Beginners guide to cPanel & WHM on CentOS 7
How to set up a good foundation for cPanel & WHM on CentOS 7
This comprehensive guide will lead you through your first configuration of cPanel and WHM on your new CentOS 7 server. You will learn how to install and configure cPanel and WHM on CentOS 7; install CloudLinux, ConfigServer Security Firewall, and Softaculous; as well as set up basic security, backups, cPanel user accounts for clients; and more. Don’t forget to view our web hosting in Ghana offers.
cPanel is a powerful, feature-rich control panel for web hosting services. The intuitive graphical user interface solution simplifies the management of shared, reseller hosting, and other web administration services. It comes as a package comprising the cPanel and Web Host Manager (WHM).
The WHM is an interface that provides root and reseller level access hence allowing the web admins to configure and manage their servers, accounts, and settings. cPanel provides user level access that enables website owners to manage their hosting accounts on the server.
Note: The installation of the cPanel software is irreversible and you cannot uninstall it from the server once done. The only option to remove it is to reinstall the server operating system.
Prerequisites
- A virtual machine
- A fresh installation of CentOS 7 server
- Paid cPanel license
- A Fully Qualified Domain Name (FQDN) from your chosen domain registrar or host
- Root user account
- Two IP addresses
Login to your CentOS server via SSH
Step 1. Set the hostname
In our article, we will use hostafrica.com as our FQDN and host as the hostname
Hostname host.hostafrica.com
Please note that you can use any standard hostname and change it later after the installation.
Update list of packages
yum update -y
Ensure Network Manager is stopped and disabled with the commands below
systemctl stop NetworkManager
systemctl disable NetworkManager
Step 2. Install cPanel and WHM
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
The command will change to the home directory where it will download cPanel and WHM. It then runs the script that will install cPanel and WHM packages.
After successful installation, the following message appears
Step 3. Configure cPanel & WHM admin email and nameservers
In this step, you will access the cPanel & WHM on the web browser.
Open your web browser and paste the address specified in your own output from the installation script (as shown above) in the URL box. In our case, we will copy and paste the link we got from our output.
https://136.244.65.31:2087/cpsess7714068025/login/?session=root%3axQtMp2z3hBVDTjEk%3acreate_user_session%2c9894abb57438fffe96e8ddf1269006d3
Alternatively, you can type the address in the format;
http://your_server_IP_address:2087
Type your server’s root username and password to log in.
In the next screen, click Agree to All
Add your admin email address and nameservers. In our guide, we will use ns1.hostafrica.com and ns2.hostafrica.com as our two nameservers. Just remember, that is the example domain.
In reality, you should insert your own nameservers, which will look like ns1.yourdomain.xyz and ns2.yourdomain.xyz (ns1.example.com, ns2.example.com)
By default, this should create the zones needed for the nameservers to work. In any case, we will confirm this later or configure if needed.
Click Finish.
Continue through the prompts until you reach the WHM main menu.
Once you complete the step, you will get a basic configuration screen where you can configure various settings. In our case, we will leave most of them at their default values, but you can always change them to suit requirements. The screen displays a number of features. Click the View All Features at the bottom to see the comprehensive list of all available configuration options.
Step 4. Confirm or configure DNS Zones for custom nameserver
You’ve added your custom nameservers corresponding to your domain in the previous step, instead of using the hosting provider’s servers. Now you need check if DNS records are correct.
Note: This step is very important. If you don’t have the correct DNS records, the nameserver won’t change and will fail or be rejected.
To get started, in the top left search bar, type: Edit DNS Zone
Then select the domain that is in the menu (it will be yourdomain.xyz) and click Edit.
If your domain isn’t there already, search: “Add a DNS Zone”
Select it and complete the forms with the guide below.
There will need to be three A records and two NS records. If this is not the case, add it as below.
| ns1 | 3600 | IN | A | your_first_IP |
| ns2 | 3600 | IN | A |your_second_IP |
Note: do not insert your domain after ns1. It should look as below.
| yourdomain.xyz. | 3600 | IN | A | your_first_IP |
| yourdomain.xyz. | 3600 | IN | NS | ns1.yourdomain.xyz. |
| yourdomain.xyz. | 3600 | IN | NS | ns2.yourdomain.xyz.|
Please make sure that you add put a full stop/period at the end of your domain as shown in the image.
Now you need to go to your registrar or domain hosting company and point your domain to these nameservers.
Step 5. Point your Domain to your nameservers
If you host your domain with HOSTAFRICA, use the instructions below.
