===== Install cPanel and CloudLinux =====

Install CentOS 7 on the server

Create ''/home'' partition

Install extra packages
<code>
yum install wget mosh
</code>

Open firewall ports for ''mosh''
<code>
firewall-cmd --add-service=mosh --permanent
</code>

Disable SELinux: Edit the ''/etc/selinux/config'' file to set the SELINUX parameter to disabled.

==== Install CloudLinux ====
<code>
wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k yourkey
</code>

Now reboot the server

==== Install cPanel ====
https://documentation.cpanel.net/display/ALD/Installation+Guide

Setup services according to the guide
<code>
systemctl stop firewalld.service

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
systemctl enable network.service
systemctl start network.service
systemctl start ipaliases.service
</code>

== Install cPanel ==
<code>
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
</code>

==== Setup cPanel ====
Install ClamAV using "Manage Plugins"

Copy configuration from existing cPanel server using "Transfer Tool"

Update setting "Host to publish in the SRV records for Outlook autodiscover support" to the current hostname.

==== Setup CloudLinux Features ====
Install LVE Manager
<code>
lvectl set 10000 --speed=400% --pmem=0 --io=0 --nproc=0
yum install lvemanager
</code>

Copy ''/etc/container/ve.cfg'' from another cPanel installation. Stop LVE ''service lve stop'' while doing this.

Install CageFS
<code>
yum install cagefs
/usr/sbin/cagefsctl --init

/usr/sbin/cagefsctl --disable noer
/usr/sbin/cagefsctl --disable giver
/usr/sbin/cagefsctl --toggle-mode

/usr/sbin/cagefsctl --display-user-mode
</code>

Install MySQL Governor
<code>
yum install governor-mysql

# Read Documentation about version
/usr/share/lve/dbgovernor/db-select-mysql --mysql-version=mariadb100
/usr/share/lve/dbgovernor/mysqlgovernor.py --install
</code>

==== System Setup ====

Change ''/etc/ssh/sshd_config''
<code>
Port 223
</code>

Add firewall rule
<code>
firewall-cmd --permanent --zone=public --add-port=223/tcp
firewall-cmd --reload
</code>

Add group ''groupadd ininova''
Create file ''/etc/sudoers.d/ininova'' containing this snippet
<code>
# Allow members of group ininova to execute any command
%ininova   ALL=(ALL:ALL) ALL
</code>

== Install Puppet ==
<code>
yum install puppet
</code>

Now, go to the puppet.hosting.gl and add the server in ''/etc/puppet/manifests/site.pp''. Then sign the request for the new server.

Restart the puppet service with ''service puppet restart''. Check ''/var/log/messages'' for errors.

==== Setup for Hosting.gl ====

== DNS ==
Add hook to unset NSEC3 when DNSSEC is enabled, because otherwise it cannot be transferred to the DNS slave server.

Put script in ''/opt/hostinggl/unset_nsec3.php''
<code>
#!/usr/local/cpanel/3rdparty/bin/php -q
<?php

// Get decoded input.
$input = get_passed_data();

// Declare return variables and set their values.
list($result_result, $result_message) = unset_nsec3($input);

// Return the return variables.
echo "$result_result $result_message";

// Perform the hooks action, using the decoded input.
function unset_nsec3($input = array()) {
    // Insert your actions here.
    $domain = $input['data']['args']['domain'];
    system("whmapi1 unset_nsec3_for_domains domain=$domain");

    // Set success and failure messages.
    $result = "1";                            // This Boolean value is set to fail.    
    $message = "This is an error message.";   // This string is a reason for $result.

    // Return the hook result and message.
    return array($result, $message);
}

// Process data from STDIN.
function get_passed_data() {

    // Get input from STDIN.
    $raw_data;
    $stdin_fh = fopen('php://stdin', 'r');
    if ( is_resource($stdin_fh) ) {
        stream_set_blocking($stdin_fh, 0);
        while ( ($line = fgets( $stdin_fh, 1024 )) !== false ) {
            $raw_data .= trim($line);
        }
        fclose($stdin_fh);
    }

    // Process and JSON-decode the raw output.
    if ($raw_data) {
        $input_data = json_decode($raw_data, true);
    } else {
        $input_data = array('context'=>array(),'data'=>array(), 'hook'=>array());
    }

    // Return the output.
    return $input_data;
}
</code>

Run command to add the hook
<code>
/usr/local/cpanel/bin/manage_hooks add script /opt/hostinggl/unset_nsec3.php --stage post --category Cpanel --event UAPI::DNSSEC::enable_dnssec --manual
</code>

Create new user on ''master.ns.gl'' for the new host.

Copy the script ''/opt/hostinggl/copy_zones_to_ns.sh'' from another cPanel server

Create ssh key for root
<code>
ssh-keygen -t rsa -b 4096 -f /root/.ssh/id2
</code>

Copy pub-key to ''master.ns.gl''

Add to ''/root/.ssh/config''. Change User accordingly
<code>
Host master.ns.gl
        User cpanel2
        IdentityFile ~/.ssh/id2
</code>

Add cronjob
<code>
# Sync DNS to master.ns.gl
* * * * *       sh /opt/hostinggl/copy_zones_to_ns.sh
</code>

== RDiff Backup ==
Create new user on ''backup1.hosting.gl'' for the new host.

Copy pub-key to ''backup1.hosting.gl''

Add to ''/root/.ssh/config''. Change User accordingly
<code>
Host backup1.hosting.gl
        User cpanel2
        IdentityFile ~/.ssh/id2
</code>

Copy the script ''/scripts/postcpbackup'' from another cPanel server

== Exim Setup ==
Change ciphers
<code>
# strong but tolerant
tls_require_ciphers = AESGCM:AES256:aNULL:-aNULL:HIGH:MEDIUM:!RC4:@STRENGTH
</code>