By now, you have nearly all of the skills needed to create your own online store. The final task is moving your website from your local server to a real server. In this article, we will explain why you should learn how to create a Debian based virtual private server to host your online business.
One of the greatest security threats to any online store is allowing hackers to have an open back door to your business website.
Open back doors are hidden access points to your website created in programs by greedy monopolies looking to data mine your website.
The original open back door was created by Bill Gates at Microsoft in 1998 – over the objections of his security programmers. Bill (and his friends at the NSA) wanted access to any computer using the Windows operating system. So he placed the Explorer Web Browser inside the core of the Windows operating system so that it was impossible to remove. He then created a hidden access point inside the Explorer Web Browser so that whenever a person was online with a Windows computer, even if using a different web browser, the Internet Explorer Web Browser would “call home to Bill” allowing both Bill and the NSA remote access to the Windows computer. Hackers soon found out about this open back door and Windows computers have been slow, insecure bloated monsters ever since. For more on this history of this problem, download our free book: https://freeyourselffrommicrosoftandthensa.org/
Many other monopolies, including Google and Ubuntu, have followed this evil path which is basically what has turned information technology into a Hacker Heaven. The security benefit of using a virtual private server is that you have completely control over everything on the server. For example, you can choose to use the Debian operating system and a Control Panel called Hestia rather than the Ubuntu operating system and a control panel called Cpanel.
Your First Decision… Hosting your business website yourself versus using a Web Host
You may think that buying your own server and hosting your business website at home on your own server might be the most secure option. If you plan on having a small business with very few concurrent visitors to your website, buying your own server might be an option. However, there are drawbacks to home servers.
The first drawback is concurrent connections. If you have a lot of people visit your site at the same time, your Home server is not likely to be able to distribute the load and your site will simply crash. A related drawback is DDOS hacker attacks. It is relatively easy for hackers to bring down a single home server. The third drawback is deciding on what kind of home server to buy.
If you want to get a Raspberry Pi, your best option is to get the Pinebook Pro 14 which comes with a full keyboard and display for about $220.
If you want to buy a real Linux server using an x86 processor, and coming with the Linux operating system, there are only a few options. System 76 is biased towards Ubuntu and I do not recommend them (because you want a server more compatible with Debian). Dell and IBM are biased towards Red Hat and SUSE and I do not recommend them. Both sell servers costing over $4000.
An interesting option for a Debian compatible server is the Librem Mini from Purism.
It comes with a 4 core i7 processor. Upgrading to 64 GB RAM and 1 TB NVMe storage, it is only $1700 and comes with Coreboot BIOS (much better than UEFI).
Another potential future option will be Tuxedo Computers in Germany. They currently offer only UEFI based computers. But they are working on adding Coreboot computers in the near future. Here is a link to their Coreboot page:
WARNING: System 76 claims to offer Coreboot computers. However, they are simply UEFI computers with a Coreboot label. If you want to avoid UEFI, your only current options are the Pinebook Pro, Raspberry Pi, Purism, Entroware or Google Chromebooks. Not all of these are compatible with Debian Server.
For example, here is a link to the Entroware Server page:
The base model is 2000 pounds with 16 GB of RAM. If you want 64 GB RAM, this adds 500 pounds, The base model also only has 240 GB SSD hard drive. One TB NVMe hard drive adds 200 pounds. Thus, the total price for a State of the Art server is 2700 pounds plus shipping from the UK. This is about $3700. Sadly, the ES02 comes with Ubuntu Server 20.04 installed. I believe you can easily reflash it with Debian 10 in a matter of minutes.
What is interesting about this site is that they offer a 17 inch laptop which can be partitioned to work as a server. Here is a link to this page:
The base model is 729 pounds and comes with 8 GB RAM. For 64 GB RAM, add 300 pounds. The base model has 240 GB SDD hard drive. For 1 TB NVMe, add 200 pounds. Thus, the total price for a State of the art laptop is 1229 pounds or $1700 plus shipping.
