How to set up a good foundation for cPanel & WHM on CentOS 7

This comprehensive guide will lead you through your first configuration of cPanel and WHM on your new CentOS 7 server. You will learn how to install and configure cPanel and WHM on CentOS 7; install CloudLinux, ConfigServer Security Firewall, and Softaculous; as well as set up basic security, backups, cPanel user accounts for clients; and more.

cPanel is a powerful, feature-rich control panel for web hosting services. The intuitive graphical user interface solution simplifies the management of shared, reseller hosting, and other web administration services. It comes as a package comprising the cPanel and Web Host Manager (WHM).

The WHM is an interface that provides root and reseller level access hence allowing the web admins to configure and manage their servers, accounts, and settings. cPanel provides user level access that enables website owners to manage their hosting accounts on the server.

Note: The installation of the cPanel software is irreversible and you cannot uninstall it from the server once done. The only option to remove it is to reinstall the server operating system.

Index of Contents

1. Set the hostname
2. Install cPanel and WHM
3. Configure cPanel & WHM admin email and nameservers
4. Confirm or configure DNS Zones
5. Point your Domain to your nameservers
6. Command-line root access through cPanel
7. Convert CentOS to CloudLinux OS [for VMs only]
8. Install and configure ConfigServer Security Firewall (csf)
9. Basic security settings
10. Set up backups
11. Create cPanel user account
12. Install Softaculous [Optional]

 

Prerequisites

  • A virtual machine
  • A fresh installation of CentOS 7 server
  • Paid cPanel license
  • A Fully Qualified Domain Name (FQDN) from your chosen domain registrar or host
  • Root user account
  • Two IP addresses

 

Login to your CentOS server via SSH

Step 1. Set the hostname

In our article, we will use hostafrica.com as our FQDN and host as the hostname

Hostname host.hostafrica.com

Please note that you can use any standard hostname and change it later after the installation.

Update list of packages

yum update -y

Ensure Network Manager is stopped and disabled with the commands below

systemctl stop NetworkManager
systemctl disable NetworkManager

Step 2. Install cPanel and WHM

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

The command will change to the home directory where it will download cPanel and WHM. It then runs the script that will install cPanel and WHM packages.
After successful installation, the following message appears

Step 3. Configure cPanel & WHM admin email and nameservers

In this step, you will access the cPanel & WHM on the web browser.

Open your web browser and paste the address specified in your own output from the installation script (as shown above) in the URL box. In our case, we will copy and paste the link we got from our output.

https://136.244.65.31:2087/cpsess7714068025/login/?session=root%3axQtMp2z3hBVDTjEk%3acreate_user_session%2c9894abb57438fffe96e8ddf1269006d3

Alternatively, you can type the address in the format;

http://your_server_IP_address:2087

Type your server’s root username and password to log in.
In the next screen, click Agree to All

Add your admin email address and nameservers. In our guide, we will use ns1.hostafrica.com and ns2.hostafrica.com as our two nameservers. Just remember, that is the example domain.

In reality, you should insert your own nameservers, which will look like ns1.yourdomain.xyz and ns2.yourdomain.xyz (ns1.example.com, ns2.example.com)

By default, this should create the zones needed for the nameservers to work. In any case, we will confirm this later or configure if needed.

Click Finish.

Continue through the prompts until you reach the WHM main menu.

Once you complete the step, you will get a basic configuration screen where you can configure various settings. In our case, we will leave most of them at their default values, but you can always change them to suit requirements. The screen displays a number of features. Click the View All Features at the bottom to see the comprehensive list of all available configuration options.

Step 4. Confirm or configure DNS Zones for custom nameserver

You’ve added your custom nameservers corresponding to your domain in the previous step, instead of using the hosting provider’s servers. Now you need check if DNS records are correct.

Note: This step is very important. If you don’t have the correct DNS records, the nameserver won’t change and will fail or be rejected.

To get started, in the top left search bar, type: Edit DNS Zone

Then select the domain that is in the menu (it will be yourdomain.xyz) and click Edit.

If your domain isn’t there already, search: “Add a DNS Zone

Select it and complete the forms with the guide below.
There will need to be three A records and two NS records. If this is not the case, add it as below.

| ns1 | 3600 | IN | A | your_first_IP |
| ns2 | 3600 | IN | A |your_second_IP |

Note: do not insert your domain after ns1. It should look as below.

| yourdomain.xyz. | 3600 | IN | A | your_first_IP |
| yourdomain.xyz. | 3600 | IN | NS | ns1.yourdomain.xyz. |
| yourdomain.xyz. | 3600 | IN | NS | ns2.yourdomain.xyz.|

Please make sure that you add put a full stop/period at the end of your domain as shown in the image.

Now you need to go to your registrar or domain hosting company and point your domain to these nameservers.

