This tutorial will teach you how to install a LAMP stack on a virtual server.

LAMP is a suite of software including:

  • Linux;
  • Apache;
  • MySQL;
  • PHP.

This will allow you to run your own website after installing it.

We are going to use a virtual server, HT-VPS-5 tariff, 16 GB RAM and 160 GB SSD-drive. However, for the majority of basic tasks (blog, business card site) and projects that are not very demanding, a simpler HT-VPS-1 configuration will be fine. The operating system we use is the Linux distribution Ubuntu 20.04.

To begin with, allow us to have a look at the basics of running a website. Each site requires different components for its functionality. Typically, these include a web server, support for the programming language that the site is written in, and database support. Here we will guide you how to install Apache web server, PHP language support and MySQL database support.

SSH SETUP

We are going to do all operations using the prompt with the SSH protocol. You should know your IP address, username and password. You will receive this data for connection in an email when you order a virtual server.

Open a command prompt (terminal) on your local computer and input the command to connect.

shh root@XXX.XXX.XXX.XXX

Enter the address of your server instead of XXX.XXX.XXX.XXX.

If this is the first time you connect, you may see this message:

The authenticity of host 'XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX)' can't be established. RSA key fingerprint is SHA256:YaaqERsh9oMs/Qa5nlMJLlb4ewlJDGLaDGsuOcDzOs8. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Please just press 'yes' or the letter 'y', you will be asked to enter your password

When you enter a password, no symbols are shown on the screen for security reasons.

Warning: Permanently added 'XXX.XXX.XXX.XXX' (RSA) to the list of known hosts. root@ip_XXX.XXX.XXX.XXX's password:

Type in the password and press 'Enter'.

When you connect to the server, you get to the command prompt on the server itself, i.e. in the system installed on the server.

Before you install any components, we recommend you upgrade your system to the latest up-to-date version.

Run the commands sequentially:

apt update

apt upgrade

An update of the system will start.

The next step is to reboot the server, you can do this using the reboot command.

Before proceeding to the LAMP installation, you need to perform the initial configuration of the server.

Right now you are logged in as root, which is insecure, so you should create a non-privileged user.

Let's run the adduser [username] command to do this, for instance:

adduser host-telecom

Next, enter the password for this user twice.

Please remember your password or save it in a secured place.

After that you will be asked to enter some user data (full name, phone number, etc.), but you don't have to enter all of this, you can just leave the fields blank by pressing 'enter' each time.

Now, you created a new user, although he doesn't have administrator rights. To give it root privileges, you need to add it to the sudo group.

Execute the command:

usermod -aG sudo host-telecom

UFW FIREWALL SETUP

To improve server security, we recommend to use the popular and simple to customize UFW firewall. Various applications can register their own profiles for UFW, meaning ready-made sets of security settings that you can activate. Let's output the list of current profiles with the command:

sudo ufw app list

Available applications: OpenSSH

The profile of the OpenSSH service is now available in our case, which allows us to connect to the server via SSH.

Activate this service using the command:

ufw allow OpenSSH

Rules updated Rules updated (v6)

Next, activate the firewall by command:

ufw enable

You will be warned that the current connection may be interrupted:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

But because you have enabled OpenSSH, don't be concerned and type 'y' and press 'Enter'.

Firewall is active and enabled on system startup

To check the status of the firewall run the command:

ufw status

You can see that it is active and the OpenSSH profile is also active:

Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)

You allowed only SSH connections, and the firewall now blocks all other connections. Later, you will allow HTTP connections to open a website.

Here's a very important point: you need to connect using SSH, not as root, but as the host-telecom user you just created.

For this purpose, don't close your current SSH connection to root for now, but instead open a new terminal window and connect in it, just in case you might suddenly run into problems and be able to fix them.

In the new terminal window, run the command:

ssh host-telecom@XXX.XXX.XXX.XXX

Enter the password for the host-telecom user.

If all is successful, you will be prompted to enter commands, but you will be working under the host-telecom user, and all administrative commands will have to be executed via sudo, i.e. you will enter 'sudo' before each command.

You can close the SSH session with the root user by typing the 'exit' command.

APACHE WEB SERVER SETUP

To install the Apache web server, run the command:

sudo apt install apache2

Make changes to the firewall before testing the Apache web server.

Check the list of profiles:

sudo ufw app list

You will find that apart from OpenSSH, 3 new Apache profiles are also added. Each profile contains a set of settings:

  • Apache — opens port 80, used by the http protocol;
  • Apache Full — opens ports 80 and 443, used by http and https protocols;
  • Apache Secure — opens port 443 only.

You need to apply Apache Full to allow both http and https traffic.

Run the command to activate the profile:

sudo ufw allow in "Apache Full"

Rule added Rule added (v6)

Once this is done, you can test how Apache works and open the default website.

For this purpose, open your browser and enter the IP address of the server. The following information page will appear:

Apache

Actually it is already a running website with a single HTML page.

MYSQL DATABASE SUPPORT SETUP

To install MySQL database support, run the command:

sudo apt install mysql-server

Once the installation is complete, we recommend running a special script that helps you set various security settings. Run the command to do this:

sudo mysql_secure_installation

Further you need to answer a few questions. The first is to enable the VALIDATE PASSWORD plugin, used to prevent simple passwords from being used when setting MySQL database passwords. To enable it, type 'y' and press 'enter'.

The next step asks you to set the level of password validation:

There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:

Choose medium: enter 1 and press 'enter'.

Then enter a strong password and confirm it.

Please note: This is the password for the root user specifically for MySQL, and is not related to the root user you have on your system.