There are a number of newer options that may offer Coreboot either now or in the future. These include:
Note that Starlabs laptops come with Coreboot. But their largest laptop is only 13 inches and comes with Ubuntu (can be reflashed to Debian) and is currently out of stock.
In summary, any real computer capable of being converted into a Home server is going to cost $2000 or more. And it will still be open to DDOS attacks. Therefore, I recommend using a VPS hosted by a web host to run your online store.
Shared Hosting versus a Virtual Private Server
Let’s assume you will set up a hosting account with a web host provider rather than setting up your own private server. We recommend that you use a Canadian web host rather than a US web host to host both your domain name and your server.
After researching all of the Canadian web hosts, we recommend Canhost. Here is a link to their website: https://www.canhost.ca/
Here is a link to our article explaining why Canhost is the best and most secure Canadian VPS host: https://createyourownvps.com/final-steps/9-migrate-from-cpanel-to-hestia-vps/9-1-how-to-choose-a-secure-canadian-vps-host
Canhost offers two types of economical hosting plans. These are Shared Hosting and Virtual Private Servers. Click on Hosting, Shared to see their three shared hosting plans:
For an online store, you will need at least 2 CPU cores and 4 GB of RAM. For a larger store with more traffic, you may need more. So shared hosting is $15 Canadian per month and eventually $25 Canadian per month.
Now click on Hosting, Canadian Virtual Private Servers.
VPS Express 1 has only 2 GB of RAM for $15 per month. You can increase this to 4 GB of RAM for an additional $4 Canadian per month. Either way, the price in US dollars is less than $20 per month. So there is almost no difference in price between shared hosting and a Virtual Private Server.
Virtual private servers have numerous advantages over shared hosting. You have more flexibility and can add as many websites and domain names as you want. But the real concern of shared hosting these days is that Cpanel has been raising their prices and there is nothing to stop them from raising their prices again. Your online store is basically at their mercy because they have a monopoly on the shared hosting control panels.
A second concern is that Cpanel has security problems – also due to the fact that they are a monopoly. If you have a small store with a limited number of customers and no crucial data, it may not matter if your online store gets taken down by hackers. But if you plan on running a real business with a lot of customers and storing crucial data, then using a Virtual Private Server is your best option.
The biggest drawback of using a Virtual Private Server is learning how to set it up. Thankfully, Canhost will install Debian Server to your Virtual Private Server for no extra charge.
The second issue is how to install a free open source control panel called Hestia on your virtual private server. Hestia is similar to Cpanel in that it comes with tools for setting up custom email accounts and tools for updating programs like PHP. This is beyond the scope of this basic course. We therefore have a more advanced course called Create Your Own VPS which covers everything you need to know to create and manage your own virtual private server. Here is a link to this course:
What is a Virtual Private Server?
To understand virtual private servers, we first need to understand what a Server is. To understand what a Server is, we first need to understand what a computer is. A computer is a device with a processor for running programs. A computer stores its programs and data on a hard drive. A simple way to look at a computer is that it begins with a Start Up program, such as Coreboot or UEFI, which then hands the computer functions over to an Operating System such as Linux or Windows, which is then used to run applications such as LibreOffice or Apache Server. Here is a simple diagram:
Here is a more complex way to look at a computer:
Desktop computer versus Server computer
In Linux, there are many different distributions, or variations of the Linux operating system. All of these distributions use the Grub2 boot loader and the Linux kernel, which are the first parts of the Linux operating system. For example, one of the most popular distributions is called Linux Mint. Another distribution is called Linux Mint Debian Edition (LMDE). The difference between these two distributions is that Linux Mint is based on the Ubuntu family and LMDE is based on the Debian family. To the end user (you), they look very similar because both use the Cinnamon Desktop Environment.
A desktop environment is a graphical user interface which includes a File Manager, a Windows manager, a Programs manager (called the Mint Menu) and a control panel to change various settings such as the Desktop background image, sound settings and panel settings. The primary difference between a server computer and a desktop computer is that the server computer does not come with a desktop environment. When you turn on a server, it only comes with a rather ugly looking terminal screen which is used to enter commands.
