Noer IT

Brugerværktøjer

Webstedsværktøjer

Sti: webserver_with_apache_php radio_programmer cpanel_server_setup
cpanel_server_setup

Indholdsfortegnelse

Install cPanel and CloudLinux

Install CentOS 7 on the server

Create /home partition

Install extra packages 

yum install wget mosh

Open firewall ports for mosh 

firewall-cmd --add-service=mosh --permanent

Disable SELinux: Edit the /etc/selinux/config file to set the SELINUX parameter to disabled.

Install CloudLinux

wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k yourkey

Now reboot the server

Install cPanel

https://documentation.cpanel.net/display/ALD/Installation+Guide

Setup services according to the guide 

systemctl stop firewalld.service

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
systemctl enable network.service
systemctl start network.service
systemctl start ipaliases.service
Install cPanel
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

Setup cPanel

Install ClamAV using „Manage Plugins“

Copy configuration from existing cPanel server using „Transfer Tool“

Update setting „Host to publish in the SRV records for Outlook autodiscover support“ to the current hostname.

Setup CloudLinux Features

Install LVE Manager 

lvectl set 10000 --speed=400% --pmem=0 --io=0 --nproc=0
yum install lvemanager

Copy /etc/container/ve.cfg from another cPanel installation. Stop LVE service lve stop while doing this.

Install CageFS 

yum install cagefs
/usr/sbin/cagefsctl --init

/usr/sbin/cagefsctl --disable noer
/usr/sbin/cagefsctl --disable giver
/usr/sbin/cagefsctl --toggle-mode

/usr/sbin/cagefsctl --display-user-mode

Install MySQL Governor 

yum install governor-mysql

# Read Documentation about version
/usr/share/lve/dbgovernor/db-select-mysql --mysql-version=mariadb100
/usr/share/lve/dbgovernor/mysqlgovernor.py --install

System Setup

Change /etc/ssh/sshd_config 

Port 223

Add firewall rule 

firewall-cmd --permanent --zone=public --add-port=223/tcp
firewall-cmd --reload

Add group groupadd ininova Create file /etc/sudoers.d/ininova containing this snippet 

# Allow members of group ininova to execute any command
%ininova   ALL=(ALL:ALL) ALL
Install Puppet
yum install puppet

Now, go to the puppet.hosting.gl and add the server in /etc/puppet/manifests/site.pp. Then sign the request for the new server.

Restart the puppet service with service puppet restart. Check /var/log/messages for errors.

Setup for Hosting.gl

DNS

Add hook to unset NSEC3 when DNSSEC is enabled, because otherwise it cannot be transferred to the DNS slave server.

Put script in /opt/hostinggl/unset_nsec3.php 

#!/usr/local/cpanel/3rdparty/bin/php -q
<?php

// Get decoded input.
$input = get_passed_data();

// Declare return variables and set their values.
list($result_result, $result_message) = unset_nsec3($input);

// Return the return variables.
echo "$result_result $result_message";

// Perform the hooks action, using the decoded input.
function unset_nsec3($input = array()) {
    // Insert your actions here.
    $domain = $input['data']['args']['domain'];
    system("whmapi1 unset_nsec3_for_domains domain=$domain");

    // Set success and failure messages.
    $result = "1";                            // This Boolean value is set to fail.    
    $message = "This is an error message.";   // This string is a reason for $result.

    // Return the hook result and message.
    return array($result, $message);
}

// Process data from STDIN.
function get_passed_data() {

    // Get input from STDIN.
    $raw_data;
    $stdin_fh = fopen('php://stdin', 'r');
    if ( is_resource($stdin_fh) ) {
        stream_set_blocking($stdin_fh, 0);
        while ( ($line = fgets( $stdin_fh, 1024 )) !== false ) {
            $raw_data .= trim($line);
        }
        fclose($stdin_fh);
    }

    // Process and JSON-decode the raw output.
    if ($raw_data) {
        $input_data = json_decode($raw_data, true);
    } else {
        $input_data = array('context'=>array(),'data'=>array(), 'hook'=>array());
    }

    // Return the output.
    return $input_data;
}

Run command to add the hook 

/usr/local/cpanel/bin/manage_hooks add script /opt/hostinggl/unset_nsec3.php --stage post --category Cpanel --event UAPI::DNSSEC::enable_dnssec --manual

Create new user on master.ns.gl for the new host.

Copy the script /opt/hostinggl/copy_zones_to_ns.sh from another cPanel server

Create ssh key for root 

ssh-keygen -t rsa -b 4096 -f /root/.ssh/id2

Copy pub-key to master.ns.gl

Add to /root/.ssh/config. Change User accordingly 

Host master.ns.gl
        User cpanel2
        IdentityFile ~/.ssh/id2

Add cronjob 

# Sync DNS to master.ns.gl
* * * * *       sh /opt/hostinggl/copy_zones_to_ns.sh
RDiff Backup

Create new user on backup1.hosting.gl for the new host.

Copy pub-key to backup1.hosting.gl

Add to /root/.ssh/config. Change User accordingly 

Host backup1.hosting.gl
        User cpanel2
        IdentityFile ~/.ssh/id2

Copy the script /scripts/postcpbackup from another cPanel server

Exim Setup

Change ciphers 

# strong but tolerant
tls_require_ciphers = AESGCM:AES256:aNULL:-aNULL:HIGH:MEDIUM:!RC4:@STRENGTH
cpanel_server_setup.txt · Sidst ændret: 2021/01/26 19:43 af noer

Sideværktøjer

Med mindre andet angivet, vil indhold på denne wiki blive udgivet under følgende licens: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki