassword123!@#'

Configuring Basic Settings

Navigate to Settings to configure:

# System settings
# - Language preference
# - Time zone
# - System IP address
# - Nameservers (for DNS)
# - Backup settings

# Panel configuration
# - Session timeout
# - SSL certificate
# - Appearance/theme
# - Notification settings

Setting Up Administrator Contact

# Configure notification email
# Settings > Email Notifications
# - Email address for alerts
# - SMTP settings (if external mail service)
# - Notification types

# Example: Set up Gmail SMTP for alerts
# Host: smtp.gmail.com
# Port: 587 (TLS)
# Username: [email protected]
# Password: application-specific-password

Domain and Website Management

Adding New Domain

# Method 1: Using HestiaCP GUI
# Navigate to: Web > Add Domain
# Fill in:
# - Domain name: example.com
# - IP address: Select server IP
# - Document root: /home/user/domains/example.com/public_html
# - SSL: Enable auto SSL
# - Proxy: Enable reverse proxy (optional)
# - Directory protection: Configure as needed

# Method 2: Using CLI
sudo hestia-cli domain add admin example.com

Managing Domain Aliases and Subdomains

# Add domain alias (www.example.com)
# In HestiaCP: Select domain > Edit > Add alias

# Or via CLI
sudo hestia-cli domain add admin www.example.com

# Add subdomain
# Example: blog.example.com
sudo hestia-cli domain add admin blog.example.com

# List all domains for user
sudo hestia-cli domain list admin

# Remove domain
sudo hestia-cli domain delete admin example.com

Uploading Website Files

# Access website directory
cd /home/admin/domains/example.com/public_html

# Upload files via SFTP
# Use SFTP client to connect:
# Host: your-ip
# Port: 22
# User: admin
# Password: [HestiaCP password]
# Directory: /home/admin/domains/example.com/public_html

# Or via command line
scp -r /local/files/ admin@your-ip:/home/admin/domains/example.com/public_html/

# Set proper permissions
sudo chown -R admin:admin /home/admin/domains/example.com/
sudo find /home/admin/domains/example.com/ -type f -exec chmod 644 {} \;
sudo find /home/admin/domains/example.com/ -type d -exec chmod 755 {} \;

Managing Web Templates

# HestiaCP includes pre-configured web templates

# View available templates
ls -la /usr/local/hestia/data/templates/web/

# Templates include configurations for:
# - Nginx
# - Apache
# - PHP versions
# - Caching
# - Static content delivery

# Select template when adding domain
# Or change template for existing domain
# Web > Select Domain > Edit > Select Template

Monitoring Website Statistics

# Access bandwidth and statistics
# Web > Select Domain > Statistics

# View:
# - Bandwidth usage
# - Log files
# - Disk usage
# - Visitor statistics (if analytics enabled)

# Via command line
du -sh /home/admin/domains/example.com/

# Analyze access logs
tail -f /var/log/apache2/domains/example.com.log
tail -f /var/log/nginx/domains/example.com.log

Email Setup and Management

Creating Email Accounts

# Method 1: Using HestiaCP GUI
# Navigate to: Mail > Select Domain > Add Email Account
# Fill form:
# - Email: [email protected]
# - Password: Generate strong password
# - Forwarding address (optional): [email protected]
# - Account type: Mailbox/Forward only

# Method 2: Using CLI
sudo hestia-cli mail add admin example.com user

# Verify email account created
ls -la /home/admin/mail/example.com/

# Check mail queue
postqueue -p

Configuring Email Client

# Email client configuration details:
# IMAP Server: mail.example.com or your-ip
# IMAP Port: 993 (SSL) or 143 (TLS)
# SMTP Server: mail.example.com or your-ip
# SMTP Port: 587 (TLS) or 25 (unencrypted)
# Username: [email protected]
# Password: [account password]