You can answer all subsequent questions with 'y' and then press 'enter':

  • request to remove an anonymous user,
  • request to disable remote authorization of the root user,
  • deleting the test database.

Once complete, you will be prompted to activate the settings and customizations you have made.

You will get a message as a result:

Success. All done!

PHP LANGUAGE SUPPORT SETUP

Further, you should install support for the PHP language. To do this, you need to install three packages:

  • PHP
  • libapache2-mod-php — a module that allows you to process PHP files,
  • php-mysql — allows PHP to communicate with MySQL.

sudo apt install php libapache2-mod-php php-mysql

The LAMP installation is now complete.

However, before you can launch your site, you have to create a virtual host for it. Create a directory for your site and make the settings for your host.

Run the command:

sudo mkdir /var/www/mysite

Specify the domain of your site instead of mysite.

You created the directory using sudo, i.e. as root. Change the permissions and group for this directory to be under your host-telecom user.

sudo chown -R $USER:$USER /var/www/mysite

Then, you should create a configuration file for your virtual host. Configuration files are stored in the /etc/apache2/sites-available directory. Open the console text editor nano and create a configuration file. Run the command:

sudo nano /etc/apache2/sites-available/mysite.conf

Paste the following code:

<VirtualHost *:80> ServerName XXX.XXX.XXX.XXX ServerAlias XXX.XXX.XXX.XXX ServerAdmin host-telecom@localhost DocumentRoot /var/www/mysite ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

Please note, for ServerName we entered the IP address of our server, if you have a domain you should specify it.

Exit the nano editor by pressing Ctrl + X, and enter 'yes' to save the file..

To get your virtual host activated by the web server, run the command:

sudo a2ensite mysite

You need to restart the server to allow the changes to take effect. Run the command:

sudo systemctl reload apache2

Create a test page in your directory where your site files should be located. Open the nano text editor again:

nano /var/www/mysite/index.php

And add the following code in it:

<?php phpinfo();

This is a PHP function that displays detailed information about the current php configuration. Enter the IP address of your server into the address bar of your browser and you will see that you get a page with PHP configuration information.

PHP Info

We've reviewed the basic steps of setting up Apache, PHP, MySQL and learned how to create virtual hosts. Now you can install almost any CMS and launch your online business or blog.

CloudPanel is an opensource solution that allows you to easily install the LEMP stack (Linux, Nginx, MySQL and PHP) on your VPS or cloud server.

Based on the official documentation, CloudPanel is a cost-free and modern control panel for server configuration and management focused on simplicity.

CloudPanel was initially developed by MGT-COMMERCE GmbH, a Berlin-based company, over a decade ago purely to offer optimized hosting for Magento sites in the AWS cloud.

Nowadays, this free control panel has become one of the most capable control panels for Nginx servers, and is compatible with a wide range of PHP, Node.js, Static Websites and Python applications. At the same time, it's become more flexible.

Actually, with CloudPanel you can run any of your favorite applications on any cloud or dedicated server in just a few minutes.

At present, CloudPanel only supports Linux distributions - Debian 11 and Ubuntu 22.04.

The installation of CloudPanel is pretty simple and easy.

Let's see what CloudPanel has to offer before we start the installation:

Service Version
NGINX 1.21 with PageSpeed module
MySQL 8.0
MariaDB 10.6, 10.8
PHP 7.1-8.1
Redis 6
ProFTPD 1.3
Node.js 12, 14, 16 Versions LTS
Yarn 1.22
Python 3.10
Service Version
NGINX 1.21 with PageSpeed module
MySQL 5.7, 8.0
MariaDB 10.7, 10.8
PHP 7.1-8.1
Redis 6
ProFTPD 1.3
Node.js 12, 14, 16 Versions LTS
Yarn 1.22
Python 3.9

Technical Requirements:

  • Ubuntu 22.04 (Jammy Jellyfish) or Debian 11 (Bullseye)
  • >= 1 CPU
  • >= 2 GB RAM
  • >= 10 GB Disk Space

In this guide we will use the Debian 11 distribution.

CloudPanel INSTALLATION

Connect to your server using ssh. To do this, open a terminal and enter the command:

ssh root@XXX.XXX.XXX.XXX

You need to update your system and install the necessary packages before running the installer.

apt update && apt -y upgrade && apt -y install curl wget sudo

Then run the installer with the desired database engine.

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo bash

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo DB_ENGINE=MARIADB_10.8 bash

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo DB_ENGINE=MARIADB_10.6 bash

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo bash

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo DB_ENGINE=MYSQL_5.7 bash

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo DB_ENGINE=MARIADB_10.8 bash

curl -sSL https://installer.cloudpanel.io/ce/v2/install.sh | sudo DB_ENGINE=MARIADB_10.7 bash

The installation is now complete. You can now access CloudPanel through your browser: https://XXX.XXX.XXX.XXX:8443.

Just ignore the warning about the self-signed certificate and click on "Advanced" and "Go to site..." to proceed with CloudPanel.

Then fill in all the information: name, email, username and password.

Then fill in all the information: name, email, username and password.

Confirm that you agree to the terms and conditions and privacy policy and click the "Create user" button.

There you go! Now you are ready to log in to CloudPanel.

Dashboard

VestaCP is a control panel with a wide variety of functionality that allows you to easily monitor and manage your server. This guide explains how to install VestaCP on your Linux VPS.

