To configure DirectAdmin on a Linux server, start with a clean, supported OS and a valid license, set a fully qualified hostname, open required ports, run the official installer, choose your web stack via CustomBuild (Apache/Nginx, PHP-FPM, MariaDB), enable SSL with Let’s Encrypt, secure with CSF/LFD and ModSecurity, configure DNS/email, and finalize backups and monitoring.
In this step-by-step guide, you’ll learn how to configure DirectAdmin on Linux server—from prerequisites to production-ready hardening—using current best practices for 2026. We’ll cover AlmaLinux/Rocky Linux 8/9, Debian 12, and Ubuntu 22.04/24.04, keeping the process beginner-friendly while staying accurate for real-world hosting environments.
What Is DirectAdmin (and Why Use It in 2026)?
DirectAdmin is a lightweight, feature-rich web hosting control panel for Linux. It’s known for speed, stability, and lower resource usage compared to heavier panels. It supports Apache and Nginx, PHP-FPM, MariaDB/MySQL, Exim/Dovecot mail, Let’s Encrypt, and integrates with CSF/LFD and ModSecurity. For hosting providers, it’s a reliable, cost-effective cPanel alternative with excellent automation and reseller features.
Prerequisites and System Requirements
Supported operating systems (2026)
– AlmaLinux 8/9 or Rocky Linux 8/9 (recommended for production)
– Debian 12 (Bookworm)
– Ubuntu 22.04 LTS or 24.04 LTS
Use a fresh, minimal installation without another control panel installed.
Minimum hardware
– 2 vCPU, 4 GB RAM, 60 GB SSD for small production
– 4–8 vCPU, 8–16 GB RAM for busy multi-site hosting
Enable swap (2–4 GB) on small instances to prevent out-of-memory crashes during builds.
Networking and DNS
– Static public IPv4 (and IPv6 if available)
– A Fully Qualified Domain Name (FQDN) hostname, e.g., server.yourdomain.com with an A record
– Optional: private nameservers (ns1/ns2.yourdomain.com) with registrar glue records
Open the required ports
Control panel: 2222 (DirectAdmin), 80/443 (web), 21 (FTP), 53 (DNS), 25/465/587 (SMTP), 110/995 (POP3), 143/993 (IMAP), 3306 (MySQL local), and 8080/8081 if using OpenLiteSpeed/ports proxies.
Step-by-Step: Install and Configure DirectAdmin
Step 1: Update OS, set hostname, time, and swap
# AlmaLinux/Rocky
sudo dnf -y update
# Debian/Ubuntu
sudo apt update && sudo apt -y upgrade
# Set FQDN hostname
sudo hostnamectl set-hostname server.yourdomain.com
# Verify DNS A record resolves to your server IP
dig +short server.yourdomain.com
# Optional: add 2–4GB swap if not present
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab
sudo swapon -a
# Time sync
sudo timedatectl set-timezone UTC
sudo timedatectl set-ntp trueStep 2: Open firewall ports
# firewalld (Alma/Rocky)
sudo dnf -y install firewalld
sudo systemctl enable --now firewalld
for p in 22 53 80 443 110 143 993 995 21 25 465 587 2222; do sudo firewall-cmd --permanent --add-port=${p}/tcp; done
sudo firewall-cmd --permanent --add-port=53/udp
sudo firewall-cmd --reload
# UFW (Ubuntu/Debian)
sudo apt -y install ufw
sudo ufw allow 22,53,80,443,110,143,993,995,21,25,465,587,2222/tcp
sudo ufw allow 53/udp
sudo ufw --force enableStep 3: Get a DirectAdmin license and run the installer
Buy a DirectAdmin license using your server’s public IP. You’ll receive a client ID, license ID, and key. Then run the official installer on a clean OS.
# Install basic tools
# Alma/Rocky
sudo dnf -y install wget curl tar perl
# Debian/Ubuntu
sudo apt -y install wget curl tar perl
# Download & run DirectAdmin installer
cd /root
wget -O setup.sh https://www.directadmin.com/setup.sh
chmod 755 setup.sh
sudo ./setup.sh auto
# When prompted, provide:
# - Client ID, License ID, and License key
# - Network interface (auto-detected in most cases)
# - Hostname (server.yourdomain.com)
# - Desired options (or choose defaults; we’ll refine via CustomBuild)After installation, DirectAdmin typically runs at https://your-server-ip:2222 or https://server.yourdomain.com:2222. Log in with the admin credentials shown at the end of the installer.