Here is what the terminal looks like:
When you get a virtual private server, you will be given log in access to a terminal that looks very similar to the above image. Because many people prefer a graphical user interface to a terminal, you can also use the terminal to install your own free open source Hestia control panel.
Important Structural Difference Between Shared Hosting and a Virtual Private Server
With shared hosting, each new account is simply a new folder added to the same server file manager. All accounts use the same operating system and share the same server resources. However, with a virtual private server, a new partition is added to the hard drive so that each VPS has its own dedicated section of the hard drive. This isolation of space on the Server hard drive adds greatly to the speed and security of a VPS over a shared hosting account.
In summary, if you have a small website that you do not care much about, then the simple option is to get a shared hosting account. But if you have a real online business with important data on it, then you should take the time to learn how to set up and use a virtual private server.
The following article explains why all online stores should move away from Cpanel and learn how to use a free open source control panel instead.
Creating a Better Future for Online Store Owners
Today, regardless of the size of the company, it has become imperative for all businesses to have an interactive website to showcase their services and products. A fully functioning website allows your company to remain open and interact with your customers 24 hours a day, seven days a week. As more and more customers move to online product research and online shopping, small business owners have become increasingly aware of the need to improve their online presence. At the same time, several problems have made creating a secure online store much more challenging than it has been in the past. Here are just a few of these problems:
#1 Windows ransomware has made it very unwise to use a Windows computer for any part of your business database management or online store creation process. Thus, it is now essential that owners of online stores learn how to use the Linux operating system.
#2 Closed source programs (where the code can not be inspected) also have security problems – in addition to suffering from vendor lock in. As a consequence, it is important for business owners to seek out and learn to use open source alternatives to closed source store and website management programs.
#3 Online store platforms with major security problems. Many popular website building tools, such as Wordpress, also suffer from security problems. They also suffer from poorly written code that turns a growing online store into a mess over time. The solution to this problem is to learn how to use the Joomla Content Management System to act as a foundation for your online store – and then add a free component called Phoca Cart to actually build and manage your online store.
#4 Shared Web Hosting options are now much more expensive. In the past, it was possible to get relatively good business website hosting for less than $10 per month. Prices were inexpensive for two main reasons. First, the operating system used on web host servers was free. Second, the control panel used by business owners to control their online stores, called Cpanel, was also nearly free. Both of these tools have been going through radical changes.
Business Website Hosting Server Operating System Changes
Due to increasing problems with Windows Ransomware, it should be obvious by now that you do not want to host your business website on a server using the Windows operating system. Therefore, most web hosts now use servers running the Linux operating system. But there are several different versions of the Linux operating system. The most commonly used Linux versions used by web host companies to run their servers are called Ubuntu, Debian and Centos. Centos is a free version of the Red Hat Linux operating system. However, in 2019, IBM bought Red Hat for $34 billion and in December 2020, Red Hat sent shock waves through the Web hosting business by announcing that they were ending support for Centos. Web hosts using Centos were suddenly faced with either using the more expensive Red Hat operating system and passing the increased costs along to their customers (that would be you) – or moving to the Ubuntu or Debian operating system.
At the same time, many small business owners are becoming increasingly alarmed about Ubuntu’s marketing strategy. Ubuntu is currently owned by a corporation called Canonical. But Canonical has been openly looking for a buyer. That buyer appears to be Microsoft. Microsoft is already using and promoting the Ubuntu operating system on their Azure Server farm in Quincy Washington. They have also been changing the code base of the Windows operating system to make it more compatible to Ubuntu. It is only a matter of time until Ubuntu follows in the footsteps of Centos and gets swallowed up by a corporate giant.
To make matters worse, in February 2021, after a person created a new Ubuntu Virtual Private Server on the Microsoft Azure Cloud, they learned that there private information was shared by Microsoft with Ubuntu – and that anyone setting up any Ubuntu server anywhere had their private information set to Ubuntu. This shocking level of data mining has sent many business owners searching for a more private and secure server option for running their online business databases.
