Forskelle

Dette viser forskellene mellem den valgte og den nuværende udgave af dokumentet. Gul er linjer der findes i den gamle udgave, og grøn er linjer der findes i den nuværende.

Link til denne sammenlinings vising

--- cpanel_server_setup [2017/02/22 16:26]
noer oprettet
+++ cpanel_server_setup [2021/01/26 19:43] (nuværende)
noer
@@ Linje 1: / Linje 1: @@
+===== Install cPanel and CloudLinux =====
 Install CentOS 7 on the server
+Create ''/home'' partition
 Install extra packages
@@ Linje 11: / Linje 15: @@
 </code>
-Install CloudLinux
+Disable SELinux: Edit the ''/etc/selinux/config'' file to set the SELINUX parameter to disabled.
+==== Install CloudLinux ====
 <code>
 wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
@@ Linje 19: / Linje 25: @@
 Now reboot the server
-LVE-Stats 2
+==== Install cPanel ====
+https://documentation.cpanel.net/display/ALD/Installation+Guide
+Setup services according to the guide
 <code>
-yum install lve-stats
+systemctl stop firewalld.service
+systemctl stop NetworkManager.service
+systemctl disable NetworkManager.service
+systemctl enable network.service
+systemctl start network.service
+systemctl start ipaliases.service
 </code>
+== Install cPanel ==
 <code>
+cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
 </code>
+==== Setup cPanel ====
+Install ClamAV using "Manage Plugins"
+Copy configuration from existing cPanel server using "Transfer Tool"
+Update setting "Host to publish in the SRV records for Outlook autodiscover support" to the current hostname.
+==== Setup CloudLinux Features ====
+Install LVE Manager
+<code>
+lvectl set 10000 --speed=400% --pmem=0 --io=0 --nproc=0
+yum install lvemanager
+</code>
+Copy ''/etc/container/ve.cfg'' from another cPanel installation. Stop LVE ''service lve stop'' while doing this.
+Install CageFS
+<code>
+yum install cagefs
+/usr/sbin/cagefsctl --init
+/usr/sbin/cagefsctl --disable noer
+/usr/sbin/cagefsctl --disable giver
+/usr/sbin/cagefsctl --toggle-mode
+/usr/sbin/cagefsctl --display-user-mode
+</code>
+Install MySQL Governor
+<code>
+yum install governor-mysql
+# Read Documentation about version
+/usr/share/lve/dbgovernor/db-select-mysql --mysql-version=mariadb100
+/usr/share/lve/dbgovernor/mysqlgovernor.py --install
+</code>
+==== System Setup ====
+Change ''/etc/ssh/sshd_config''
+<code>
+Port 223
+</code>
+Add firewall rule
+<code>
+firewall-cmd --permanent --zone=public --add-port=223/tcp
+firewall-cmd --reload
+</code>
+Add group ''groupadd ininova''
+Create file ''/etc/sudoers.d/ininova'' containing this snippet
+<code>
+# Allow members of group ininova to execute any command
+%ininova   ALL=(ALL:ALL) ALL
+</code>
+== Install Puppet ==
+<code>
+yum install puppet
+</code>
+Now, go to the puppet.hosting.gl and add the server in ''/etc/puppet/manifests/site.pp''. Then sign the request for the new server.
+Restart the puppet service with ''service puppet restart''. Check ''/var/log/messages'' for errors.
+==== Setup for Hosting.gl ====
+== DNS ==
+Add hook to unset NSEC3 when DNSSEC is enabled, because otherwise it cannot be transferred to the DNS slave server.
+Put script in ''/opt/hostinggl/unset_nsec3.php''
+<code>
+#!/usr/local/cpanel/3rdparty/bin/php -q
+<?php
+// Get decoded input.
+$input = get_passed_data();
+// Declare return variables and set their values.
+list($result_result, $result_message) = unset_nsec3($input);
+// Return the return variables.
+echo "$result_result $result_message";
+// Perform the hooks action, using the decoded input.
+function unset_nsec3($input = array()) {
+    // Insert your actions here.
+    $domain = $input['data']['args']['domain'];
+    system("whmapi1 unset_nsec3_for_domains domain=$domain");
+    // Set success and failure messages.
+    $result = "1";                            // This Boolean value is set to fail.
+    $message = "This is an error message.";   // This string is a reason for $result.
+    // Return the hook result and message.
+    return array($result, $message);
+}
+// Process data from STDIN.
+function get_passed_data() {
+    // Get input from STDIN.
+    $raw_data;
+    $stdin_fh = fopen('php://stdin', 'r');
+    if ( is_resource($stdin_fh) ) {
+        stream_set_blocking($stdin_fh, 0);
+        while ( ($line = fgets( $stdin_fh, 1024 )) !== false ) {
+            $raw_data .= trim($line);
+        }
+        fclose($stdin_fh);
+    }
+    // Process and JSON-decode the raw output.
+    if ($raw_data) {
+        $input_data = json_decode($raw_data, true);
+    } else {
+        $input_data = array('context'=>array(),'data'=>array(), 'hook'=>array());
+    }
+    // Return the output.
+    return $input_data;
+}
+</code>
+Run command to add the hook
+<code>
+/usr/local/cpanel/bin/manage_hooks add script /opt/hostinggl/unset_nsec3.php --stage post --category Cpanel --event UAPI::DNSSEC::enable_dnssec --manual
+</code>
+Create new user on ''master.ns.gl'' for the new host.
+Copy the script ''/opt/hostinggl/copy_zones_to_ns.sh'' from another cPanel server
+Create ssh key for root
+<code>
+ssh-keygen -t rsa -b 4096 -f /root/.ssh/id2
+</code>
+Copy pub-key to ''master.ns.gl''
+Add to ''/root/.ssh/config''. Change User accordingly
+<code>
+Host master.ns.gl
+        User cpanel2
+        IdentityFile ~/.ssh/id2
+</code>
+Add cronjob
+<code>
+# Sync DNS to master.ns.gl
+* * * * *       sh /opt/hostinggl/copy_zones_to_ns.sh
+</code>
+== RDiff Backup ==
+Create new user on ''backup1.hosting.gl'' for the new host.
+Copy pub-key to ''backup1.hosting.gl''
+Add to ''/root/.ssh/config''. Change User accordingly
+<code>
+Host backup1.hosting.gl
+        User cpanel2
+        IdentityFile ~/.ssh/id2
+</code>
+Copy the script ''/scripts/postcpbackup'' from another cPanel server
+== Exim Setup ==
+Change ciphers
+<code>
+# strong but tolerant
+tls_require_ciphers = AESGCM:AES256:aNULL:-aNULL:HIGH:MEDIUM:!RC4:@STRENGTH
+</code>

Noer IT

Brugerværktøjer

Webstedsværktøjer

Forskelle

Sideværktøjer