How to install cPanel on CentOS 6 or 7. Please note cPanel does not support any other operating systems like ubuntu or debian.
Note - There must be at least 2GB of memory when you're using CentOS 7.
Install system updates with yum command and then reboot:
$ yum update -y && reboot
Fetch the cPanel install and run it using the following commands:
$ cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
Reboot : reboot
After installation you will be asked to configure WHM control panel with lots of settings. I have explained each and every thing below.
WHM Configuration
Initial Configuration
Login to WHM at https://<ip>:2087 at complete the initial configuration wizard (skip if already done by customer).
Step 1: Press "I Agree/Go to Step 2".
Step 2:
Set the "Server Contact Email Address" to the customer's email address.
In the resolvers section, if there is a third resolver with an IPv6 address, empty that field.
Press "Save & Go to Step 3"
Step 3: Click "Skip This Step and Use Default Settings"
Step 4:
Unless the customer specifically specifies (if they don't, you don't need to ask them), select "NSD" as the nameserver.
Tick "Add 'A Entries' for all Nameservers"
Tick "Add 'A Entires' for Hostname"
Press "Save & Go to Step 5"
Step 5:
Untick "Enablecpk cPHulk"
Tick "Provide modules to /usr/bin/perl formally provided by checkperlmodules"
Press "Save & Go to Step 6"
Step 6:
"Use file system quotas" should already be selected (if not, select it) so press "Finish Setup Wizard".
Feature Showcase
Everything on default settings should be fine. Press "Save Settings".
If you'll receive below error message regarding license -
To access the interface, you must install the license and ensure that the license is active.
Cannot Read License File
To access the interface, you must install the license and ensure that the license is active.
Then please reissue the cPanel License and fire below command - /usr/local/cpanel/cpkeyclt
Tweak Settings
Go to Server Configuration > Tweak Settings.
Display - Display File Usage information in the cPanel stats bar (inode count) > ON
Domains -
Allow users to park subdomains of the server’s hostname > ON
Allow cPanel users to create subdomains across accounts > ON
Allow WHM users to create subdomains across accounts > ON
Allow Remote Domains > ON
Allow resellers to create accounts with subdomains of the server’s hostname > ON
Allow unregistered domains > ON
Mail
Max hourly emails per domain - You can ask client for the details.
Initial default/catch-all forwarder destination > Fail
Count mailman deliveries towards a domain’s Max hourly emails > ON
Enable BoxTrapper spam trap > OFF
Enable Apache SpamAssassin™ Spam Box delivery for messages marked as spam (user configurable) > ON
Notifications
Notify admin or reseller when disk quota reaches “warn” state > ON
Enable mailbox usage warnings > ON
Send bandwidth limit notification emails > ON
Bandwidth usage warning - You can ask client for the confirmation.
PHP
cPanel PHP loader > ioncube
Redirection - You can ask client for the confirmation.
Always redirect to SSL > ON --------> Only if there is SSL installed on your hostname.
Software
Enable FormMail-clone CGI > ON
Stats and Logs
Show bandwidth usage in megabytes by default in WHM > ON
Save.
========================================================================
EasyApache 4
Go to Software > EasyApache 4.
Click the blue "Customise" button in the "Currently Installed Packages" box.
Enable anything the customer has specifically requested. If they haven't requested anything or haven't specified they need older PHP versions, ea-php55 (PHP 5.5) should be disabled in the "PHP" category, which should leave only ea-php56 and ea-php70.
When you unselect it, be sure to press "Next" to save the changes on that page. Using the menu options in the sidebar won't save the changes.
Go to the "Review" page, it will take a minute or so to review everything and then press "Provision".
It will only take a few seconds to complete and then you can press "Done".
========================================================================
Install CSF Firewall
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Edit /etc/csf/csf.conf and make the following changes (both settings are near the top of the file):
TESTING = "0"
RESTRICT_SYSLOG = "2"
Save
Now go to WHM > Security Center > SMTP Restrictions > Disable and then run: csf -r
========================================================================
PHP.INI Configuration
Go to WHM > Software > MultiPHP INI Editor
Basic Mode
Do this for both ea-php56 and ea-php70:
max_excecution_time:
max_input_time:
memory_limit:
upload_max_filesize:
Save
You can ask client for the values.
Editor Mode
Do this for both ea-php56 and ea-php70:
Search (ctrl+f) for "timezone" and change the value of "date.timezone" as per client's need.
Search (ctrl+f) for "disable_functions" and change the value to: "show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen"
>> Save
========================================================================
Security Settings
WHM > Security Center:
Compiler Access
Disable Compilers
Configure Security Policies
Tick "Password Strength"
Save
========================================================================
ModSecurity Vendors
Install OWASP ModSecurity Core Rule Set (the default one available on that page)
Once installed, press edit on it.
Turn off:
rules/REQUEST-12-DOS-PROTECTION.conf
rules/REQUEST-13-SCANNER-DETECTION.conf
rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf
rules/REQUEST-30-APPLICATION-ATTACK-LFI.conf
rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf
rules/REQUEST-43-APPLICATION-ATTACK-SESSION-FIXATION.conf
========================================================================
Password Strength Configuration
Set Default to 70
Save
========================================================================
PHP open_basedir Protection
Enable
Save
========================================================================
Shell Fork Bomb Protection
Enable Protection
========================================================================
Service Configuration
WHM > Service Configuration:
cPanel Log Rotation Configuration
Tick anything not ticked
Save
========================================================================
Exim Configuration Manager
Reject remote mail sent to the server's hostname > ON
Require remote (domain) HELO > ON
Enable Sender Rewriting Scheme (SRS) Support > ON
RBL: bl.spamcop.net > ON
RBL: zen.spamhaus.org > ON
Save
========================================================================
FTP Server Configuration
Allow Logins with Root Password > NO
Save
========================================================================
Mailserver Configuration
Time to Cache Successful Logins > 0
Time to Cache Failed Logins > 0
Include Trash in Quota > YES
Auto Expunge Trash > YES
Disk Quota Delivery Failure Response > Defer delivery temporarily
Save
========================================================================
WHM > Packages > Feature Manager:
"default" feature list > Edit
Tick "Advanced DNS Zone Editor"
Save
WHM > System Health > Background Process Killer:
Tick everything
Save
WHM > Server Configuration > Basic cPanel & WHM Setup:
Press "Assign IP Address" next to each nameserver down the bottom.
If it wasn't done during the initial configuration, also click "Add an A entry for this nameserver" next to each nameserver.
========================================================================
Clear SSH history and reboot :
$ history -c && reboot
========================================================================
All set!
If you are unable to do this, Please let us know we will be happy to assist you