Millions of businesses use CentOS for their servers. These aren’t just small businesses. Big corporations that rely on CentOS Linux include Disney, GE, Toyota, and Verizon. Even Amazon Linux is based on Centos. Millions of businesses will now need to look for another more dependable option.
In my opinion, the best option for any business owner, big or small, is Debian. Debian is not a corporation. Debian is a community of web developers and computer programmers who are building a free open source secure operating system for themselves. The Debian community is much like the Linux community. Linux is also not a corporation. Linux is a community of programmers who developed their own free open source code base to run their own computers. Debian takes the Linux code base and turns it into a user-friendly operating system. This is why I have recommended Debian as the ideal server for business websites.
Web Hosting Control Panel Change
A control panel is a Graphical User Interface (GUI) used to help website owners and administrators control their web hosting account. The most common Web Hosting Control Panel is called Cpanel which is the front end for a website account manager called Web Host Manager (WHM). Historically, using this control panel to administer your website cost less than one dollar per month.
In May 2017, a predatory investment group called Oakley Capital bought the second largest Control Panel program called Plesk. Then in August, 2018, Oakley Capital bought cPanel/WHM – giving them a nearly complete monopoly of the web hosting control panel market. Currently, Cpanel/WHM is a monopoly controlling over 90 percent of the web hosting market.
In June 2019, the new owner of cPanel shocked the web hosting world by announcing that they were increasing the price of Cpanel/WHM by 500% to 1000%. This price increase has over time been passed from web host providers to web host users (that means you). To make matters worst, the new price structure favors larger server farms over smaller independent web hosts. It also favors major corporations over smaller independent business owners.
For example, I previously paid a small flat fee that was the same regardless of the number of websites or accounts I had. The new price structure is based on the number of accounts on each server. Given that I manage about 50 websites, the new price structure is actually an increase of 5000%.
This is a massive blow to the hosting industry worldwide as the entire market is going to have to go up in price. Multiply this massive price increase times more than one billion websites in the world and suddenly instead of all of us small business owners paying $1 billion per month for the privilege of using Cpanel and WHM, we now get to pay a collective $10 billion PER MONTH! And there is nothing stopping these vulture capitalists from raising the price again.
What makes this even more ridiculous is that Cpanel is very poorly made and very difficult to use. I have written countless articles trying to explain to my students how to use it. Worst of all, Cpanel is so poorly made that it is not very secure. For example, in November 2020, researchers found that it was easy for hackers to compromise any website using Cpanel because Cpanel failed to place a time limit on their Two-Factor Authentication screen. This meant that hackers could take all the time they want using automated programs to crack both passwords and get into peoples accounts, steal their databases and destroy their businesses.
After the November 2020 fiasco, many small business owners, including myself, started researching other options.
Free Open Source Options to Cpanel
There are a few closed source commercial Control Panel options. These are Direct Admin, Interworx and WebMin/VirtualMin. Their monthly prices are currently much less than Cpanel. But they are still significant. For example, a standard license for Direct Admin is $30 per month. A license for Interworx is $20 per month. This is on top of the price of web hosting. However, there is nothing stopping any closed source commercial option from jacking up the price of a control panel on small business owners. As my mom always said, “Fool me once, shame on you. Fool me twice, shame on me.”
There is simply no need for small business owners around the world to give up a billion dollars per month of their hard-earned income just to use a control panel that is essentially nothing more than a few lines of computer code.
Recognizing this problem, many small web developers have banded together to start several free open source community driven control panel projects. These control panel communities are like the Linux and Debian communities, only focused on building the worlds best, easiest and most secure web hosting control panel.
I spent months reviewing all of these free open source Control Panel projects. Many were not secure and would not work on the latest security releases of PHP. Some such as Ajenti were using outdated technology and not actively updated. Many others such as ISPConfig and Froxlor, lacked essential features like a File Manager. Some were simply too difficult to install or too confusing to use.
