This article covers:
- Logging in to your VPS
- Plesk Control Panel security warnings
- Setting up domains on your VPS using Plesk
- Your IP addresses
- Forgotten or lost Plesk password
- Adding, removing, & updating services in Plesk
- Automatic updates & update settings
- Security configurations for Plesk
- Web Application Firewall
- IP address banning
This guide is to be used with a Internic VPS using Centos7 and Plesk. To get started with a Internic VPS, go here: www.internic.ca/vps
It is important to note that there are two different ways to access your VPS. The first way is through the use of a Control Panel like Plesk which allows you to easily manage your websites, domain names, and users. This Control Panel allows you to accomplish most tasks required for day to day operations. The second method is by using SSH (Secure Shell). SSH allows you to get full root (administrative) access to your VPS through the command line. You may need to use SSH if you want to modify the configuration of services or to install new services on your VPS.
To log into the Plesk Control Panel, you need to navigate to the server using a Web Browser. The way you do this depends on if your server has a hostname or not. Please note that in both cases you need navigate to port 8443 to access the Control Panel, this is done by adding a colon followed by the port number 8443 in your web address.
If you only know the IP address of your VPS and have not configured a hostname on your VPS, you can navigate to the login page using the IP address. The path will look like this: https://<PublicIPAddress>:8443. Here is an example: https://22.214.171.124:8443
If you have previously configured a hostname and domain for your server, you can navigate to the login page using that hostname. It would look like this: https://<hostname>:8443, and here is an example: https://mycontrolpanel.domain.com:8443.
You have successfully accessed the login page when you see a login page that looks like this:
Before logging into your VPS using SSH, you will need to get a few pieces of information:
User name: The user to log in as. The default admin user on a Internic VPS is "root"
Password: The password that is used to authenticate the user that you are logging in as.
Public IP address: This is the address that uniquely identifies your VPS on the Internet.
Using SSH on a Mac or Linux system
Open up a terminal window to get started
To get connected, in the terminal window type the following command:
ssh root@<Public IP Address>
For example, if the IP address or your VPS was 126.96.36.199, the command would look like this: ssh firstname.lastname@example.org. Then press Enter.
The first time you connect to a VPS by SSH you may see a confirmation message like this:
The authenticity of host '188.8.131.52 (184.108.40.206)' can't be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?
It is safe to type Yes and then click Enter. Your computer is simply telling you that this server isn't recognized because it is the first time you are connecting to it.
You will be prompted for a password. You must type in the password for the root user here and press enter. If you have done everything correctly, you should be signed into the VPS server at this point.
Using SSH on a Windows system
Windows does not have a built in SSH program, so you will need to download a program call PuTTY for Windows. You can download PuTTY from www.putty.org
Launch PuTTY by using the putty.exe file you downloaded, it should look like this once opened:
You will need to configure the connection, fill in these areas:
- Host Name (or IP address): Enter in your VPS's Public IP address here
- Port: 22 (22 is the default configuration)
- Connection Type: SSH
Press the Open button at the bottom to start the connection. You may see a warning like this the first time you connect:
This warning is ok and simply warning you that this is the first time you are connecting to the server. It is safe to press Yes.
You will now need to enter in the login credentials:
- Login as: root
- Password: enter in the password for your VPS
If you followed all of these steps successfully, you should now be logged in to your VPS using SSH.
Plesk Control Panel security warnings
When you access your Plesk Control Panel for the first time, you may see a warning that looks like this:
This warning happens because there is no SSL certificate configured for your Plesk Control Panel and it is safe to bypass it.
To bypass this error, click on Advanced and then click on the Proceed to …(unsafe) button. You should now be brought to your Plesk Control Panel. You may notice that the web browser is showing that the connection is not secure:
This error is caused for the same reason as before and can be ignored. If you would like to make this error go away, follow the steps below.
You will need to pick a domain name that you would like to use for your Control Panel. This could be a regular domain name like "mydomain.com" or it could be a subdomain like "controlpanel.mydomain.com".
You will need to change the hostname of the VPS server to match the domain name that you've selected. At the moment, this can only be done by contacting our 24/7 Customer Support team (although we are working on allowing you to do it yourself, stay tuned) or by contacting the Internic VPS manager by email. The Hostname will be changed by us for free as soon as we can.