Step 4: Choose your web stack with CustomBuild
DirectAdmin’s CustomBuild 2.x manages core services. Recommended for 2026: Nginx as reverse proxy with Apache (or Nginx standalone), PHP-FPM, MariaDB 10.6–10.11 LTS, and HTTP/2/HTTP/3 where supported.
cd /usr/local/directadmin/custombuild
# Review/modify build options
./build options
# Set recommended stack
./build set webserver apache
./build set nginx yes
./build set php1_release 8.2
./build set php2_release 8.3
./build set php1_mode php-fpm
./build set php2_mode php-fpm
./build set mariadb 10.6
./build set modsecurity yes
./build set proxysubdomains on
./build set letsencrypt yes
./build set opcache yes
./build set ioncube yes
# Apply and compile
./build update
./build all d
./build rewrite_confsUse Multi-PHP to assign versions per domain. PHP 8.2 is a stable default in 2026; keep 8.3/8.4 available for modern apps after compatibility tests.
Step 5: Enable SSL/TLS with Let’s Encrypt
First secure the server hostname and the DirectAdmin panel itself. Ensure the hostname A record points to your server IP.
# Enable DA hostname SSL
cd /usr/local/directadmin
echo "enable_ssl=1" | sudo tee -a conf/directadmin.conf
echo "letsencrypt=1" | sudo tee -a conf/directadmin.conf
service directadmin restart
# Request a certificate for hostname
/usr/local/directadmin/scripts/letsencrypt.sh request_single server.yourdomain.com 4096Within user accounts, you can enable “Secure SSL” and select Let’s Encrypt to auto-issue domain certificates. Turn on auto-renewal by default.
Step 6: Configure DNS and private nameservers
If you run DNS on the same server, create ns1/ns2 child hosts (glue) at your domain registrar pointing to your server IPs. Then set the same nameservers in DirectAdmin’s Admin Level > DNS Administration and in each user’s domain configuration.
- Create A records: ns1.yourdomain.com → IP1, ns2.yourdomain.com → IP2 (or same IP if single).
- Registrar: register child hostnames (glue) for ns1/ns2.
- Update domains to use ns1/ns2.yourdomain.com.
For multi-server or high availability, consider a secondary DNS server and enable DirectAdmin’s DNS clustering.
Step 7: Email stack and authentication (SPF, DKIM, DMARC)
DirectAdmin uses Exim (MTA) and Dovecot (IMAP/POP3). Enable DKIM and SPF per domain; add a DMARC policy for better deliverability. Make sure reverse DNS (PTR) for your server IP resolves to the hostname.
# Enable DKIM globally
echo 'dkim=1' | sudo tee -a /etc/exim.conf.localopts
/usr/local/directadmin/scripts/dkim_create.sh admin
# Example TXT records (add in DNS):
# SPF:
# yourdomain.com. TXT "v=spf1 a mx ip4:YOUR.IP.HERE include:_spf.your-mail-provider ~all"
# DMARC:
# _dmarc.yourdomain.com. TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100"
# Verify PTR (set via your hosting provider’s panel)
host YOUR.IP.HEREIf you don’t want to manage outbound mail reputation, relay through a trusted SMTP provider and configure Exim smart host settings.
Step 8: Create packages, reseller, and user accounts
- Admin Level > Manage User Packages: define limits (disk, bandwidth, inodes, domains).
- Admin Level > Create Reseller: assign a package for resellers.
- Reseller Level > Create User: add end-user accounts and domains.
- User Level: upload site files (File Manager/SFTP), create databases, install apps.
From the User Level, enable SSL, choose PHP version, and add WordPress via Softaculous (if licensed) or WP-CLI.
Step 9: Security hardening
- Install CSF/LFD and the DirectAdmin plugin.
- Enable ModSecurity with OWASP Core Rule Set; add exceptions for false positives.
- Use SSH keys, change SSH port, and disable root password login.
- Keep system and services updated; enable automatic security updates.
# CSF/LFD install (scripted in DA)
cd /usr/local/directadmin/custombuild
./build set csf yes
./build csf
# Access CSF UI in DirectAdmin: Admin Level > Plugins > ConfigServer Security & Firewall
# SSH hardening (example)
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshdStep 10: Backups, updates, and monitoring
- Backups: Admin Level > Admin Backup/Transfer. Schedule off-server backups (S3, remote FTP, or object storage).