Minimum Specifications:

  • CentOS 5, 6, 7, Debian 7, 8, 9, Ubuntu 12.04 - 18.10;
  • RAM 512 Mb
  • HDD 20 Gb
  • CPU 1 Ghz

Connect to your server using ssh. Open a terminal and run the command:

ssh root@XXX.XXX.XXX.XXX

Enter the address of your server instead of XXX.XXX.XXX.XXX.XXX.

Before you run the installer, the system must be updated and the necessary packages must be installed.

apt update && apt -y upgrade && apt -y install curl wget sudo

Next, load the installation script with the command:

curl -O http://vestacp.com/pub/vst-install.sh

Then run the script:

bash vst-install.sh

During the installation, you will be asked to answer several questions:

ispmanager dashboard

Enter the requested data and press Enter.

Once the installation is complete, you will be prompted for a login and password to access the control panel.

ispmanager dashboard

After the installation and configuration of the caching DNS server, if the server can be accessed at an external (white) address, you should check that the server responds only to requests from trusted hosts (clients). If the server responds to requests from all hosts, this server is called DNS Open Resolver.

The risk exists that DNS Open Resolver can be exploited by attackers to perform various types of attacks:

  • Loading the server with random DNS requests, blocking the channel with traffic. This can cause a denial of service (DoS) and make the DNS service inaccessible to other users.
  • Sending special requests to a server with a fake source IP address in order to organize an attack on a third host that involves your server. DNS Open Resolver will send responses to this spoofed address, which can lead to a high volume of network traffic aimed at the victim of the attack. Such an attack is called DNS Amplification.
  • Replace responses to your server with false data that will get into the cache (Cache Poisoning). When a client computer accesses a DNS server that is compromised this way, it may obtain false or malicious IP addresses for domain names.

Information

A caching DNS server is a server that processes recursive client requests.

Recursive and iterative DNS requests

On receiving a recursive request, the server either returns an answer to the request or an error message. The server performs all data searching and querying of other servers. In case of receiving an iterative request, the server can return the address of another server rather than the answer, and then the client will forward this request to the specified server.

On receiving a recursive request, the server either returns an answer to the request or an error message. The server performs all data searching and querying of other servers. In case of receiving an iterative request, the server can return the address of another server rather than the answer, and then the client will forward this request to the specified server.

How to check if a server is open

You can check if your server is open to recursive requests at https://openresolver.com/.

Or with commands that perform requests to DNS:

dig +short @XXX.XXX.XXX.XXX mysite.ru

host mysite.ru XXX.XXX.XXX.XXX

nslookup mysite.ru XXX.XXX.XXX.XXX

As XXX.XXX.XXX.XXX enter the IP address of the server to be checked. The example name is mysite.ru, you can check any.

If the request gives an IP address when requested from any host, then your server is DNS Open Resolver.

How to turn off or limit access to only authorized hosts/networks

  1. Limit access to the server port (udp/53) on the network perimeter, or locally on the DNS server itself.
  2. If you want the server to be responsible for only one or a few specific zones, you can turn off recursive queries by adding the “recursion no;” option to the named.conf configuration file (named.conf.local or other, depending on your settings).
  3. Enable recursive requests for trusted networks/hosts only, example: “allow-recursion { localhost; 10.16.0.0.0/16; };” (10.16.0.0.0/16 — replace with trusted addresses).

In this guide, we will review the ispmanager site and server control panel in detail and tell you about its main advantages and versions.

What does ispmanager do

The ispmanager panel helps you to install and manage web services. It deploys all the required software to maintain websites, mail, and databases. It lets users run projects in a ready-to-use web environment and then manage them in a graphical interface, without the need for a console.

The ispmanager panel is helpful for web developers, system administrators, and site managers. The panel significantly simplifies server administration, which means it can be used not only by skilled professionals but also by newcomers.

The latest version of the panel is ispmanager 6. It has an improved interface, a more proactive bug-fixing system, system monitoring, advanced tools for developers, and support for major CMSes.

ispmanager dashboard
The ispmanager panel's main window provides an overview of the overall status of the system. From the left-hand menu, you can go to the management of a selected service

The key features of the ispmanager panel

Web server support and management. You can install and configure web servers such as Apache, Nginx, and OpenLite Speed from the panel. There is no problem with further administration.

Mail domains creation and mailbox management. You can use the panel to create a mail domain and mailbox, adjust rules and restrictions, use anti-spam and anti-virus protection, and connect Roundcube web interface. It is possible to get a configuration file for mail clients.

Database support and management. MySQL/MariaDB, PostgreSQL, Percona Server.

Website creation and management. The ispmanager panel includes tools for simple work with websites at all stages: from installing CMS to adding content.

Website management
Website management

File management. The graphical file manager supports downloading large data volumes without connection loss. It also supports popular FTP servers.

File manager
File manager

Programming languages support. It is possible to add Python and Perl straight from the panel, without further configuring the repositories. You can choose the PHP interpreter version and mode for a separate site. It supports Node.js handler and PHP Composer.

Server and site protection. It includes tools for server backup, mail protection, firewall, response to DDoS attacks, and high-quality anti-virus Dr.Web to keep your system protected.

Dark and light theme. Ispmanager follows all modern design trends and takes care of user experience. Dark theme is a smart solution, which makes it more convenient to work in a dark place.

Which ispmanager version will be the one to choose?

Today, four versions (licenses) of the ispmanager panel exist. There are three versions — lite, pro, and host — which are mostly used for deploying and administering sites on VPS or dedicated servers. Licenses vary in the number of domains that you can manage. However, if you are an internet hosting provider and would like to offer a panel to your customers, the business version is the right option for you. Let's look more closely at the features and differences.

