Indholdsfortegnelse
Install cPanel and CloudLinux
Install CentOS 8 on the server
Create /home partition
Install extra packages
yum install wget mosh
Open firewall ports for mosh
firewall-cmd --add-service=mosh --permanent
Disable SELinux: Edit the /etc/selinux/config file to set the SELINUX parameter to disabled.
Install cPanel
https://docs.cpanel.net/installation-guide/install/
Setup services according to the guide
systemctl stop firewalld.service
Install cPanel
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
Install CloudLinux
wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy sh cldeploy -k yourkey
Now reboot the server
Setup cPanel
In „Manage Plugins“ install ClamAV, Calendar and Contacts Server, Solr
Copy configuration from existing cPanel server using „Transfer Tool“
Update setting „Host to publish in the SRV records for Outlook autodiscover support“ to the current hostname.
Setup CloudLinux Features
Go to „CloudLinux LVE Manager“ and install the features you want.
Change the group of admin users to wheel
System Setup
Change /etc/ssh/sshd_config
Port 223
Add firewall rule
firewall-cmd --permanent --zone=public --add-port=223/tcp firewall-cmd --reload
Add group groupadd hostinggl
Create file /etc/sudoers.d/hostinggl containing this snippet
# Allow members of group hostinggl to execute any command %hostinggl ALL=(ALL:ALL) ALL
Setup for Hosting.gl
DNS
Add these lines to /etc/pdns/pdns.conf
## Hosting.gl settings begin ## # ClouDNS zone transfer disable-axfr=no master=yes allow-axfr-ips= 109.201.133.111 209.58.140.85 54.36.26.145 185.206.180.104 185.136.96.66 185.136.97.66 185.136.98.66 185.136.99.66 185.206.180.193 2a00:1768:1001:9::31:1 2605:fe80:2100:a013:7::1 2a0b:1640:1:1:1:1:8ec:5a47 2a06:fb00:1::1:66 2a06:fb00:1::2:66 2a06:fb00:1::3:66 2a06:fb00:1::4:66 2a0b:1640:1:3::1 also-notify=109.201.133.111 209.58.140.85 54.36.26.145 185.206.180.104 185.136.96.66 185.136.97.66 185.136.98.66 185.136.99.66 185.206.180.193 2a00:1768:1001:9::31:1 2605:fe80:2100:a013:7::1 2a0b:1640:1:1:1:1:8ec:5a47 2a06:fb00:1::1:66 2a06:fb00:1::2:66 2a06:fb00:1::3:66 2a06:fb00:1::4:66 2a0b:1640:1:3::1 ## Hosting.gl settings end ##
Add cronjob
# Sync DNS to master.ns.gl * * * * * sh /opt/hostinggl/copy_zones_to_ns.sh
DNSSEC
Add hook to unset NSEC3 when DNSSEC is enabled, because otherwise it cannot be transferred to the DNS slave server.
Put script in /opt/hostinggl/unset_nsec3.php
#!/usr/local/cpanel/3rdparty/bin/php -q
<?php
// Get decoded input.
$input = get_passed_data();
// Declare return variables and set their values.
list($result_result, $result_message) = unset_nsec3($input);
// Return the return variables.
echo "$result_result $result_message";
// Perform the hooks action, using the decoded input.
function unset_nsec3($input = array()) {
// Insert your actions here.
$domain = $input['data']['args']['domain'];
system("whmapi1 unset_nsec3_for_domains domain=$domain");
// Set success and failure messages.
$result = "1"; // This Boolean value is set to fail.
$message = "This is an error message."; // This string is a reason for $result.
// Return the hook result and message.
return array($result, $message);
}
// Process data from STDIN.
function get_passed_data() {
// Get input from STDIN.
$raw_data;
$stdin_fh = fopen('php://stdin', 'r');
if ( is_resource($stdin_fh) ) {
stream_set_blocking($stdin_fh, 0);
while ( ($line = fgets( $stdin_fh, 1024 )) !== false ) {
$raw_data .= trim($line);
}
fclose($stdin_fh);
}
// Process and JSON-decode the raw output.
if ($raw_data) {
$input_data = json_decode($raw_data, true);
} else {
$input_data = array('context'=>array(),'data'=>array(), 'hook'=>array());
}
// Return the output.
return $input_data;
}
Run command to add the hook
/usr/local/cpanel/bin/manage_hooks add script /opt/hostinggl/unset_nsec3.php --stage post --category Cpanel --event UAPI::DNSSEC::enable_dnssec --manual