- Updates: use CustomBuild to keep PHP, Apache/Nginx, MariaDB, and Exim updated.
- Monitoring: install Netdata/Prometheus exporters; set process and disk alerts.
- Logs: review /var/log/exim, /var/log/httpd or /var/log/nginx, and DA logs under /var/log/directadmin.
# Routine maintenance
cd /usr/local/directadmin/custombuild
./build update
./build versions # review pending updates
./build update_da # update DirectAdmin
./build php n # update PHP versions (non-interactive)Post-Install Quick Commands Reference
# Restart key services
service directadmin restart
service httpd restart # Apache (Alma/Rocky)
service apache2 restart # Apache (Debian/Ubuntu)
service nginx restart
service exim restart
service dovecot restart
service mariadb restart
# Change DirectAdmin admin password
passwd admin
# Force Let’s Encrypt renewal for a domain
/usr/local/directadmin/scripts/letsencrypt.sh request <domain>
# Switch PHP mode for a domain (example via GUI recommended)
# User Level -> Domain Setup -> PHP Version Selector
# Toggle ModSecurity rules
/usr/local/directadmin/custombuild/build modsecurityCommon Pitfalls and How to Fix Them
- Hostname not resolving: ensure server.yourdomain.com has a public A record before installing SSL.
- Let’s Encrypt failures: port 80 must be open; no CDN/proxy blocking /.well-known/. Check DNS propagation.
- Mail deliverability issues: configure SPF, DKIM, DMARC, and PTR. Avoid sending bulk mail from a new IP; warm up slowly.
- High memory usage during builds: add 2–4 GB swap; reduce parallel compile jobs if RAM is tight.
- Double-SSL or mixed content: force HTTPS at the domain level; update application URLs (e.g., WordPress home/siteurl).
Performance Tuning Tips (2026)
- Use Nginx reverse proxy for static assets and HTTP/2/HTTP/3 when supported.
- Enable PHP-FPM with OPcache; allocate 128–256 MB per pool for busy sites.
- Choose MariaDB 10.6–10.11; tune innodb_buffer_pool_size to 40–60% RAM on DB-heavy servers.
- Enable Brotli or Gzip compression and cache headers in Nginx/Apache.
- Install Redis for application object caching (WordPress/WooCommerce).
When to Choose YouStable
If you want a ready-to-run DirectAdmin server, YouStable’s SSD VPS and Dedicated Servers deliver clean OS images, premium networking, and optional DirectAdmin licenses. Our support team can pre-harden the stack, set up DNS and Let’s Encrypt, and configure CSF/ModSecurity so you can focus on hosting—not server plumbing.
FAQs: Configure DirectAdmin on Linux Server
Which Linux distro is best for DirectAdmin in 2026?
AlmaLinux or Rocky Linux 9 is the safest production choice due to stability and RHEL compatibility. Debian 12 is excellent for minimal footprints. Ubuntu 22.04/24.04 is fine if you prefer Ubuntu’s ecosystem.
What ports must be open for DirectAdmin to work?
At minimum: 22, 53 (TCP/UDP), 80, 443, 21, 25, 465, 587, 110, 143, 993, 995, and 2222. If you run additional services (e.g., OLS or proxies), open their ports too.
Can I migrate from cPanel to DirectAdmin?
Yes. DirectAdmin supports cPanel backup imports. Create full backups in cPanel, transfer to the DA server, then use Admin Level tools to restore. Validate DNS, SSL, PHP versions, and email authentication post-migration.
How do I enable HTTP/3 in DirectAdmin?
Use Nginx with a QUIC/HTTP/3-capable OpenSSL (quictls). In CustomBuild, update Nginx and enable HTTP/3 in Nginx templates. Confirm UDP/443 is allowed. Note that HTTP/3 requires careful kernel and library support on your distro.
Is CSF/LFD better than Fail2Ban for DirectAdmin?
For DirectAdmin, CSF/LFD integrates tightly with the panel, providing UI-based management and DA-aware rules. It’s typically preferred over Fail2Ban on DirectAdmin servers, though both can work if configured properly.
By following the steps above, you can confidently configure DirectAdmin on Linux and ship a secure, high-performance hosting environment ready for 2026 workloads. Keep your stack updated, automate backups, and monitor resources—and your server will run smoothly for years.
