===== Install cPanel and CloudLinux =====

Install CentOS 8 on the server

Create ''/home'' partition

Install extra packages
<code>
yum install wget mosh
</code>

Open firewall ports for ''mosh''
<code>
firewall-cmd --add-service=mosh --permanent
</code>

Disable SELinux: Edit the ''/etc/selinux/config'' file to set the SELINUX parameter to disabled.

==== Install cPanel ====
https://docs.cpanel.net/installation-guide/install/

Setup services according to the guide
<code>
systemctl stop firewalld.service
</code>

== Install cPanel ==
<code>
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
</code>

==== Install CloudLinux ====
<code>
wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k yourkey
</code>

Now reboot the server

==== Setup cPanel ====
In "Manage Plugins" install ClamAV, Calendar and Contacts Server, Solr

Copy configuration from existing cPanel server using "Transfer Tool"

Update setting "Host to publish in the SRV records for Outlook autodiscover support" to the current hostname.

==== Setup CloudLinux Features ====
Go to "CloudLinux LVE Manager" and install the features you want.

Change the group of admin users to wheel

==== System Setup ====

Change ''/etc/ssh/sshd_config''
<code>
Port 223
</code>

Add firewall rule
<code>
firewall-cmd --permanent --zone=public --add-port=223/tcp
firewall-cmd --reload
</code>

Add group ''groupadd hostinggl''
Create file ''/etc/sudoers.d/hostinggl'' containing this snippet
<code>
# Allow members of group hostinggl to execute any command
%hostinggl   ALL=(ALL:ALL) ALL
</code>

==== Setup for Hosting.gl ====

== DNS ==
Add these lines to ''/etc/pdns/pdns.conf''
<code>
## Hosting.gl settings begin ##
# ClouDNS zone transfer
disable-axfr=no

master=yes

allow-axfr-ips= 109.201.133.111 209.58.140.85 54.36.26.145 185.206.180.104 185.136.96.66 185.136.97.66 185.136.98.66 185.136.99.66 185.206.180.193 2a00:1768:1001:9::31:1 2605:fe80:2100:a013:7::1 2a0b:1640:1:1:1:1:8ec:5a47 2a06:fb00:1::1:66 2a06:fb00:1::2:66 2a06:fb00:1::3:66 2a06:fb00:1::4:66 2a0b:1640:1:3::1
also-notify=109.201.133.111 209.58.140.85 54.36.26.145 185.206.180.104 185.136.96.66 185.136.97.66 185.136.98.66 185.136.99.66 185.206.180.193 2a00:1768:1001:9::31:1 2605:fe80:2100:a013:7::1 2a0b:1640:1:1:1:1:8ec:5a47 2a06:fb00:1::1:66 2a06:fb00:1::2:66 2a06:fb00:1::3:66 2a06:fb00:1::4:66 2a0b:1640:1:3::1
## Hosting.gl settings end ##
</code>

Add this code to ''/opt/hostinggl/update_cluodns.sh'' and ''chmod +x /opt/hostinggl/update_cluodns.sh''
<code>
#!/bin/bash

HOSTNAME=`hostname`
URL="https://hosting.gl/modules/servers/cloudns/api.php?action=update%26host=${HOSTNAME}"

if [ "/opt/named.conf.updatetime" -ot "/etc/named.conf" ]; then
        curl $URL && touch -r /etc/named.conf /opt/named.conf.updatetime
fi
</code>

Add cronjob
<code>
# Sync DNS to master.ns.gl
* * * * *       sh /opt/hostinggl/update_cluodns.sh
</code>


== DNSSEC ==
Add hook to unset NSEC3 when DNSSEC is enabled, because otherwise it cannot be transferred to the DNS slave server.

Put script in ''/opt/hostinggl/unset_nsec3.php''
<code>
#!/usr/local/cpanel/3rdparty/bin/php -q
<?php

// Get decoded input.
$input = get_passed_data();

// Declare return variables and set their values.
list($result_result, $result_message) = unset_nsec3($input);

// Return the return variables.
echo "$result_result $result_message";

// Perform the hooks action, using the decoded input.
function unset_nsec3($input = array()) {
    // Insert your actions here.
    $domain = $input['data']['args']['domain'];
    system("whmapi1 unset_nsec3_for_domains domain=$domain");

    // Set success and failure messages.
    $result = "1";                            // This Boolean value is set to fail.    
    $message = "This is an error message.";   // This string is a reason for $result.

    // Return the hook result and message.
    return array($result, $message);
}

// Process data from STDIN.
function get_passed_data() {

    // Get input from STDIN.
    $raw_data;
    $stdin_fh = fopen('php://stdin', 'r');
    if ( is_resource($stdin_fh) ) {
        stream_set_blocking($stdin_fh, 0);
        while ( ($line = fgets( $stdin_fh, 1024 )) !== false ) {
            $raw_data .= trim($line);
        }
        fclose($stdin_fh);
    }

    // Process and JSON-decode the raw output.
    if ($raw_data) {
        $input_data = json_decode($raw_data, true);
    } else {
        $input_data = array('context'=>array(),'data'=>array(), 'hook'=>array());
    }

    // Return the output.
    return $input_data;
}
</code>

Run command to add the hook
<code>
/usr/local/cpanel/bin/manage_hooks add script /opt/hostinggl/unset_nsec3.php --stage post --category Cpanel --event UAPI::DNSSEC::enable_dnssec --manual
</code>