Ispmanager lite is ideal for freelancers and web studios that have a small number of projects — no more than 10 domains. However, a lot of team members can work with the panel: the total number of user accounts is unlimited. The version provides all the necessary tools for a developer: it allows you to configure web servers, make websites, and add extra modules.

Ispmanager pro has the same features as the lite version but also supports a maximum of 50 domains, so it is sufficient for a larger number of projects. Additionally, it has a complete module to work with Docker technology.

Ispmanager host has the same functionality as the pro version, but without limiting the number of domains, which means that it is suitable for large web studios.

Ispmanager business

Ispmanager business significantly differs from other versions and is designed for service providers. The business version supports shared hosting:

  • manages a cluster of servers;
  • allows setting up reselling;
  • allows limiting RAM, and CPU for users, to ensure that "neighbors" in hosting do not disturb each other.

We've put together the main differences between the versions in a useful table to help you choose the best version for your needs.

Lite Pro Host Business

For web developers and site administrators. Can be purchased from a provider or installed directly on VPS, dedicated servers

For providers and resellers

Up to 10 domains

Up to 50 domains

Unlimited number of domains

Unlimited number of domains

For one or more projects

For the average number of projects

To support a large number of websites

To start a business with ispmanager

The version of ispmanager to choose depends on your needs and the number of projects you are going to manage. If you want to build and manage websites, the lite, pro, or host licenses are sufficient. If you prefer to run your own hosting and reselling service, choose business. If you order our servers, either VPS or dedicated, then you can pick any version of ispmanager that meets your specific needs.

This guide will cover the main features and capabilities of ispmanager — the control panel for websites and web-server. We'll also talk about the interface, the differences between versions of the panel, and the support that ispmanager users can receive. You can choose this control panel when you order a virtual server with an operating system based on Linux distributions.

Learning the interface

If you don't want to work with the server via the console, you can use the ispmanager GUI. It's clear and user-friendly, and the settings required for the smooth operation of the web server are all set in advance and can be easily configured in the panel. The left side of the interface is the main menu, from which you can go to the desired settings: create a site, write to the DNS server, and manage the file manager. You can select the language of the panel — English and Italian languages available. Here you can also manage users: create an account for each and individually set the access permissions.

ispmanager dashboard
Ispmanager dashboard with main information about the system and server, performed tasks, visits, and much more

The core functionality of the ispmanager panel

Ispmanager is a commercial web server panel. It helps to create and manage websites, e-mail accounts, and databases. We will take a detailed look at the panel's features.

Website creation. With ispmanager panel, you are able to connect a domain, configure PHP and Node.js, install an SSL certificate and CMS, or create a site using the website builder.

website creation
Advanced settings for website creation

Work with PHP. The ispmanager panel significantly simplifies working with PHP: it supports different modes and alternate versions for each host, extensions, and the Composer package manager.

Node.js. The ispmanager panel supports Node.js: you can set up different versions and divide applications between users.

DNS server. The panel includes its own DNS server, and the ability to connect external ones as well. For phishing protection, there is support for DNSSEC, an extension that generates a unique digital signature for NS records.

Email domains. The ispmanager panel provides support for managing a mail server on its own domain. Includes transition to the Roundcube mail client and a large selection of tools to protect against spam and viruses: blacklists, email header analysis, behavior-based blocking, and much more.

Databases. You can create database servers directly from ispmanager. It supports MySQL, MariaDB, PerconaServer, PostgreSQL. It is possible to install a dedicated version of DB for any site and manage user access to the database.

SSL certificates. A great benefit of ispmanager is that it supports free SSL certificates from Let's Encrypt. They are automatically installed and extended. However, you can add any commercial certificates to your site if you need advanced protection.

File manager and FTP. The panel includes its own file manager with a code editor, and you can also manage FTP access: add users and grant access rights.

File manager
File manager in ispmanager

Backups. The panel backs up user data. It supports saving backups directly on the server and to external storages, even cloud storages.

Modules in ispmanager

Besides the basic tools, a lot of which are included in ispmanager, there is an opportunity to add extra modules that improve functionality. There are both free and paid modules. Here's a look at several of them.

Dr.Web is a commercial antivirus module for websites. It detects and eliminates threats and scans the system.

DDoS-guard is a commercial DDoS protection module. It works on the principle of a reverse proxy server: it allows all traffic to pass through the network of servers and filters malicious traffic. Apart from the attack prevention itself, the module can act as a CDN (content delivery network), thus speeding up the download of images, videos, and other media content.

Softaculous is a tool for deploying web applications. The module is free, but there are some paid scripts. The library contains more than 400 scripts and CMS. With Softaculous you can not only install them, but also update them automatically, and this is very important for the security and performance of the site.

Site.Pro is a module in ispmanager that is widely used to create a website using the website builder easily. In ispmanager is presented a free version, and it is already possible to make a beautiful informational site based on one of the dozens of templates.

Modules in ispmanager
Modules in ispmanager

The differences between versions of ispmanager

The ispmanager panel is available in various versions (licenses): lite, pro, host, and business. Let's take a closer look at the features and differences.

Ispmanager business is intended for shared hosting. The primary difference from other versions is the possibility to manage a cluster of servers. This version often suits web-hosting providers or companies that manage a lot of web projects.

Lite, pro, and host are the most popular versions of ispmanager. Any of them can be deployed on a single VDS/VPS or dedicated server. The ispmanager lite, pro, and host versions differ in the number of sites you can create in the panel.

We've put together the differences between the versions in a helpful table to help you decide which version is best for you.

