How to configure WHM/cPanel – Post install ~ Tutorial Opensource and Linux

How to configure WHM/cPanel – Post install

Once we have our confirmation from SSH that cPanel is installed and configured, we run the “reboot” command to reboot the server.

When the server comes back on

line, we access the cPanel area through https://your-ip-address:2087

Step 4: Nameservers

Generally, I would go with BIND as the nameserver. You may prefer MyDNS or NSD, but BIND works for 99% of cPanel users.

Next, we choose which nameservers domains on the server we will use.

If you have a domain, you can create “ns1.domain.com” and “ns2.domain.com” in your domain name registrar’s control panel area

then when it asks for an IP address for ns1.domain.com and ns2.domain.com, put in the IP address of your VPS server.

We click, “Save & Go to Step 5″

Step 5: Services

Pure-FTPD works for 99% of cPanel users unless you specifically need to use ProFTPD or wish to disable FTP completely.

For “Mail Configuration”, Dovecot works for 99% of cPanel users unless you have experience with Courier or wish to disable mail services completely from cPanel.

For “Configure cPHulk”, I would leave it enabled. cPHulk catches automated scripts and programs trying to bruteforce, that is guess,

weak or dictionary passwords through a list. Many people confuse cPHulk notices for “oh no, a hacker is trying to break in!” where the hacker is nothing more than an automated program that is running a list of passwords in an attempt to login.

We click, “Save & Go to Step 6″

Step 6: Quotas

I would keep “Use file system quotas” enabled.

We click “Finish Setup Wizard” and now we’re done!

Feature Showcase:

This is confusing to a lot of new users and folks who have cPanel experience but have not done a fresh installation in quite some time.

Email Archiving is great for storing emails in an archive, let’s say for an organization or company, so that you can retreive that archive later on. No more deleted emails on accident, just download the Email Archive!

Security Tokens you should leave enabled. This prevents XSRF attacks, which can cause your cPanel server to be hacked if you are logged in via cPanel as root or an account owner then you are XSRF attacked through another website.

SMTP Restrictions should be enabled, depending on how secure you want your system to be. If you’re the only user on your cPanel server, I would enable it to prevent a PHP shell or spam PHP script from being uploaded to send mail. SMTP Restrictions only allow the MTA (Mail Transfer Agent), mailman and root to connect to remote SMTP servers therefore preventing most attacks where an attacker gains access through a web application, uploads a spam PHP script and spams from the server without the owner or system administrator’s knowledge until the spam complains are received.

We click “Save Settings”.

Now we are logged in and let’s run EasyApache before we start creating domains.

EasyApache:

It is down at the very bottom on the left hand side. Click the scroll bar and go all the way to “Software” of the left hand menu on the

cPanel WebHost Manager (WHM) screen to look for “EasyApache (Apache Update)”.

We click the EasyApache link and go to the main screen.

You are prompted for “Begin by selecting a profile to load”

We choose “Previously Saved Config (** DEFAULT **)” as we do not have

a previously saved profile.

Scroll down and click “Start customizing based on profile”

For your Apache version, you want the latest version possible of the 2.2.x series and not a END OF LIFE version. END OF LIFE means the software will not have updates or will be supported by either Apache or cPanel so never use an END OF LIFE option with cPanel or you may risk compromise/loss of your data through it being exploited by an attacker.

For PHP, as with Apache, we do not want an END OF LIFE version.

The 5.3.22 series of PHP is current and I chose that. I’ve used the 5.4.x series of PHP in the past but had issues upgrading from PHP

5.3.x to PHP 5.4.x so I just stick with the 5.3.x series for now.

We click “Next Step”

We are now looking at the “Short Options List” which provides us some options to enable. Commonly used PHP requirements and/or software loaders, like EAcellerator or IonCube, are found here.

I would recommend enabling the following:

IonCube Loader for PHP

Mod Security

Suhosin for PHP

Now we click “Exhaustive Options List”

Apache has some built-in modules that are already enabled and many do not need to be disabled.

Here are a few that are not enabled by default that I would enable:

- Deflate

“Other Modules” that I would enable:

- IonCube Loader for PHP

- EAccelerator for PHP

Under “PHP (version number)”, you can enable specific PHP modules:

- Bz2

- EXIF

- GD

- Mbstring

- Mcrypt

- PDO MySQL

- PDO

- TTF

Once you click “Save and build”, you are asked to acknowledge that:

“Termination of the build process will result in data loss! The build process is designed to run in the background until complete.

Prematurely killing this process will leave your Apache configuration in an unusable state requiring restoration from backups”

If you agree that is OK, click “I Understand”

Sometimes you will get extra information or notifications, which is OK.

Verbose logs are stored in: /usr/local/cpanel/logs/easy/

apache
Once completed, you will have a brand new and updated Apache, PHP, and necessary PHP modules for most web applications.