Step 5. Point your Domain to your nameservers

If you host your domain with HOSTAFRICA, use the instructions below.

If you have another host, please contact them to clarify the following process, as it might vary.

Login to your Client Portal > select the DOMAINS panel > select Glue Management. This might be named something along the lines of Host Record Management with other hosts.

Specify your nameserver just as you did above in the Step 4.

| ns1 | 3600 | IN | A | your_first_IP |
| ns2 | 3600 | IN | A | your_second_IP |
| yourdomain.xyz. | 3600 | IN | A | your_first_IP |
| yourdomain.xyz. | 3600 | IN | NS | ns1.yourdomain.xyz. |
| yourdomain.xyz. | 3600 | IN | NS | ns2.yourdomain.xyz. |

Click Save.

HOSTAFRICA then automatically points your domain to the nameserver you specified. This change is normally instant, but sometimes can take a few hours.

If your glue record change was successful, the nameservers for the domain will automatically be changed to ns1.yourdomain.xyz
You can also test this by running this command from your Linux or Mac computer.

dig yourdomain.xyz NS

On a Windows computer run

nslookup

By default nslookup is set to find A records. To find NS records set it by running

set type=NS
yourdomain.xyz

Alternatively, you can use a DNS lookup tool online.

Step 6: Command-line root access through cPanel

To start the command line from within cPanel, navigate to Home > Server configuration > Terminal
You will get a warning, click Proceed to open the Terminal interface which gives you the access to your server’s root account the same way you would when using SSH.

Step 7: Convert CentOS to CloudLinux OS

CloudLinux is an operating system that supports virtualization and you can use it to convert the CentOS virtual machine. The operating system is compatible with cPanel as well as Plesk and DirectAdmin.

Once you install CloudLinux on the CentOS server, it adds the Lightweight Virtual Environments (LVE) plugin which enables admins to achieve better resource utilisation in the multi-tenant environments. Generally, CloudLinux is suitable for shared hosting environments and can support hundreds of users with their websites running on a single server.

Please note: upon installation you will need an activation key, of which you can purchase one or get a trial license from their CloudLinux website.

To install the operating system, run;

wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy

In the next step, you will enter the activation key. The syntax to activate the key is

sh cldeploy -k <activation_key

and will look as such

sh cldeploy -k 119940-CLN-2352b91ab3d23e6a671335537f8aa680

Reboot server

reboot

After the restart, the CloudLinux appears in cPanel WHM under Server Configuration. Navigate to Home » Server Configuration » CloudLinux LVE Manager or simply navigate to plugins and click LVE Manager. A successful conversion from CentOS will also show CLOUDLINUX x.x kvm [localhost] at the top of your window.

Step 8: Creating cPanel user accounts

In order to add accounts for your clients, you need to create a cPanel user account for each one.

Search “create

From the above, click Create a New Account

Type in the domain name, preferred admin username, and password as well as the email address for the domain’s admin account.

You can create your own packages or select the package resource parameters individually.

You can leave the other fields such as cPanel Theme, Mail Routing Settings, Reseller settings, and DNS Settings with default values or change them to suit your requirements.

Click Create to finish and save settings.

Once created, you will receive the confirmation screen with various settings. Clicking the Go to cPanel will take you to the cPanel page for the domain you have configured.

Step 9: Install ConfigServer Security & Firewall (csf)

ConfigServer Security & Firewall is a “Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers”. It has a WHM plugin that allows you to configure and modify csf and iptables rules.

To install csf, login to the server using SSH and run the following commands.

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf && ./install.sh

To enable csf run

csf –e

To disable, run

csf –x

By default, the firewall is active but in testing mode. You need to edit the conf file and enable the firewall mode. Use nano editor, or another editor to modify the file using the following syntax.

nano /etc/csf/csf.conf

Configure allowed IPs using command line

To see and configure allowed IPs

nano /etc/csf/csf.allow

For denied IPs

nano /etc/csf/csf.deny

Configuring csf using WHM

The installation process adds the csf plugin in WHM. While logged in on the web browser, click on ConfigServer Security & Firewall under plugins on the left hand side column. You can scroll down or type in the name “configserver” in the search bar. Once the configuration page opens, you can access options by either scrolling down or locating the csf- Quick Actions and csf –Configserver Firewall features under All, or by clicking csf on the top menu.

The csf Quick Actions allows you to simply type the IP and comment without leaving the screen. On the other hand, csf –ConfigServer Firewall allows you to view and edit or modify your whitelist, blacklist IPs, and other settings. Use the Firewall Configuration to change the statues from Testing to active mode among many other settings.

To allow an IP using the Quick Actions, type in the address in the green Allow IP address field, add a comment, and then click Quick Allow. This will give the following output.

Click Return to go back to the configuration page. Repeat the same process to Deny IPs.