# Dovecot IMAP/POP3 configuration
sudo cat /etc/dovecot/dovecot.conf | grep -E "^[a-z]"

# Exim SMTP configuration
sudo cat /etc/exim4/exim4.conf.template | head -50

Managing Email Forwards

# Create email forward
# Mail > Select Domain > Add Email Forward
# Forward: [email protected]
# Target: [email protected]

# Via CLI
sudo hestia-cli mail add admin example.com forward --forward [email protected]

# List email forwards
sudo hestia-cli mail list admin example.com

# Monitor mail queue
mailq
sudo postqueue -p

# View Exim logs
sudo tail -f /var/log/exim4/mainlog

Email Filtering and Spam Protection

# Enable spam filter configuration
# Mail > Settings > Spam Filter

# Configure Spamassassin
sudo nano /etc/spamassassin/local.cf

# Common settings:
# required_score 5
# enable_bayes 1
# bayes_auto_learn 1
# report_safe 1

# Restart Spamassassin
sudo systemctl restart spamassassin

# View spam scores
spamassassin -t < /tmp/sample-email.txt

# Check spam configuration
spamassassin -D 2>&1 | grep "config"

DNS Configuration

Managing DNS Records

# Method 1: Using HestiaCP GUI
# Navigate to: DNS > Select Domain
# Add records:
# - A record: Points to server IP
# - CNAME records: For subdomains
# - MX records: For mail delivery
# - TXT records: For SPF, DKIM, DMARC

# Method 2: Using CLI
# Add DNS record
sudo hestia-cli dns add admin example.com @ A 192.168.1.100
sudo hestia-cli dns add admin example.com www CNAME example.com
sudo hestia-cli dns add admin example.com @ MX 10 mail.example.com
sudo hestia-cli dns add admin example.com @ TXT "v=spf1 ip4:192.168.1.100 -all"

DNS Record Examples

# A Record
# Name: @
# Type: A
# Value: 192.168.1.100
# TTL: 3600

# CNAME Record
# Name: www
# Type: CNAME
# Value: example.com
# TTL: 3600

# MX Record
# Name: @
# Type: MX
# Priority: 10
# Value: mail.example.com
# TTL: 3600

# TXT Record for SPF
# Name: @
# Type: TXT
# Value: v=spf1 ip4:192.168.1.100 include:sendgrid.net -all

# TXT Record for DKIM
# Name: default._domainkey
# Type: TXT
# Value: [DKIM key from mail configuration]

# TXT Record for DMARC
# Name: _dmarc
# Type: TXT
# Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]

Using HestiaCP as Authoritative DNS

# Enable DNS server in HestiaCP
# Settings > System > Enable DNS server

# Configure nameservers pointing to server
# ns1.example.com = your-server-ip
# ns2.example.com = your-server-ip (if available)

# Update domain registrar with new nameservers
# ns1.example.com
# ns2.example.com (optional)

# Test DNS resolution
nslookup example.com
dig example.com
host example.com

# Check DNS propagation
# Using online tools: whatsmydns.net

Database Administration

Creating Databases

# Method 1: Using HestiaCP GUI
# Navigate to: Databases > Create Database
# Fill form:
# - Database name: websitedb
# - Database user: dbuser
# - Password: Generate strong password
# - Type: MySQL/PostgreSQL

# Method 2: Using CLI
sudo hestia-cli database add admin websitedb dbuser

# Verify database created
mysql -u root -e "SHOW DATABASES;"
mysql -u root -e "SELECT user FROM mysql.user;"

Managing Database Users

# Access MySQL
mysql -u root -p

# Create database manually
CREATE DATABASE websitedb;

# Create user
CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'strong-password';

# Grant privileges
GRANT ALL PRIVILEGES ON websitedb.* TO 'dbuser'@'localhost';
FLUSH PRIVILEGES;

# Exit MySQL
EXIT;

# Verify user permissions
mysql -u dbuser -p -e "SHOW DATABASES;"

Backing Up Databases

# Manual database backup
mysqldump -u root -p websitedb > websitedb-backup.sql

# Compress backup
gzip websitedb-backup.sql

# Automated backup via HestiaCP
# Settings > Backups > Configure schedule

# Or schedule manual backups with cron
sudo crontab -e

# Add cron job:
# 0 2 * * * mysqldump -u root -p<password> websitedb | gzip > /backup/websitedb-$(date +\%Y\%m\%d).sql.gz

