Objective
Install cPanel, configure PHP module, and optimize MySQL
Prerequisites
A Linux Server
PuTTY
Steps
Step 1: Install Screen
Access the server via SSH by using PuTTY or similar means.
Then, install screen with the following command.
yum install -y screen
After installing the software, launch it by using the following command.
screen
Note: You can detach the application from Windows using the key Ctrl+A and D. Afterwards, you can re-attach the application using the command screen -r.
Step 2: Install cPanel
Ensure your machine’s hostname is a fully qualified domain name (FQDN).
To change your machine’s hostname, simply enter the following command: –
hostname *your.domain.com*
Run the following command to download the latest version of cPanel.
wget -N http://layer1.cpanel.net/latest
Then, install gcc with the following command.
yum install -y gcc
Afterwards, run the following command.
sh latest
Note: If the error message “NetworkManager is installed and running” pops up, run the following command. Then, rerun the ‘sh latest’ command again.
systemctl stop Networking.service systemctl disable NetworkManager.service
Step 3: Activate cPanel License
Go to http://verify.cpanel.net/ to check license status.
Then, enter the server’s IP address to check on the license status. Navigate to Billing and click Issue cPanel License
If the license has been activated, SSH to the server.
In the server, run the following command
/usr/local/cpanel/cpkeyclt
Step 4: Configure cPanel
Login to cPanel WHM via https://<ip_address>:2087/
Set the login credentials to the following:
Username: root
Password: (same as CentOS SSH login)
Set the email to [email protected]
In Step 3: set the resolver to:
208.67.222.222, 8.8.8.8
In the Services Selection, fill in the following details:
Nameserver: BIND
Set the NS to ns71.es2u.com and ns72.es2u.com
FTP: Pure-FTPD
Mail: Courier
cPHulk Brute Force Protection
Enabled
Tick Extend lockout time upon additional auth failures
Tick Advanced Settings
IP Based Brute Force Protection Period in Minutes: 1
Brute Force Protection Period in minutes: 5
Maximum Failures By Account: 5
Maximum Failures Per IP: 5
Maximum Failures Per IP before IP is blocked for two week period: 10
Quotas: Use file system quotas
Basic cPanel & WHM Setup
Ensure that the contact email is [email protected]
Re-check on the Server IP
Nameservers: set the NS to ns71.es2u.com & ns72.es2u.com
Statistics Software Configuration
Enable Awstats only but do not tick Active by Default
Process log files every 24 hours
Process bandwidth every 12 hours
Tweak Settings
Set the tweak based on the server’s purpose. Normally, the current cPanel default settings are sufficient. However, we still need to fine tune it to follow our requirements.
Set Prevent “nobody” from sending mail to ON
Set Notify admin or reseller when disk quota reaches “warn” state to ON
Set Send bandwidth limit notification emails to ON
Set Bandwidth usage warning: 98% to ON
Set Critical load threshold to Auto Detect
Update Preferences
Select RELEASE
Manual Updates Only
Select inherit (following all select manually)
Submit Request to Email or URL and set [email protected] as the email.
Apache mod_userdir Tweak: ENABLE protection
Configure Security Policies: Tick Password Strength
Password Strength Configuration: Default required password length: 10
PHP open_basedir Tweak: ENABLE
Shell Fork Bomb Protection: ENABLE
SMTP Restriction: ENABLE
Edit System Mail Preferences and set cPanel and root email to [email protected]
Then, run the following command on the console.
/scripts/easyapache
Go to easyApache 4 under software and click on Customize. Afterwards, install the following Apache modules.