If you have another host, please contact them to clarify the following process, as it might vary.
Login to your Client Portal > select the DOMAINS panel > select Glue Management. This might be named something along the lines of Host Record Management with other hosts.
Specify your nameserver just as you did above in the Step 4.
| ns1 | 3600 | IN | A | your_first_IP |
| ns2 | 3600 | IN | A | your_second_IP |
| yourdomain.xyz. | 3600 | IN | A | your_first_IP |
| yourdomain.xyz. | 3600 | IN | NS | ns1.yourdomain.xyz. |
| yourdomain.xyz. | 3600 | IN | NS | ns2.yourdomain.xyz. |
Click Save.
HOSTAFRICA then automatically points your domain to the nameserver you specified. This change is normally instant, but sometimes can take a few hours.
If your glue record change was successful, the nameservers for the domain will automatically be changed to ns1.yourdomain.xyz
You can also test this by running this command from your Linux or Mac computer.
dig yourdomain.xyz NS
On a Windows computer run
nslookup
By default nslookup is set to find A records. To find NS records set it by running
set type=NS
yourdomain.xyz
Alternatively, you can use a DNS lookup tool online.
Step 6: Command-line root access through cPanel
To start the command line from within cPanel, navigate to Home > Server configuration > Terminal
You will get a warning, click Proceed to open the Terminal interface which gives you the access to your server’s root account the same way you would when using SSH.
Step 7: Convert CentOS to CloudLinux OS
CloudLinux is an operating system that supports virtualization and you can use it to convert the CentOS virtual machine. The operating system is compatible with cPanel as well as Plesk and DirectAdmin.
Once you install CloudLinux on the CentOS server, it adds the Lightweight Virtual Environments (LVE) plugin which enables admins to achieve better resource utilisation in the multi-tenant environments. Generally, CloudLinux is suitable for shared hosting environments and can support hundreds of users with their websites running on a single server.
Please note: upon installation you will need an activation key, of which you can purchase one or get a trial license from their CloudLinux website.
To install the operating system, run;
wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
In the next step, you will enter the activation key. The syntax to activate the key is
sh cldeploy -k <activation_key
and will look as such
sh cldeploy -k 119940-CLN-2352b91ab3d23e6a671335537f8aa680
Reboot server
reboot
After the restart, the CloudLinux appears in cPanel WHM under Server Configuration. Navigate to Home » Server Configuration » CloudLinux LVE Manager or simply navigate to plugins and click LVE Manager. A successful conversion from CentOS will also show CLOUDLINUX x.x kvm [localhost] at the top of your window.
Step 8: Creating cPanel user accounts
In order to add accounts for your clients, you need to create a cPanel user account for each one.
Search “create”
From the above, click Create a New Account
Type in the domain name, preferred admin username, and password as well as the email address for the domain’s admin account.
You can create your own packages or select the package resource parameters individually.
You can leave the other fields such as cPanel Theme, Mail Routing Settings, Reseller settings, and DNS Settings with default values or change them to suit your requirements.
Click Create to finish and save settings.
Once created, you will receive the confirmation screen with various settings. Clicking the Go to cPanel will take you to the cPanel page for the domain you have configured.
Step 9: Install ConfigServer Security & Firewall (csf)
ConfigServer Security & Firewall is a “Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers”. It has a WHM plugin that allows you to configure and modify csf and iptables rules.
To install csf, login to the server using SSH and run the following commands.
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf && ./install.sh
To enable csf run
csf –e
To disable, run
csf –x
By default, the firewall is active but in testing mode. You need to edit the conf file and enable the firewall mode. Use nano editor, or another editor to modify the file using the following syntax.
nano /etc/csf/csf.conf
Configure allowed IPs using command line
To see and configure allowed IPs
nano /etc/csf/csf.allow
For denied IPs
nano /etc/csf/csf.deny
Configuring csf using WHM
The installation process adds the csf plugin in WHM. While logged in on the web browser, click on ConfigServer Security & Firewall under plugins on the left hand side column. You can scroll down or type in the name “configserver” in the search bar. Once the configuration page opens, you can access options by either scrolling down or locating the csf- Quick Actions and csf –Configserver Firewall features under All, or by clicking csf on the top menu.
The csf Quick Actions allows you to simply type the IP and comment without leaving the screen. On the other hand, csf –ConfigServer Firewall allows you to view and edit or modify your whitelist, blacklist IPs, and other settings. Use the Firewall Configuration to change the statues from Testing to active mode among many other settings.
