To share more with the community I think it's essential to have more guides and how to install Waterhole on different panels. This is going to be in-depth guide and I hope to record a video one day, if I have enough time and resources.
Feedback is very appreciated in case I have done something wrong.
HestiaCP setup:
- Purchase VPS/dedicated servers and deploy Debian 12. Aim for 4 CPU and 4GB ram for production.
- Update and remove old junk (use this command weekly to keep your server up to date). From this point you should use root by default. Later on we will switch to normal user wtih sudo rights.
sudo apt update && sudo apt upgrade -y && sudo apt-get autoremove -y && sudo apt-get remove --purge -y software-properties-common
- Enable automatic security updates for Debian. You want to keep it secure.
apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades
- Download and modify HestiaCP installation script, to have latest MySQL. Notice that I left many services like email and antivirus out from the HestiaCP, because I don't use it.
wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install-debian.sh
nano hst-install-debian.sh
Modify script so you can install the latest MySQL version https://forum.hestiacp.com/t/how-to-install-mysql-8-4-lts-on-debian-12/16582
bash hst-install-debian.sh --port 2083 --named no --mysql no --mysql8 yes --exim no --dovecot no --clamav no --spamassassin no
- In case you have issues with certificate (domain that you use for HestiaCP control panel)
v-add-letsencrypt-host
- Add PHP 8.3
v-add-web-php 8.3
v-change-sys-php 8.3
sed -i '/^\t"php-8.2",/a \t"php-8.3",' /usr/local/hestia/web/edit/server/index.php
After that disable old PHP version in HestiaCP (inside control panel settings)
- Add composer
v-add-user-composer
- Use non-root user by default. From this point you should mainly use separate user.
adduser example_user
adduser example_user sudo
- Create and export SSH keys to the new use (it's better to use SSH keys, but this optional)
/home/username/.ssh/
- Remove root auth and auth with password
sudo nano /etc/ssh/sshd_config.d/custom.conf
PasswordAuthentication no
PermitRootLogin no
sudo systemctl restart ssh
P.S You might have to "sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf
Waterhole setup starts here.
- Create separate user in HestiaCP and add your domain
- Add SSH rights in HestiaCP for this user and composer
- Open your website directory, to be more specific folder /public_html
cd web/your-domain.com/public_html/
composer create-project waterhole/waterhole
Open domain settings in HestiaCP and set this as a custom path waterhole/public. You will need to open this directory most of the times if you want to make any changes to Waterhole. Down below I run most of the commands under this directory.
Create MySQL database in HestiaCP
Modify .env
Run installer, but before open /waterhole directory
cd web/your-domain.com/public_html/waterhole
php artisan waterhole:install
composer update
- Change FILESYSTEM_DISK=local
php artisan queue:table
php artisan migrate
update .env to QUEUE_CONNECTION=database
sudo apt-get install supervisor
add worker.log
create and edit laravel-worker.conf
only disable next things in PHP.ini
disable_functions = exec,system,passthru,shell_exec,proc_open,popen
Follow https://laravel.com/docs/10.x/queues#supervisor-configuration
- Cache Configuration
cd config/cache.php
change 'CACHE_DRIVER', 'file' to 'CACHE_DRIVER', 'database'
modify .env to CACHE_DRIVER=database
run php artisan cache:table to start migration
- Run optimizer + icons cache
composer install --optimize-autoloader --no-dev
php artisan config:cache
php artisan route:cache
php artisan view:cache
php artisan icons:cache
- Setup Mailgun
Whitelist IP's in Mailgun's IP Access Management
Change .env with Mailgun creds
composer require symfony/mailgun-mailer symfony/http-client
modify config/mail.php and set it to mailgun
double check config/services.php (most likely not needed)
- Modify php.ini for Laravel app for Queue worker/Supervisor
This enables pcntl functionality while still disabling potentially dangerous functions like exec and shell_exec.
disable_functions = exec,system,passthru,shell_exec,proc_open,popen
- Add waterhole's nginix conf
remove from waterhole.nginix.conf next:
location / { try_files $uri $uri/ /index.php?$query_string; }
cd /usr/local/hestia/data/templates/web/nginx/
sudo cp default.tpl custom.tpl
sudo cp default.stpl custom.stpl
include %home%/%user%/web/%domain%/public_html/waterhole/.nginx.conf;
(ask chatgpt where to put it)
change template + [v-rebuild-user](https://hestiacp.com/docs/reference/cli.html#v-rebuild-user)
- Now if you do any changes to Waterhole you need to run:
php artisan config:clear && php artisan config:cache && php artisan cache:clear && php artisan route:cache && php artisan optimize
This is more or less the notes I been making during the installation and testing. You need some basic understanding on how to manage servers, but this guide will be enough if you want someone with skill to help you.
If enough people ask I can make super dummy video with step-by-step guide and setting up everything from server, domain, HestiaCP and Waterhole.
P.S
@Toby can we get better options for command lines formatting and button to copy the code?