Lite Pro Host Business

For web developers and site administrators. Can be purchased from a provider or installed directly on VPS, dedicated servers

For providers and resellers

Up to 10 domains

Up to 50 domains

Unlimited number of domains

Unlimited number of domains

For one or more projects

For the average number of projects

To support a large number of websites

To start a business with ispmanager

You can also find out more about the differences in the versions in our article: "How to pick the most suitable version of the ispmanager panel for your purposes".

About the developer, updates, and documentation of ispmanager

Ispmanager is one of the most popular panels with an eighteen-year history.

The first release, ispmanager 4, was published in 2005. The current version — ispmanager 6 — has been released in 2021.

Updates for ispmanager are available every two weeks. New features first appear in the beta branch, then, after further testing, in the stable. The software has an open roadmap, so you can see which new features are scheduled to be released and vote for them.

Ispmanager has complete documentation in English. There are also unofficial user manuals available on the Internet.

How to get ispmanager on a VDS/VPS

You can order Linux servers (VPS or dedicated) and select any version of ispmanager for your specific needs straight in the server order form.

Portmapper (portmap, rpcbind) is an Open Network Computing Remote Procedure Call service. It dynamically converts Remote Procedure Call service numbers (such as NIS or NFS) into TCP/UDP port numbers.

The service sends RPC broadcast messages on port 111. This specific feature of portmapper could be used to perform a DDoS attack. The UDP protocol allows IP spoofing. Thus, attackers can send small requests to portmapper using the victim's IP address. As a result the server will send all the replies to the victim's address in a much larger volume when receiving such requests. Such amount of traffic from the service heavily loads the infrastructure resources - servers and network equipment, which in turn may lead to inability or delays in processing requests from normal users, which is the purpose of a DDoS attack.

How to check portmapper activity

To check whether you have portmapper running on a VPS or a dedicated server, use the utility rpcinfo, which runs an RPC query and displays the registered RPC services. You can check both local and remote hosts.

To check the local host, run the rpcinfo command:

To check a remote host, specify its address, for example after the -p key. Applying the -s key will show the output in shortened form. Example output of rpcinfo command with -p and -s keys:

The options of the rpcinfo utility can be found in the man help, which can be called with the command man rpcinfo (also man rpcbind).

Additionally, a local host check can be performed with the ss utility (netstat). The use and description of the keys for this utility can also be found in the man help. Here is an example (the command header is added separately for clarity):

How to disable portmapper

To disable and remove portmapper (rpcbind) from boot in distributions that use systemd, such as Debian, RHEL, Ubuntu, CentOS, Fedora, Gentoo, etc., run the command systemctl stop rpcbind.service:

Next, stop the socket with the systemctl command stop rpcbind.socket.

Use the commands systemctl disable rpcbind.service and systemctl disable rpcbind.socket to remove it from the autorun.

If you are using script-based boot scripts in /etc/init.d, you can stop the service with the /etc/init.d/rpcbind stop command.

You can remove it from the autostart in Debian-based distributions by using the update-rc.d -f rpcbind remove command.

In RedHat distributions, you can remove it using the command chkconfig rpcbind off.

After you disable the portmapper service and run the rpcinfo command, you will see an error message:

How to restrict the connection to portmapper

If you still need the portmapper service, you can restrict access to it by, for example, allowing only certain IP addresses to connect. This can be done by using a network filter by restricting access to port 111.

Examples of commands to restrict UDP for IPv4:

Attention! These guidelines will help you to install VPN client software on your iOS or Android smartphone. The server side of the software is pre-installed on a virtual private server. You can read more about installing a VPN on servers in our guidelines:

VPN is a virtual private network. This technology is a closed and secure logical network in addition to an insecure network (the Internet). You can read more about VPN services and how to use them in our blog (“VPN technology for business: pros and cons”).

How to install and connect OpenVPN on Android

Step 1.

Install an SCP-enabled SFTP client on your smartphone from the App Store: andftp, mobilesftp, or similar apps.

Step 2.

Set up a connection to the server where the OpenVPN server-side is installed using the SCP protocol (port 22). For this purpose, enter the server IP address, your username, and password.

Step 3. Download the client.ovpn file to your smartphone.

Step 4. Install the OpenVPN Connect app from the App Store on the smartphone.

Launch OpenVPN Connect and select OVPN Profile.

Then, specify the path to the client.ovpn file and establish a connection to the VPN server.

Make sure the connection is established correctly.

To do this, check your IP address on websites such as https://whatismyipaddress.com/ or https://www.whatismyip.com/. It must match the address of your server. When you disconnect from the VPN server, the address should change to the one assigned to you by your Internet service provider.

How to install and connect OpenVPN on iPhone

The procedure for installing a VPN client on your iOS smartphone is almost identical to Android. We will break it down step by step.

Step 1.

Download the VPN client configuration file created by the script to your device. In this regard, for example, save it first on your computer, copy it to iCloud, and then send it to your iPhone.

Step 2.

Install OpenVPN Connect and open it.

Step 3. Select OVPN Profile and specify the path to the client.ovpn file.

Step 4. Establish a connection to your VPN server.

Step 5. Make sure the connection is established correctly.

To do this, check your IP address on websites such as https://whatismyipaddress.com/ or https://www.whatismyip.com/. It must match the address of your server. When you disconnect from the VPN server, the address should change to the one assigned to you by your internet service provider.

Attention! These guidelines will help you to install VPN client software on your iOS or Android smartphone. The server side of the software is pre-installed on a virtual private server. You can read more about installing a VPN on servers in our guidelines:

  • How to create VPN on a VPS with Ubuntu
  • How to create VPN on a VPS with CentOS

VPN is a virtual private network. This technology is a closed and secure logical network in addition to an insecure network (the Internet). You can read more about VPN services and how to use them in our blog (“VPN technology for business: pros and cons”).