To allow an IP using the Quick Actions, type in the address in the green Allow IP address field, add a comment, and then click Quick Allow. This will give the following output.
Click Return to go back to the configuration page. Repeat the same process to Deny IPs.
Alternatively, to view, add, or remove allowed IPs, click Firewall allow IPs under the csf –ConfigServer Firewall. This will give you an editable screen where you can add or remove several IPs as well as see the configured IPs
Make the necessary changes and click Change to save and exit.
Similarly, click Firewall Deny IPs for denied IP addresses.
Step 10. Basic security settings
Navigate to Security Center and open Password Strength Configuration.
This allows you to configure the default required password strength for various accounts and services. By default, the strength is 65, and you can change the value by sliding the bar to the right, to increase, or left to reduce. Ideally, the best security practice is to increase strength.
You can also change individual parameters to use different levels other than the default.
The Security Center has other settings such as configuring security policies, host access control, two-factor authentications and more.
Configure Security Policies allows you to make changes such as limiting the cPanel, cPanel webmail as well as the WHM logins to your server to only specific or verified IP addresses. This prevents other people from accessing your admin portal.
cPHulk Brute Force Protection, Shell Fork Bomb Protection, ModSecurity are absolute essentials in a basic security setup. Ideally you enable each of these.
Moreover, it’s recommended to use Security Advisor to perform an assessment and guide you on which security measures to implement.
Step 10. Backup configuration on WHM
This will show you how to enable full cPanel account backups, which will be stored on the local server (VPS/ Cloud Server running cPanel)
Navigate to Home > Backup and open it.
To enable backups, tick Enable Backups
Select Incremental to be more efficient with disk space.
Tick Check the Available Disk Space and set it to a value that is relevant to the total size of your disk.
For example: 100 GB disk – setting it to 5% will mean backups will not run if there is 5 GB left on the disk. You don’t want to root partition to run full as this can cause unexpected behavior.
Maximum Destination Backup Timeout and Maximum Backup Restoration Timeout can be left as default.
Scheduling and Retention:
Once again, this will be relevant to your setup, and any agreements with customers will have to be adhered to. There needs to be a balance between the creation and retention of backups.
Create new backups every day, and keep a retention of no longer than 1 week
Create backups every 3rd day and increase the retention.
Pro of [1] – Clients have access to data that is more recent.
Con of [1] – Clients won’t have access to older data if needed.
[2] is vice-versa [1]
For example: You have 100 clients on the server and your disk space has 30% left for backups (30 GB). You don’t want to set a schedule of daily backups with a retention of 2 months. Your partition will run full, and backups will no longer be created.
Tick Strictly enforce retention, regardless of backup success as a preventative measure of running out of disk space.
Files
It is recommended that you backup All account data as well as System files. Tick all the boxes.
Databases
Tick Per Account and Entire MySQL Directory
Default Backup Directory
This will depend on your partition layout. You can view the largest partition by using:
\df -h
In most cases, it will be
/
If this is the case, ssh into the server and run:
mkdir /backup
mkdir /backup-staging
Go back to the web browser and enter “/backup” into: Default Backup Directory
Also add “/backup-staging” into Backup Staging Directory
Tick Retain Backups in the Default Backup Directory
Select Save Configuration
Step 9: Installing Softaculous
Softaculous provides your cPanel account or domain users with a large number of automated web software installation scripts.
For the Softaculous to work, you will need to allow IPs for the Softaculous servers in your firewall if enabled in addition to making sure that the ionCube Loaders option is enabled in WHM.
If running a firewall, first allow the following IPs and optional comments as indicated.
192.198.80.3 Comment # api.softaculous.com
158.69.6.246 comment # s1.softaculous.com
192.200.108.99 comment # s2.softaculous.com
213.239.208.58 comment # s3.softaculous.com
138.201.24.83 comment # s4.softaculous.com
167.114.200.240 comment # s7.softaculous.com
To enable the ionCube in WHM, open Tweak Settings > navigate to PHP and tick the ionCube checkbox.
Log in to your server through SSH and run
wget -N http://files.softaculous.com/install.sh
chmod 755 install.sh
./install.sh
If successful, the Softaculous – Instant Installs option appears under Plugins tab.
However, to start using it, you need to purchase a license from the developer’s website. If you click the plugin, it will take you to a screen where you can subscribe to the appropriate plan.
Conclusion
The cPanel and WHM GUI solution is a powerful tool for managing web hosting accounts and websites. It has a rich set of features and the flexibility to add more using third party add-ons; hence enabling administrators to easily manage their accounts.