Once the hostname is changed, you can confirm that it is correct by logging in via SSH to your VPS and typing in the command:
This will display the current hostname of your server.
Log into your Plesk Control Panel. Go into Tools and Settings and then Server Settings. Make sure that the Full hostname field is the same as the hostname of your VPS. If it is different, correct it here and click OK at the bottom of this page to save.
The final step is to install an SSL Certificate for the Control Panel. This can be done by going to Tools and Settings and the SSL/TLS Certificates. You can upload a new certificate from any SSL provider. After you have an SSL Certificate installed, you can update the certificate for securing Plesk on this page to your new certificate. You are now done and your Plesk Control Panel has a valid certificate.
If at any point during these steps you run into issues or would like some help, don't hesitate to contact us at our 24/7 Customer Support team. We will be happy to get you up and running.
To complete this tutorial, you should know how to do the following:
- Login to Plesk
- Understand Customers and Resellers
Once you are logged into Plesk, make sure you are on the Websites and Domains tab found on the left-hand side, it should look like this:
Click on the Add Domain found near the top of the page.
You are now on the Adding a new Domain page.
- Type in the domain name
- If you want the website to be separate from other websites, select Create a new Webspace. You may also click the drop down and select an existing webspace if you would like the websites to share a webspace with another website (the files will be in the same directory)
- Select an IP address you want the website to use
- Create a unique username to administer the website through FTP. You can create more afterwards
- Create a password
- OPTIONAL: If you have Git enabled on your server, you may pull a website from Git
- Once all of the fields are filled out, click OK
You will need to set the DNS for the domain at your domain name registrar to point to this server. There are 2 options here, you may want to manage your DNS at your domain name registrar, or you may want your VPS server and Plesk to manage your DNS.
Having your domain name registrar manage the DNS may be the simplest option. Go to your domain name registrar and add or modify the A record for the domain name, you will want to point it to the IP address of your domain in Plesk. The IP address is found directly underneath the domain in Plesk. You may want to consider adding MX Records (email) and CNAME Records (ftp) so that all of your services work. Here are some example DNS records to help you get started (use your own domain name):
Note: Replace <server.hostname.com> with your own server hostname
You must have 2 different IP addresses to use this option: You may want to have your VPS act as the DNS server for your domains. In order to do this, you will need to do the following steps:
- At your domain name registrar, you need to create Registry Name Servers. Here is an example where the VPS's IP address is 220.127.116.11 and the domain in Plesk is myinternicdomain.com. My registry name server would be ns1.myinternicdomain.com and that would point to 18.104.22.168. For your second IP address, create a second Name server record that looks like this: ns2.myinternicdomain.com which points to the second IP.
- Change the name servers that your domain uses. Change those name servers to be the new registry name servers you just created.
- Once this is done, your DNS should be managed from within Plesk only, that includes managing A records, MX records, and any other DNS records.
You are now done setting your DNS, keep in mind that this may take 24-48 hours to propagate but you should now be able to see your website being hosted on your VPS server with Plesk. If after 48 hours you still are unable to navigate to your website, or if you would like some help with any of these steps, please contact our 24/7 Customer Support team and we will be happy to help!
The only way to view your public IP addresses is by logging into your Plesk Control Panel. Once logged in, you can view which IP address a domain is using as it is indicated underneath the domain on the Websites & Domains tab.
You may also view all the IP addresses on the server by going to the Tools & Settings tab found on the left-hand side. Then navigate to IP addresses found underneath the Tools & Resources section. Your IP addresses are then ones found in the Public IP Address column, these are the IP addresses that devices over the internet may use to connect to your VPS server. The IP Address column indicates your internal Private IP addresses; these CANNOT be used to communicate over the internet and are used internally by the VPS server only.
Here is what an example server's IP addresses page looks like:
|WARNING: At no point should you change the IP addresses found here, changing these IP addresses will break your VPS server's ability to host websites.|
Forgotten or lost Plesk password
If you have forgotten or lost your Plesk password, there are two ways to recover your account.
Go to the Plesk Panel login page, at the bottom you will find a Forgot your password? button that you can click. This will bring you to the Retrieve password page.
Here, you will need to enter the username and email address for the account you are trying to recover. The VPS administrator's account username is admin, and the default email is your main Internic email address.
For this method, you will need to SSH into the VPS, if you do not know how to SSH into your VPS, please read our guide on Logging into your VPS.