Restoring Databases

# Restore from SQL dump
mysql -u root -p websitedb < websitedb-backup.sql

# Restore from compressed backup
gunzip < websitedb-backup.sql.gz | mysql -u root -p websitedb

# Verify restoration
mysql -u root -p -e "USE websitedb; SHOW TABLES;"

SSL Certificate Management

Let's Encrypt SSL Certificates

# Enable SSL during domain creation
# Or add SSL to existing domain:
# Web > Select Domain > Edit > Enable SSL

# HestiaCP automatically manages Let's Encrypt certificates:
# - Automatic installation
# - Configuration in Nginx/Apache
# - Auto-renewal 60 days before expiration

# Verify SSL certificate
openssl s_client -connect example.com:443 2>/dev/null | grep -A 10 "Certificate"

# Check certificate expiration
openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates

Custom SSL Certificates

# Upload custom certificate
# Web > Select Domain > Edit > SSL Certificate > Upload Custom

# Or via command line:
# Copy certificate files
sudo cp your-cert.crt /home/admin/domains/example.com/ssl/
sudo cp your-key.key /home/admin/domains/example.com/ssl/
sudo cp your-chain.ca /home/admin/domains/example.com/ssl/

# Set permissions
sudo chown -R admin:admin /home/admin/domains/example.com/ssl/
sudo chmod 600 /home/admin/domains/example.com/ssl/*

# Reload web server
sudo systemctl reload nginx
sudo systemctl reload apache2

SSL Certificate Auto-Renewal

# Verify auto-renewal is configured
sudo systemctl status hestia-letsencrypt-renew.timer

# Manual certificate renewal
sudo systemctl start hestia-letsencrypt-renew.service

# Check renewal logs
sudo tail -f /var/log/hestia/letsencrypt.log

# Verify renewal schedule
sudo systemctl list-timers | grep hestia

Firewall Configuration

UFW Firewall Management

# View firewall status
sudo ufw status numbered

# Open additional ports
sudo ufw allow 3000/tcp  # Node.js example
sudo ufw allow 8000:9000/tcp  # Port range

# Restrict IP access
sudo ufw allow from 192.168.1.100 to any port 22

# Delete firewall rule
sudo ufw delete allow 8000:9000/tcp

# Reset firewall (careful!)
sudo ufw reset

# View firewall logs
sudo grep UFW /var/log/syslog | tail -20

HestiaCP Firewall Rules

# View HestiaCP firewall configuration
# Settings > Firewall

# Add firewall rules:
# - IP addresses to block/allow
# - Ports to restrict
# - Services to protect

# Example: Restrict panel access
# Settings > Firewall > Ban IP address
# Add IP to block list

# Configure fail2ban for brute force protection
sudo systemctl status fail2ban
sudo fail2ban-client status

Backup and Restoration

Configuring Backups

# Configure backup settings
# Settings > Backups > Schedule Backups

# Set backup frequency:
# - Daily
# - Weekly
# - Monthly

# Backup destination:
# - Local storage
# - Remote (SFTP/FTP/S3)

# Select backup includes:
# - Web domains
# - Mail accounts
# - Databases
# - DNS zones

Manual Backup Creation

# Trigger manual backup
# Settings > Backups > Create Backup

# Or via CLI
sudo hestia-cli backup admin

# Monitor backup progress
sudo tail -f /var/log/hestia/backup.log

# List backups
sudo ls -lah /backup/admin/

Restoring from Backup

# Restore complete backup
# Settings > Backups > Select backup > Restore

# Or restore specific items:
# - Single domain
# - Specific database
# - Email account

# Via CLI
sudo hestia-cli restore admin /backup/admin/backup-filename.tar

# Monitor restoration
sudo tail -f /var/log/hestia/backup.log

# Verify restoration
ls -la /home/admin/domains/
mysql -u root -e "SHOW DATABASES;"

Web Templates

Available Web Templates

# View installed templates
ls -la /usr/local/hestia/data/templates/web/

# Common templates:
# Default - Standard Nginx/Apache configuration
# Single - Single PHP version
# WordPress - Optimized for WordPress
# PHP-FPM - PHP-FPM with Nginx
# Static - Static content only

