How to setup a self-hosted DirectAdmin on a Cloud Server.

  Administration

DirectAdmin is a program that allows you to start your own web hosting server.
There could be several reasons for doing this. Reasons can be, for example:

  • * You create and maintain websites for customers, and you want these customers to do the management of e-mail-addresses themselves.
  • * You have a webshop, which is too busy for the shared hosting platform, but too small for Managed Hosting.
  • * You need webhosting which you can easily scale up with expected visitors for an event (like ticket sales) and scale back after this period.

Create Cloud Server

We start by creating a Cloud Server, and recommend the following properties for a small to medium web server.

OS: CentOS 7.6
Cores: 4
RAM: 4GB
Disk: 100GB

Of course, you could adjust this setup at your own discretion.

It is best practice to use a subdomain as hostname.
For our example, we use the following subdomain: directadmin.hetvoorbeelddomein.xyz

Note: You must use a domain you own or manage, so that you can point the DNS to the Server in a next step.

For a comprehensive guide in creating a Cloud Server, you can view the following article:

How to create a Cloud Server

After the Server has been created, point your domain to the new server.

How can I link a domain name to my Server?

In addition to the A record for the root domain, be sure to create a Wildcard record (*.domain.tld) for all subdomains.
We recommend using a CNAME-record, set-up like the following screenshot:

DA_Wildcard

Also, if you want to send and recieve mail with directadmin, it is necessary set an MX record and an SPF record.
The entire DNS-zone now looks like this:

DA_DNS_Zone

Optaining a DirectAdmin license

You can obtain your license directly via DirectAdmin, or through us.
At the time of writing we offer a license for unlimited domains for 7, – ex VAT monthly.
Current prices can be found at the bottom of this page [link].
If you want to obtain a license through us you can request this by e-mail.

To setup your license, we need the following information:

  1. IP-adres for the server you are planning to use
  2. The server’s Hostname
  3. The operating system (OS) from the server

This information is the same information you can use to active your license on DirectAdmin.com.
When this information has been set, you are ready to install DirectAdmin on your server.
The license will be automatically optained during the installation proces.

Open Port 25 for outgoing mail

On our Cloud Servers, port 25 for outgoing mail traffic is blocked by default.
This is done to ensure the safety and integrity of the platform.

To open this port, first go to the control panel in the control panel and, at the header Outgoing port rules click Add outgoing port rule.

DA_OUTGOING_PORT

It is possible this button is not available for your server. To activate this setting for your account, please contact [link] us.

In the following screen, enter for both start port and end port “25”.

DA_PORT_25

The server and domain are now ready to install DirectAdmin.

Install DirectAdmin

To install DirectAdmin, you must first connect via SSH.
On MacOS and Linux you can do this via the Terminal. Use the following command, where replacing hetvoorbeelddomein.xyz with the domain name you set earlier.

ssh root@hetvoorbeelddomein.xyz

If you did not setup the SSH-keys, the server will prompt you for the Password.
You are now logged in on the server.

When using Windows, you usually need a separate program to connect via SSH, for instance the free program Putty [link].
Experience has shown that it is not straightforward to copy and paste text, so check in advance how you can do this easily.

The first command we issue on the server is to update all software on the machine:

yum update && yum upgrade

A number of questions are asked to which you can all answer Yes by typing “Y”.

Next, we will ensure that the installation remains up-to-date automatically from now on, by issuing the following commands:

yum install -y yum-cron
sed -i '/apply_updates/s/no/yes/g' /etc/yum/yum-cron.conf
systemctl enable yum-cron
service yum-cron start

Now that everything is up to date, we are going to install some packages (programs) that are needed for DirectAdmin.
You can copy and paste the following lines entirely.

yum install wget tar gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio \
libcom_err-devel libcurl-devel gd zlib-devel zip unzip libcap-devel cronie bzip2 cyrus-sasl-devel perl-ExtUtils-Embed \
autoconf automake libtool which patch mailx bzip2-devel lsof glibc-headers kernel-devel expat-devel \
psmisc net-tools systemd-devel libdb-devel perl-DBI perl-Perl4-CoreLibs perl-libwww-perl xfsprogs rsyslog logrotate crontabs file kernel-headers

Any questions can again be answered with “Yes” or simply “y”.

The following three commands get the DirectAdmin installation file, change the permissions of said file, and install DirectAdmin.
The last step should take a while.

wget -O setup.sh https://www.directadmin.com/setup.sh
chmod 755 setup.sh
./setup.sh auto

When the message comes that everything is installed, you can scroll up a little in the terminal to find the login password.
In our case, it concerns the following information:

Admin username: admin
Admin password: [******************]
Admin email: admin@directadmin.hetvoorbeelddomein.xyz

The link to log in is your domain with “: 2222” behind it, in our case http://directadmin.hetvoorbeelddomein.xyz:2222

If you accidentally have already closed the terminal, or for some other reason have not saved the information, you can reset the password.
Login via SSH and enter the following command:

passwd admin

Safety Concerns

The following steps are advised to harden the security of your DirectAdmin Server.

Protect against DNS Amp Attacks

Bind (nameserver) allows default recursion, which MUST be turned off. Otherwise, you are vulnerable to dns amp attacks.
Via SSH, use the following command to edit the configuration file:

nano /etc/named.conf

then, find the following line.

// recursion yes;

Change it to the following. Note the removal of the “//” at the beginning of the line.

recursion no;

Activate SSL/HTTPS

To ensure that the administration page is secured with an SSL certificate, we are going to execute the following commands via SSH.
Make sure to replace directadmin.hetvoorbeelddomein.xyz with your own subdomain. First, we will manually create the certificate:

cd /usr/local/directadmin/scripts && ./letsencrypt.sh request_single directadmin.hetvoorbeelddomein.xyz 4096

If all went well, you will see the following message in your terminal:

Certificate for directadmin.hetvoorbeelddomein.xyz has been created successfully!

Next, we will ensure that the certificate is actually used:

cd /usr/local/directadmin
./directadmin set ssl 1 \
./directadmin set carootcert /usr/local/directadmin/conf/carootcert.pem \ 
./directadmin set ssl_redirect_host directadmin.hetvoorbeelddomein.xyz
service directadmin restart

Activate Two-factor-authentication (2FA)

With the user admin you can manage all settings and websites on your DirectAdmin installation.
Therefore, we advise to protect this user with 2FA. You could skip this step.

For more information about 2FA, see the following article:

Enable Two-factor-authentication for your PCextreme Account

First, login to your DirectAdmin installation.
Then, click on the Admin User in the top right, and select Password

DA_Password

Next, click on Two-Step Authentication and generate a Secret.
A QR code will appear, which you can scan with your 2FA app of your choice.

DA_QR_SECRET

You will be automatically logged out to log in again with 2FA.

Add Main Domain

Finally, we are going to add the main domain within DirectAdmin.
Site-management is done at “User-Level”, and for this you have to adjust the “Access-level” at the top.

DA_admin_user

Then go to Account Manager -> Domain Setup at the top menu.

DA_Domain_setup

Here you only need to enter the domain and click Create at the bottom.

DA_create_domain

Your DirectAdmin is now ready to use!

You can find the FTP data, create a Database, and provide SSL certificates through the Account Manager.
For more information about using DirectAdmin itself, you can view their extensive Forum [link].