Once logged into your VPS using SSH, run this command:
The Plesk login command will print to the screen a temporary link that will allow you to login to Plesk without a password. Simply copy and paste the link into any web browser. Here is what an example link looks like:
|WARNING: Make sure that the link starts with the proper public IP address or hostname for your VPS (in our example above it is 22.214.171.124). If it starts with a private IP address simply replace it with your public IP address and the link will work.|
Resetting your password
If you need to reset the password, you must first SSH into the server, once logged in use this command (replace "ThisIsMyPassword"):
plesk bin admin --set-admin-password -passwd 'ThisIsMyPassword'
For more information on how to use this utility, please view the official Plesk documentation here.
It's important to update your administrator information. The administrator can receive email notifications for several things including updates and user actions. It also allows you to recover your account easily in case you forgot the administrator password.
The administrator's information can be found on the left hand under My profile, click on the Profile and Preferences tab. This will bring you to the Editing Administrator Profile page.
|WARNING: Make sure you have access to the email account listed here as it may be used to recover your account in the case of a lost or forgotten password.|
Plesk allows you to add, remove, and update services easily through the Control Panel. There are a few different areas within Plesk to manage different types of services. There are System updates, Core Plesk services, Extensions, and Automatic updates settings.
The Core Plesk services are the major services required to host websites and email. In here you will find services like PHP, NodeJS, Ruby, Dovecot, MYSQL and many more. You are able to add and remove these services as well as update them through the Plesk Update utility.
To get started, log in to your Plesk Control Panel. Next, go to the Tools & Services tab on the left-hand side. Under the Plesk section, click Updates and Upgrades.
This button will open up a new tab, launching the Plesk Update utility. Once it's loaded, it should look like this:
Install or Upgrade Product is only used for major updates. Be aware that major updates will take your server and websites offline. We recommend doing these only when you can afford to have your websites offline for a little while. Major updates may take anywhere between 5 minutes to 1 hour to complete.
Add/Remove components is where you can add and remove Core Plesk features. This is what the Add/Remove components page looks like:
You can choose to add or remove programs here. Notice how some of the options have a small plus sign beside them (Webmail Services, Mail hosting, Web hosting, and Plesk Extensions).
You can press this plus sign to get a more in depth view of the services that you can add or remove, here is what mail hosting looks like:
To apply any changes that you've made, press the Continue button at the bottom. This will bring you to a different page which outputs the results of the operations. Monitor this page for any error messages, typically these error messages are due to a configuration preventing the operation from happening. Here is what the output page looks like:
Once your operations are complete, you will see a success or failure message that looks like this:
At this point, it is now safe to close this tab as all of your operations are complete.
Update Components will allow you to conduct minor updates to your Core Plesk Services. Here is what this page may look like (yours may look different as it only shows services that can be updated):
On this page, simply select the services you would like to update and press the Continue button at the bottom. You will see an output page displaying the operations in progress, pay attention for any errors here.
These minor updates should not take your websites offline, although the services behind them like PHP or Apache may restart causing any operations in progress to be killed or stopped. Once the updates are done, you should see a success or failure page that looks like this:
At this point it is safe to close the tab as all of your update operations are done.
If at any point you run into issues with adding/removing/or updating your Core Plesk services, please contact our 24/7 Customer Support team and we will help you get it done!
Plesk offers a convenient way to update your system packages installed on your Linux server. This tool is the equivalent of running a "yum update" or "apt-get update" command on your Linux server.
System updates are important to conduct as these system packages may contain security exploits and or bugs that are addressed through these updates. It is recommended to keep your system packages up to date at all times.
You can access the System updates screen by going to Tools & Settings, and then under Server Management click the System Updates button. The System Updates page looks like this:
From here you can select which packages you would like to update, or you could simply press the Update All button at the top of the page to update all of your system packages at once. Pressing the Update All button will bring up this pop up confirming which packages will be updated, you can press the OK button to start the update. These updates should not take your websites or server offline although they may force some services to restart, killing any ongoing processes.
Once you press the OK button, the pop up will disappear. You will notice that the update is actually taking place in the background, you can see the progress in the bottom right hand corner of your page.
Once your updates are done, you will see a success or failure message shown in this same location (bottom right hand corner).