# Select template when creating domain
# Or change template:
# Web > Select Domain > Edit > Change Template

Creating Custom Templates

# Template location
cd /usr/local/hestia/data/templates/web/

# Template structure
ls -la default/

# Create custom template
cp -r default custom-template

# Edit template configuration
sudo nano custom-template/nginx.conf
sudo nano custom-template/apache2.conf

# HestiaCP will recognize new template
# Available in domain creation/editing

Advanced Features

Backup Scheduling

# Configure automated backups
# Settings > Backups > Schedule

# Cron job for automated backups
sudo crontab -e

# Add backup job:
# 0 3 * * * /usr/local/hestia/bin/v-backup-users > /dev/null 2>&1

# Monitor backup execution
sudo tail -f /var/log/hestia/backup.log

Multi-User Management

# Create new hosting user
# Users > Add User

# Or via CLI
sudo hestia-cli user add username password [email protected]

# Assign resources to user
# Max domains, Mail accounts, Databases, Disk space

# Reseller functionality
# User > Select User > Reseller
# Enable reseller permissions for user

# User-level operations
# Users can add domains, email, databases
# Separate billing/management per user

API Access

# HestiaCP provides REST API for automation

# Enable API
# Settings > Tools > API

# Example API call
curl -s -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "user=admin&token=your-api-token&cmd=v-list-domains&format=json" \
  https://your-ip:8083/api/

# Common API commands
# v-list-domains: List domains
# v-add-domain: Add domain
# v-delete-domain: Delete domain
# v-list-mail: List email accounts
# v-add-mail: Create email account
# v-list-databases: List databases

Troubleshooting

Common Issues

# HestiaCP not accessible
sudo systemctl restart hestia

# Check service status
sudo systemctl status hestia
sudo systemctl status nginx
sudo systemctl status apache2

# Website not displaying
# Check if domain configured
sudo hestia-cli domain list admin

# Check Nginx configuration
sudo nginx -t

# Check Apache configuration
sudo apache2ctl configtest

# Email not working
sudo systemctl status exim4
sudo systemctl status dovecot

# Check mail logs
sudo tail -f /var/log/exim4/mainlog
sudo tail -f /var/log/dovecot.log

# DNS not resolving
sudo systemctl status hestia-named
dig example.com
nslookup example.com

Log Analysis

# HestiaCP logs
sudo tail -f /var/log/hestia/hestia.log

# Nginx logs
sudo tail -f /var/log/nginx/error.log
sudo tail -f /var/log/nginx/access.log

# Apache logs
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/apache2/access.log

# Mail server logs
sudo tail -f /var/log/exim4/mainlog
sudo tail -f /var/log/dovecot.log

# System logs
sudo journalctl -u hestia -f
sudo journalctl -u nginx -f

Conclusion

HestiaCP provides a comprehensive, lightweight hosting control panel solution that combines powerful features with efficient resource utilization. Whether managing single websites or hosting hundreds of customer domains, HestiaCP offers the flexibility, security, and performance required in modern hosting environments.

By following this guide, you've learned to install and configure HestiaCP, manage multiple domains with SSL certificates, set up email services, configure DNS, and implement backup strategies. The combination of open-source components with professional management tools makes HestiaCP an excellent choice for independent hosting providers and system administrators.

Regular monitoring, security updates, and proper backup procedures ensure your HestiaCP infrastructure remains stable, secure, and performant for years to come.