How to install and connect OpenVPN on Android

Step 1.

Install an SCP-enabled SFTP client on your smartphone from the App Store: andftp, mobilesftp, or similar apps.

Step 2.

Set up a connection to the server where the OpenVPN server-side is installed using the SCP protocol (port 22). For this purpose, enter the server IP address, your username, and password.

Step 3. Download the client.ovpn file to your smartphone.

Step 4. Install the OpenVPN Connect app from the App Store on the smartphone.

Launch OpenVPN Connect and select OVPN Profile.

Then, specify the path to the client.ovpn file and establish a connection to the VPN server.

Make sure the connection is established correctly.

To do this, check your IP address on websites such as https://whatismyipaddress.com/ or https://www.whatismyip.com/. It must match the address of your server. When you disconnect from the VPN server, the address should change to the one assigned to you by your Internet service provider.

How to install and connect OpenVPN on iPhone

The procedure for installing a VPN client on your iOS smartphone is almost identical to Android. We will break it down step by step.

Step 1.

Download the VPN client configuration file created by the script to your device. In this regard, for example, save it first on your computer, copy it to iCloud, and then send it to your iPhone.

Step 2.

Install OpenVPN Connect and open it.

Step 3. Select OVPN Profile and specify the path to the client.ovpn file.

Step 4. Establish a connection to your VPN server.

Step 5. Make sure the connection is established correctly.

To do this, check your IP address on websites such as https://whatismyipaddress.com/ or https://www.whatismyip.com/. It must match the address of your server. When you disconnect from the VPN server, the address should change to the one assigned to you by your internet service provider.

If you do not want to overpay for any third-party VPN services, we suggest you use these guidelines to install your own VPN server on a Linux virtual machine. Thus, your data will be completely under your control and protected from malicious attacks.

The server side of the software is installed on a VPS with Ubuntu 18.04. We will also show you how to install the client software for the OpenVPN protocol on your personal computer with Windows 10.

VPN (Virtual Private Network) is a closed and secure logical network in addition to an insecure network (the Internet). You can read more about VPN services and how to use them in our blog (“VPN technology for business: pros and cons”).

How to install the OpenVPN server-side from a script

Today, OpenVPN is one of the most stable and reliable open-source VPN technology protocols. OpenVPN is characterized by a large number of implementations for most of the platforms used.

To install the server-side of the VPN software on a virtual server, we use the openvpn-install open-source script.

The ready-made script makes it possible to install and configure any VPN easily. In this case, the installation process is a set of simple steps:

  • connection to the server;
  • preliminary update of the operating system, if required;
  • downloading and activation of the installation script;
  • making a copy of the configuration file;
  • service performance check.

Attention! The script may be used with the following distributions: CentOS (from version 7), Debian (from version 9), Ubuntu (from version 17) (in case of version 16, use the vpn1604 script).

We will not begin to install the script on a VPS with Ubuntu 18.04.

Step 1. Connect to the server

When making the order, you receive an e-mail with the information necessary to connect to your virtual server: your server IP address, server administrator’s login and password (root), server control panel (URL), as well as login and password, to access it – here you can choose the required operating system.

In order to connect to the VPS, we recommend using any ssh client: PuTTY, Xshell, etc. Run the following command:

ssh root@ХХ.ХХХ.ХХХ.ХХ

where ХХ.ХХХ.ХХХ.ХХ – your server IP address.

If a non-privileged user is previously created on a virtual server for security purposes and allowed to temporarily have a higher level of privileges running the sudo command, then do not forget to run this command every time for all actions that require administrator rights.

In order to log in as a non-privileged user, run the following command:

ssh -l user ХХ.ХХХ.ХХХ.ХХ

where ХХ.ХХХ.ХХХ.ХХ – your server IP address, user – name of the non-privileged user.

Step 2. Update your operating system

You can skip this step if your server ensures the regular update of the operating system. If Ubuntu is recently installed, update it using the following commands for a root user:

apt-get update
apt-get upgrade -y

or a non-privileged user:

sudo apt-get update
sudo apt-get upgrade -y        

Step 3. Download and launch the VPN server installation script

The following command allows you to download and launch the script:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

or

sudo wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

First of all, you will see a welcome screen and a few questions:

Welcome to this OpenVPN road warrior installer!
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port should OpenVPN listen to?
Port [1194]:
Select a DNS server for the clients:
1) Current system resolvers
2) Google
3) 1.1.1.1
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]:
Enter a name for the first client:
Name [client]:
OpenVPN installation is ready to begin.
Press any key to continue…    

In our example, we run the script on a server with a single IP address, so all questions may be answered by pressing the Enter key. The first option out of all offered will be selected. Namely:

  • IP address will be determined automatically. If there are several addresses on the server, then the script will offer to select one manually;
  • Protocol: UDP;
  • Connection port: 1194;
  • Servery DNS: Current system resolvers;
  • DNS servers: Current system resolvers;

Then, the script will install the repository and all necessary packages, generate RSA keys, install certificates and configuration files for both the server and the client, configure the network filter, and directly launch the openvpn-server service.

When the installation process is complete, the script will display a message about the location of the client configuration file. In case of an administrator user, the file will be installed in the root user's home directory: /root/client.ovpn. If the script is installed on behalf of an ordinary user with temporary sudo privileges, then the file will be located in the home directory of this user. This file must be transferred to the computer or other device that will be used to connect to the server. The server configuration file is located here: /etc/openvpn/server/server.conf.