You can now refresh your page to see that there are no available updates.
Plesk Extensions are pieces of software or apps built by Plesk or third parties. Extensions are not required for websites to work but can provide valuable functionality on your VPS. Please note that Extensions may require a payment or license to work, Extension payment or support should be directed to the extension provider.
To get to the extensions page, click the Extensions tab on the left-hand side.
By default, your VPS comes with most security features turned off, but they are pre-installed for you. Read through the different sections here to learn how to turn on each security feature, they include firewalls, application firewalls, and IP address banning.
By default, your VPS with Plesk comes with no firewall setup.
Plesk has a built-in firewall utility that makes it easy to turn on your firewall and configure the rules. To get to this utility, go to the Tools & Settings on the left-hand side and then under Security click the Firewall button (if you do not see this button, make sure the Firewall extension is installed). It will bring you to this firewall utility page:
You can Enable the Firewall rules at the top as well as configure the rules. You will only be able to modify or create firewall rules after the firewall is enabled.
By clicking Modify Plesk Firewall Rules you are brought to a different page that helps you add, remove, and create custom rules. Here is what this page looks like:
Don't forget to press the Apply Changes button at the top after you are done configuring your firewall rules.
For a more in depth firewall tool, take a look at Firewalld (www.firewalld.org) which comes pre-installed but disabled.
Plesk comes with a Pre-Installed Web application Firewall (ModSecurity) but it is not turned on by default. ModSecurity will help protect you from malicious attacks on your server and websites.
To turn on ModSecurity, go to the Tools & Settings tab, and under Security click the Web Application Firewall (ModSecurity) button. This will bring you to the ModSecurity page which looks like this:
A common type of attack on the internet is a Brute Force attack. Hackers will try to log in over and over again, trying a different password each time. Given enough time, they will eventually get the password correct and gain access to your websites. That is why automatic IP address banning is important, and Plesk comes with a built-in tool called Fail2Ban. Fail2Ban monitors your logs searching for patterns and when it detects a pattern (that you can configure or use the defaults) it will ban the IP address. Here is how you turn it on:
- Go to the Tools & Settings page found on the left-hand sound.
- Under Security click on the IP Address Banning (Fail2Ban) button. This will bring you to the Fail2Ban utility page. It looks like this:
Notice how there are different tabs at the top: Settings, Logs, Jails, Trusted IP Addresses, and Banned IP Addresses.
To start using Fail2Ban you must select the Enable intrusion detection check box. The IP address ban period is the amount of time an IP address will remain banned before being removed from the ban list. The Time interval setting is the amount of time that must go by before the attempts are reset. The number of failures field is how many times the IP address needs to fail to login before being banned.
In the above screenshot, the IP address needs to have 3 failed attempts all within 600 seconds of each other in order to be banned for 600 seconds.
This tab allows you to download the Fail2Ban logs. This is a good place to start if you need to trouble shoot banned IP's
This tab allows you to manage the rules or patterns that will determine if an IP is attacking your server. Here is what the page looks like:
Notice how the plesk-apache jail and the plesk-dovecot jail are active, but all of the others are inactive. Only the rules in active jails will be respected, the more jails you have active, the more services you are protecting which in this case is only Apache and Dovecot. By default, Plesk comes with a few jails that are pre-configured and simply need to be activated. We highly recommend that you activate at minimum the Plesk-WordPress jail as this is a common target for hackers.
By clicking on Manage Filters, you can create new filters to be used by Jails, although we recommend that only advanced users do this as you may break existing filters or create filters that block everything.
Here is an example WordPress filter which is looking for failed login attempts on WordPress:
Trusted IP addresses.
In this tab, you can add IP addresses that are to be trusted and never banned. you can provide a single IP or a full CIDR block.
Banned IP addresses.
Here you can view the list of currently banned IP addresses. You may also select them and un-ban them from here although they risk being banned again unless they are added to the list of trusted IP addresses.
Server security is very important, especially if you are dealing with high traffic or WordPress websites as they are often targets of attacks. These tools are not the only tools that can help you protect your VPS server, but they do provide a good base. Just like anti-virus software, you are not guaranteed to never get hacked, but you are now much more protected than before and your server will be able to handle the common types of attacks!
If you need any help getting started, or have some additional questions, please feel free to reach out to our 24/7 Customer Support team and we will be happy to help!