Alternatively, to view, add, or remove allowed IPs, click Firewall allow IPs under the csf –ConfigServer Firewall. This will give you an editable screen where you can add or remove several IPs as well as see the configured IPs

Make the necessary changes and click Change to save and exit.
Similarly, click Firewall Deny IPs for denied IP addresses.

Step 10. Basic security settings

Navigate to Security Center and open Password Strength Configuration.

This allows you to configure the default required password strength for various accounts and services. By default, the strength is 65, and you can change the value by sliding the bar to the right, to increase, or left to reduce. Ideally, the best security practice is to increase strength.

You can also change individual parameters to use different levels other than the default.

The Security Center has other settings such as configuring security policies, host access control, two-factor authentications and more.

Configure Security Policies allows you to make changes such as limiting the cPanel, cPanel webmail as well as the WHM logins to your server to only specific or verified IP addresses. This prevents other people from accessing your admin portal.

cPHulk Brute Force Protection, Shell Fork Bomb Protection, ModSecurity are absolute essentials in a basic security setup. Ideally you enable each of these.

Moreover, it’s recommended to use Security Advisor to perform an assessment and guide you on which security measures to implement.

Step 10. Backup configuration on WHM

This will show you how to enable full cPanel account backups, which will be stored on the local server (VPS/ Cloud Server running cPanel)

Navigate to Home > Backup and open it.

To enable backups, tick Enable Backups
Select Incremental to be more efficient with disk space.

Tick Check the Available Disk Space and set it to a value that is relevant to the total size of your disk.

For example: 100 GB disk – setting it to 5% will mean backups will not run if there is 5 GB left on the disk. You don’t want to root partition to run full as this can cause unexpected behavior.

Maximum Destination Backup Timeout and Maximum Backup Restoration Timeout can be left as default.

Scheduling and Retention:

Once again, this will be relevant to your setup, and any agreements with customers will have to be adhered to. There needs to be a balance between the creation and retention of backups.
Create new backups every day, and keep a retention of no longer than 1 week

Create backups every 3rd day and increase the retention.

Pro of [1] – Clients have access to data that is more recent.
Con of [1] – Clients won’t have access to older data if needed.
[2] is vice-versa [1]

For example: You have 100 clients on the server and your disk space has 30% left for backups (30 GB). You don’t want to set a schedule of daily backups with a retention of 2 months. Your partition will run full, and backups will no longer be created.

Tick Strictly enforce retention, regardless of backup success as a preventative measure of running out of disk space.

Files

It is recommended that you backup All account data as well as System files. Tick all the boxes.

Databases

Tick Per Account and Entire MySQL Directory

Default Backup Directory

This will depend on your partition layout. You can view the largest partition by using:

\df -h

In most cases, it will be

/

If this is the case, ssh into the server and run:

mkdir /backup
mkdir /backup-staging

Go back to the web browser and enter “/backup” into: Default Backup Directory

Also add “/backup-staging” into Backup Staging Directory

Tick Retain Backups in the Default Backup Directory

Select Save Configuration

Step 9: Installing Softaculous

Softaculous provides your cPanel account or domain users with a large number of automated web software installation scripts.

For the Softaculous to work, you will need to allow IPs for the Softaculous servers in your firewall if enabled in addition to making sure that the ionCube Loaders option is enabled in WHM.

If running a firewall, first allow the following IPs and optional comments as indicated.

192.198.80.3 Comment # api.softaculous.com
158.69.6.246 comment # s1.softaculous.com
192.200.108.99 comment # s2.softaculous.com
213.239.208.58 comment # s3.softaculous.com
138.201.24.83 comment # s4.softaculous.com
167.114.200.240 comment # s7.softaculous.com

To enable the ionCube in WHM, open Tweak Settings > navigate to PHP and tick the ionCube checkbox.

Log in to your server through SSH and run

wget -N http://files.softaculous.com/install.sh
chmod 755 install.sh
./install.sh

If successful, the Softaculous – Instant Installs option appears under Plugins tab.

However, to start using it, you need to purchase a license from the developer’s website. If you click the plugin, it will take you to a screen where you can subscribe to the appropriate plan.

Conclusion

The cPanel and WHM GUI solution is a powerful tool for managing web hosting accounts and websites. It has a rich set of features and the flexibility to add more using third party add-ons; hence enabling administrators to easily manage their accounts.

 

> Back to top of page

we're happy to help!

Talk to a hosting specialist today and discover which options will work best for you.


Call us on +27 21 554 3096
Copyright © 2020 HOSTAFRICA - All rights reserved.

By visiting this website, you agree to its terms of use, which can be accessed by clicking on the following link: Website Terms of use
We Accept: EFT, Debit Cards, Credit Cards and Mobile Payments
Accepted payment methods