Thankfully, there was one community developing a free open source control panel that was substantially better than all the rest. The control panel is called Hestia. Here is a link to their website:
In July 2020, Hestia added a file manager. But it had problems with Linux permissions. This problem was fixed in October 2020. On June 15, 2021, Hestia released version 1.4.3 Hestia can easily be installed on a Debian 10 Virtual Private Server. Hestia can be set up as a single owner single permission system or a multi-owner multi-permission system.
One way to evaluate any open source project is to go to their GIT page, which is where they are building their code as a community, and then read their Issues page which is where they are resolving problems and considering the addition of new features. Here is the link to Hestia’s Issues page: https://github.com/hestiacp/hestiacp/issues
There are 56 open issues and 823 closed issues. None of the open issues are critical security issues. Many are just feature requests. Hestia is improving rapidly.
Another way to evaluate an open source project is to go to their community forum and see how many questions remain unanswered. Like most free open source community projects, Hestia has an excellent community forum where beginners can get answers to their questions. Here is a link to the Hestia community forum.
Hestia also comes with a free open source firewall called Fail2Ban.
Replacing Shared Hosting with an Open Source VPS
Shared hosting has always been a problem for online businesses as it does not take much traffic to cause a shared hosting site to exceed its maximum concurrent connections and maximum bandwidth. Also shared hosting sites can have problems with emails to customers being blocked as their do not have a private IP address. The main advantages of shared hosting was that they were easy to set up and inexpensive to run.
By comparison, a virtual private server (VPS) used cost at least $100 or more per month. This cost has dropped to the point where you can get an unmanaged VPS with 4 GB of RAM, 2 CPU cores and 25 GB of storage for less than $20 per month!
Good Bye Cpanel Hello Hestia!
The big benefit of a VPS is that you no longer need to pay the Cpanel blackmail fee. Even with an unmanaged VPS account, your hosting provider will install Debian (or any other Linux operating system) on your VPS for free. All you need to do is then install the Hestia Control Panel inside of the Debian operating system. You get a control panel that is easier to use and more secure than Cpanel. You also can get a unique IP address so that your emails get through to your customers without being blacklisted.
One drawback of Hestia is that it does not come with a “Softaculous” web application installer. But because Joomla is now extremely easy to install, there is no need to pay the Softaculous fee either.
The real drawback is that this new system for setting up a business website is so new that there are almost no tutorials on how to do it. I therefore intend to offer an “Create Your Own VPS” course to help business owners learn this new open source VPS system. Cpanel may have done us all a favor by motivating us to learn a better way to build an online store.
Create Your Own VPS Course Outline
Any computer used to go on line and post data to your website must be secure. You should therefore NOT use a Windows computer to post data to your business website. A Windows computer can be hacked within minutes of going online. In the past, I assumed that any Linux computer was secure. However, Ubuntu appears to have placed back doors into their operating system. These back doors will eventually be discovered by hackers.
Thankfully, the Debian operating system, on which Ubuntu is based remains secure. The most user friendly version of the Debian operating system is called Linux Mint Debian Edition (LMDE). It is very similar in appearance and function to the Linux Mint Cinnamon operating system with the difference being that LMDE is based on Debian while Linux Mint Cinnamon is based on Ubuntu.
We therefore will begin with a review of how to reflash any Windows or Ubuntu based computer to LMDE. We will then use our new LMDE computer to create a Virtual Private Server in a Sandbox learning environment using Virtual Machine Manager (VMM) and Cockpit. We will then review the steps to add the Hestia Control Panel to our test virtual private server. Next, we will add a Virtual Private Server to an inexpensive real server and learn how to create Joomla websites and migrate Joomla websites to our inexpensive server. Finally, we will open a Fullhost VPS account, create our real business VPS, add Hestia and use Hestia to create our real business website on our real VPS. We will also review how to use Hestia to create custom business email accounts.
Thanks for taking this basic online store course. I hope to see you in the next course where we will review how to set up and use a Virtual Private Server and Hestia Control Panel to run your online store.
David Spring M. Ed.
spring for schools at gmail dot com