Step 4. Copy the client configuration file

Then, you need to transfer the client configuration file, which is created by the script, to a PC or other device. In our case, we will be transferring it to our personal computer with Windows 10.

You may transfer the file using the WinSCP software or the pscp utility from Putty or ensure the built-in implementation of the OpenSSH protocol on your device.

You may learn more about the WinSCP software on the official website of the developer:

We will consider a command for the pscp utility from Putty. In the Windows command line with administrator rights, specify the path to the software, server, and client configuration directory, which looks like this:

C:\Program Files\PuTTY\pscp.exe root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn "C:\Program Files\OpenVPN\config"

where

  • ХХ.ХХХ.ХХХ.ХХ – your server IP address,
  • /root/client.ovpn – home directory of the root user on the serve,
  • Documents
  • C:\Program Files\OpenVPN\config – path where the client configuration file will be saved.

Then, it may be required to accept the server fingerprint. Enter the root user’s password.

If OpenSSH is installed on your computer, then the following command is to be run:

scp root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn .

The dot at the end of the command indicates to the user that the file is transferred to the same folder from which the command is run.

Attention! If you run the script not as a root user, but as a privileged user, then in the command you must specify the directory of this user on the server, instead of the directory of the root user.

Step 5. Check the performance of the VPN server

Before establishing any connection to the VPN server, we recommend you to perform certain service performance checks. Namely:

  1. Checking server status:

    systemctl status openvpn-server@server -l
    
         openvpn-server@server.service - OpenVPN service for server
        Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
        Active: active (running) since Sat 2021-10-17 16:15:44 GMT; 3s ago
        ...    
    

    Attention! If you find the inactive (dead) value in the server status, run the specific command (systemctl restart openvpn) and check the status again.

  2. Checking socket status:

    ss -4nlup | grep 1194
    
    UNCONN 24960 0 XX.XXX.XX.XX:1194 *:* 
    users:(("openvpn",pid=481,fd=8))    
    
  3. Checking network filter condition:

    iptables -nL | grep 1194
    
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
    

    If, as a result of such checks, there are similar results of the executed commands, then we congratulate you, because you do everything right and now may connect to the OpenVPN server.

How to connect to the OpenVPN server

In order to establish the relevant connection to the VPN server, you need to perform the following tasks:

  1. install a VPN client on your personal computer, smartphone, or other devices;
  2. establish the required connection;
  3. check the quality of the established connection.

Step 1. Install the OpenVPN GUI client on Windows 10

In case of personal computers and laptops with the Windows operating system, the OpenVPN GUI client should be used. The installation process does not cause any difficulties. However, if they take place, you may familiarize yourself with the official instructions posted on the developer's website. By default, the path to the installed software is the following: C:\Program Files\OpenVPN\.

Step 2. Establish the connection to the server

The installed client may be launched via the Start menu. The copied configuration file will be applied automatically, and the relevant connection will be established. If you already have the OpenVPN GUI software installed on your device and there are several VPN configuration files available, select the one you just created from the list and click on the “Connect” button.

If the connection is successfully established, the icon will change its color to green.

By clicking the icon in the taskbar, you may disable the connection, reestablish it, check the connection status, and much more.

Step 3. Check if the connection is correct

You can check whether you are really surfing the Internet using the VPN server by visiting https://whatismyipaddress.com/ or https://www.whatismyip.com/.

You should see your server IP address when the relevant VPN connection is enabled, as well as the IP address assigned to you by the Internet service provider when the connection is disabled.

To install any VPN client on MacOS, use the Tunnelblick software.

Official documents and detailed instructions on the OpenVPN protocol may be found on the developer's website:

Please find hereby our other VPN guidelines:

In these guidelines, we will install a VPN server on a CentOS 7.7 virtual server and configure the relevant connection to it on a user's device with Windows 10.

VPN (Virtual Private Network) is a closed and secure logical network in addition to an insecure network (the Internet). You can read more about VPN services and how to use them in our blog (“VPN technology for business: pros and cons”).

How to install the OpenVPN server-side from a script

OpenVPN is an open-source version of VPN. This protocol has many implementations for almost all platforms. It should be noted that this VPN protocol is currently considered the most secure and reliable.

To install the server-side of the VPN software on a virtual server, we use the openvpn-install open-source script.

The ready-made script makes it possible to install and configure any VPN easily. As a result, the whole installation process is the following mandatory steps:

  1. connection to the server;
  2. update of the operating system, if required;
  3. downloading and activation of the installation script;
  4. making a copy of the configuration file;
  5. service performance check.

Attention! The script may be used with the following distributions: CentOS (from version 7), Debian (from version 9), and Ubuntu (from version 17) (in case of version 16, use the vpn1604 script).

To install the script on the VPS with a CentOS 7.7 distribution, you need to take five steps.

Step 1. Connect to the server

When making the order, you receive an e-mail with the information necessary to connect to your virtual server: your server IP address, server administrator’s login and password (root), URL to the server control panel, as well as login and password, to access it – here you can choose the required operating system.

To connect to the VPS, we recommend using any SSH client: PuTTY, Xshell, etc. Run the following command:

ssh root@ХХ.ХХХ.ХХХ.ХХ

where ХХ.ХХХ.ХХХ.ХХ – your server IP address.

If a non-privileged user is previously created on a virtual server for security purposes and allowed to temporarily have a higher level of privileges running the sudo command, then do not forget to run this command every time for all actions that require administrator rights.