---------------- :: Apache 2.4 :: ---------------- config config-runtime mod_asis mod_bwlimited mod_cgi mod_deflate mod_env mod_expires mod_headers mod_mime_magic mod_mpm_prefork mod_proxy mod_proxy_fcgi mod_proxy_http mod_proxy_wstunnel mod_remoteip mod_ruid2 mod_security2 mod_socache_memcache mod_ssl mod_unique_id mod_version tools
------------- :: PHP 5.5 :: ------------- libc-client pear php-bcmath php-calendar php-cli php-common php-curl php-devel php-exif php-fpm php-ftp php-gd php-iconv php-imap php-intl php-ioncube php-litespeed php-mbstring php-mcrypt php-mysqlnd php-pdo php-posix php-pspell php-sockets php-tidy php-xml php-xmlrpc php-zip runtime
------------- :: PHP 5.6 :: ------------- libc-client pear php-bcmath php-calendar php-cli php-common php-curl php-devel php-exif php-fpm php-ftp php-gd php-iconv php-imap php-intl php-ioncube6 php-litespeed php-mbstring php-mcrypt php-mysqlnd php-pdo php-posix php-pspell php-sockets php-tidy php-xml php-xmlrpc php-zip runtime
------------- :: PHP 7.0 :: ------------- libc-client pear php-bcmath php-calendar php-cli php-common php-curl php-devel php-exif php-fpm php-ftp php-gd php-iconv php-imap php-intl php-litespeed php-mbstring php-mcrypt php-mysqlnd php-pdo php-posix php-pspell php-sockets php-tidy php-xml php-xmlrpc php-zip runtime
------------ :: Others :: ------------ apr apr-util cpanel-tools documentroot libcurl libmcrypt libnghttp2 libtidy libxml2 modsec-sdbm-util nghttp2 openssl php-cli php-cli-lsphp profiles-cpanel
Next, configure the following settings.
cPanel Log Rotation Configuration: Tick all
Exim Configuration Manager
Using the cPanel default settings should be sufficient
Basic Editor
RBL: zen.spamhaus.org and bl.spamcop.net : ON
Advanced Editor
daemon_smtp_ports (add): 27
ignore_bounce_errors_after: 12h
timeout_frozen_after: 24h
Section: ROUTERSTART
#Do not allow no body
fail_nobody:
driver = redirect
senders = [email protected]
domains = ! +local_domains
allow_fail
data = :fail: Nobody mail is restricted to send to own domain email only.
FTP Server Configuration
Allow Anonymous Logins: NO
Allow Anonymous Uploads: NO
PHP Configuration Editor
Basic Mode
memory_limit : 64M
upload_max_filesize : 10M
Advanced Mode
disable_functions :
show_source,system,shell_exec,passthru,exec,popen,proc_open,allow_url_fopen
Service Manager (leave it ticked if one side is already ticked and only tick according to the following list)
Enable tailwatchd
– Antirelayd
– ChkServd
– Eximstats
– cPBandwd
Enabled & Monitor
– clamd
– cpdavd (cPanel DAV Daemon)
– exim
– exim on another port (port 27) (Exim Mail Server (on another port))
– ftpd (FTP Server)
– httpd
– imap
– ipaliases
– mailman
– mysql
– named (Name Service Cache Daemon)
– spamd
– sshd
– syslogd (rsyslog System Logger Domain)
On the Web GUI, navigate to Package > Add a package and enter the following package plan name: Unlimited_Resources
Then, navigate to Plugin and install ClamAV. Afterwards, head to the ClamAV Scanner Configuration, tick all boxes and click Save.
Step 5: Configure MySQL
SSH to the server via PuTTY or other means. Then, create a backup for MySQL configuration using the following command.
mv /etc/my.cnf /etc/my.cnf.bak
Create a new configuration file using the following command.
nano /etc/my.cnf
Then, restart MySQL service using the following command.
systemctl restart mysql
Use the following command to check MySQL as Task Manager
ps -ef | grep mysql
Use the following command to verify whether MySQL is running or not
systemctl status mysqld
Edit the /etc/my.cnf file by using the following command
nano /etc/my.cnf
Then, copy and paste the following configuration to the file.
###----------------------- Custom Configuration ------------------------------------### [mysqld] innodb_file_per_table ## Go faster and skip some stuff, YMMV #skip-name-resolve skip-slave-start skip-external-locking # PER CLIENT SETTINGS # # bit high but I got tons of ram here # sort_buffer_size = 2M read_buffer_size = 2M wait_timeout = 200 interactive_timeout = 300 max_allowed_packet = 256M thread_stack = 128K # table_cache = 1024 << myisam_sort_buffer_size = 1M tmp_table_size = 12M max_heap_table_size = 12M # CACHES AND LIMITS # tmp_table_size = 12M max_heap_table_size = 12M query_cache_type = 1 query_cache_limit = 2M query_cache_size = 32M max_connections = 500 thread_cache_size = 50 open_files_limit = 65535 # MyISAM # key_buffer_size = 32M myisam-recover-options = FORCE,BACKUP # SAFETY # max_allowed_packet = 16M max_connect_errors = 1000000 ###----------------------- Custom Configuration ------------------------------------###