To log in as a non-privileged user, run the following command:

ssh -l user ХХ.ХХХ.ХХХ.ХХ

where ХХ.ХХХ.ХХХ.ХХ – your server IP address, user – the name of the non-privileged user.

Step 2. Update your operating system

The next step is to update the system (if necessary). You can skip this step if your server ensures such updates regularly. You may also need to install wget. Commands for a root user:

yum update -y
yum install wget -y    

or a non-privileged user:

sudo yum update -y
sudo yum install wget -y     

Step 3. Download and launch the VPN server installation script

Download and launch the installation script:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

First of all, you will see a welcome screen and a few questions:

Welcome to this OpenVPN road warrior installer!
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port should OpenVPN listen to?
Port [1194]:
Select a DNS server for the clients:
1) Current system resolvers
2) Google
3) 1.1.1.1
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]:
Enter a name for the first client:
Name [client]:
OpenVPN installation is ready to begin.
Press any key to continue…    

In our example, we run the script on a server with a single IP address, so all questions may be answered by pressing the Enter key. The first option out of all offered will be selected. Namely:

  • IP address will be determined automatically. If there are several addresses on the server, then the script will offer to select one manually;
  • Protocol: UDP;
  • Connection port: 1194;
  • DNS servers: Current system resolvers;
  • Certificate client name: client.

Then, the script will install the repository and all necessary packages, generate RSA keys, install certificates and configuration files for both the server and the client, configure the network filter, and directly launch the openvpn-server service.

When the installation process is complete, the script will display a message about the location of the client configuration file. In case of an administrator user, the file will be installed in the root user's home directory: /root/client.ovpn. If the script is installed on behalf of a non-privileged user with temporary sudo privileges, then the file will be located in the home directory of this user. This file must be transferred to the computer or other device that will be used to connect to the server. The server configuration file is located here: /etc/openvpn/server/server.conf.

Step 4. Copy the client configuration file

Then, you need to transfer the client configuration file, which is created by the script, to a PC or other device. In our case, we will be transferring it to our personal computer with Windows 10.

You may transfer the file using the WinSCP software or the pscp utility from Putty or ensure the built-in implementation of the OpenSSH protocol on your device.

You may learn more about the WinSCP software on the official website of the developer:

We will consider a command for the pscp utility from Putty. In the Windows command line with administrator rights, specify the path to the software, server, and client configuration directory, which looks like this:

C:\Program Files\PuTTY\pscp.exe root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn "C:\Program Files\OpenVPN\config"

where

  • ХХ.ХХХ.ХХХ.ХХ – your server IP address,
  • /root/client.ovpn – home directory of the root user on the server,
  • Documents
  • C:\Program Files\OpenVPN\config – the path where the client configuration file will be saved.

Then, it may be required to accept the server fingerprint. Enter the root user’s password.

If OpenSSH is installed on your computer, then the following command is to be run:

scp root@ХХ.ХХХ.ХХХ.ХХ:/root/client.ovpn .

The dot at the end of the command indicates to the user that the file is transferred to the same folder from which the command is run.

Attention! If you run the script not as a root user but as a privileged user, then in the command, you must specify the directory of this user on the server instead of the directory of the root user.

Step 5. Check the performance of the VPN server

Before establishing any connection to the VPN server, we recommend you perform certain service performance checks. Namely:

  1. Checking server status:

    systemctl status openvpn-server@server -l
    
         openvpn-server@server.service - OpenVPN service for server
        Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
        Active: active (running) since Sat 2021-10-17 16:15:44 GMT; 3s ago
        ...    
    
  2. Checking socket status:

    ss -4nlup | grep 1194
    
    UNCONN 0 0 XX.XXX.XX.XX:1194 *:* 
    users:(("openvpn",pid=27675,fd=6))    
    
  3. Checking network filter condition:

    firewall-cmd --state
    
    running
    
  4. Check the open port for connection:

    firewall-cmd --list-ports
    
    1194/udp
    

    If, as a result of such checks, there are similar results of the executed commands, then we congratulate you because you did everything right and now may connect to the OpenVPN server.

How to connect to the OpenVPN server

To connect to the VPN server, you need to perform three tasks:

  1. Install a VPN client on your personal computer.
  2. Establish the required connection.
  3. Check the quality of the established connection.

Step 1. Install the OpenVPN GUI client on Windows 10

In case of personal computers and laptops with the Windows operating system, the OpenVPN GUI client should be used. The installation process does not cause any difficulties. However, if they take place, you may familiarize yourself with the official instructions posted on the developer's website. By default, the path to the installed software is the following: C:\Program Files\OpenVPN\.

Step 2. Establish the connection to the server

The installed client may be launched via the Start menu. The copied configuration file will be applied automatically, and the relevant connection will be established. If you already have the OpenVPN GUI software installed on your device and there are several VPN configuration files available, select the one you just created from the list and click on the “Connect” button.

If the connection is successfully established, the icon will change its color to green.

By clicking the icon in the taskbar, you may disable the connection, reestablish it, check the connection status, and much more.

To install any VPN client on MacOS, use the Tunnelblick software.

Step 3. Check if the connection is correct

You can check whether you are really surfing the Internet using the VPN server by visiting https://whatismyipaddress.com/ or https://www.whatismyip.com/.

You should see your server IP address when the relevant VPN connection is enabled, as well as the IP address assigned to you by the Internet service provider when the connection is disabled.

Official documents and detailed instructions on the OpenVPN protocol may be found on the developer's website:

Please find hereby our other VPN guidelines:

1 - 41 2 3 4

Guides

Spelling error report

The following text will be sent to our editors: