How to Configure a cPanel Based Server

Initial cPanel Configuration

This is the first part of a two part series on setting up your cPanel based server. This guide should take approximately 15 minutes to complete. The information contained within this article is based solely on my experience with Linux and cPanel based servers.

Step 1: Logging to your server through WHM (Web Host Manager)

In order to setup your server, you will have to log to your WHM.  Open your favorite web browser, and in the address field, type one of the following URL’s:

    https://<your server ip>:2087

    http://<your server ip>:2086

    http://<your server ip>/whm

Note: Using the first option (https://<your server ip>:2087) will allow you to securely access your server via your web browser. Upon a connection, you will be presented with an alert box, Click Yes to accept the self signed SSL certificate.

Type in your username (root), and the password that was given to you by your hosting provider in the Connect to Box as presented below, and click on OK.

Step 2: Resolver Setup

When connecting to you cPanel server for the first time, you will be presented with a series of step-by-step questions which will initiate the basic setup configuration of your server.  Once you’re done with the initial setup, you will be automatically taken to the main WHM area, where you will continue to configure, and finalize your server settings.

The first step that we will complete will be our Resolver Setup.  Basically, the Resolver defines which DNS server will resolve your server’s DNS requests.  It can be either your own server (considering that your server acts as a DNS), or any other DNS server which will satisfy your server’s DNS queries.

To begin, we will focus on the Resolver Setup popup window which will appear when you initially log into WHM.  Click on Continue to start entering your resolvers.

Our next step will involve typing each, and every resolver in the proper field, as seen in the snap show below.  When you’re done, click on Continue.

Note: You can use your hosting provider DNS servers to fill up the Secondary Resolver and Tertiary Resolver.

Step 3: Copyright Agreement

After we’ve closed our Resolver popup window, our next step will be to configure our server through the WHM (Web Host Manager) interface.

Once you’ve clicked on the Next button as shown in the snap shot to the left, a Copyright Agreement will appear in the right frame of your web browser.

Scroll down and read carefully through the Copyright Agreement. Once you’ve agreed to the terms, click on the Next button as shown.


Step 4: Setup Server Information

After you’ve clicked on the Next button, WHM will take you to the Setup Server Information section.

In the right frame, scroll down and fill out the fields as shown in the table below:

Note: By default, cPanel has filled most of the fields.  You can always go back and change these default settings.

Main Shared Virtual Host IP By default, cPanel assigns the main IP as the main shared virtual host IP.  There is no need to change it, just verify that it is the correct IP.
Server Contact E-Mail Address Fill out your e-mail address that will be used by the server in case some problems arise with it.  I recommend using 3rd party email (e.g. hotmail.com, yahoo.com) or any other email provider that does not reside on the server.  The point behind this is that if there are any issues with your server, you will not be aware to this situation since your server will be unable to send you a notice.
Server Contact AIM [Optional Field]
Fill this field in if you wish to have your server to reach you via AIM with the given AIM nickname you’ve specified.
Server Contact ICQ [Optional Field]
Fill this field in if you wish to have your server to reach you over ICQ with the given ICQ UIN you’ve specified.
Server Contact Pager Address [Optional Field]
In this field, you can specify a cellular phone, or pager e-mail address that your server will use in case a problem arises.
Primary Nameserver Type in the FQDN of your primary nameserver. The primary nameserver will be used to create new entries when creating new domains or subdomains. Usually people register their own nameservers as ns1.myhost.com and ns2.myhost.com (where myhost.com is your domain).
Secondary Nameserver This is the same setup as the Primary Nameserver, just type in the second name of your registered nameserver which will be used when creating new domains or subdomains.
Third Nameserver [Optional Field]
Fill this optional field if you need a third nameserver to be used whenever creating a new domains or subdomains.
ICQ UIN [Optional Field]
Provide the ICQ UIN your server should use in order to send you ICQ instant messages if a problem arises.
ICQ Password [Optional Field]
Provide a valid ICQ password for the ICQ UIN you’ve entered in the ICQ UIN field.
AIM Username [Optional Field]
Provide a valid AIM nickname your server should use in order to send you ICQ instant messages if a problem arises.
AIM Password [Optional Field] Provide a valid AIM password for the AIM nickname you’ve entered in the AIM Username field.

Once you’re done modifying your fields, click on the Finish button as seen in the image.

This will take you to the next step of quota initialization.

Step 5: Quota Initialization

This part is pretty much being automated by cPanel. WHM will display a short message of Initial Quota Scan as presented in the snap shot below:

Clicking on the Next Step button will bring us to the Setup Nameserver section.

Step 6: Setup Nameserver

Enabling this option will basically allow your server to function as a nameserver (DNS). As recommend by cPanel, I also highly recommend NOT to enable your server to function as a nameserver unless you’re 100% sure you’re going to use it as one. If you wish to disable this service at a later time, you can always do so by turning it off in the Service Manager area.

Again, if you wish to enable this function, click on OK as seen in the snap shot below.

Once you’ve clicked the OK button, cPanel will start activating your nameserver service, and you will receive a message stating the bind service started ok.
It should be something like this:

Note: The screen shots for this article has been taken from the latest cPanel X theme. All other themes will function the same, except for the visual display.


Part 7: Logging to your server through WHM (Web Host Manager)

[skip this part if you’re already logged into WHM]

In order to setup your server, you will have to log to your WHM.

Open your favorite web browser, and in the address field, type one of the following URL’s:

https://<your server ip>:2087
http://<your server ip>:2086
http://<your server ip>/whm

Note: Using the first option (e.g. https://<your server ip>:2087) will allow you to securely access to your server via your web browser. Upon a connection, you will be presented with an alert box, Click Yes to accept the self signed SSL certificate.

Type in your username (root), and the password that was given to you by your hosting provider in the Connect to Box as presented below, and click on OK.

Part 8: Adding your IPs

Once you’ve established a connection via a web browser, your next step will be to add all of our IPs which were given to you by your hosting provider.

Scroll down on the left pane of your WHM until you have reached the IP Functions section as seen below:

Click on Show or Delete Current IP Address to see which

IP addresses are bound to your server.

Click on Add a New IP Address in order to add all the IPs that were given to you by your hosting provider. 

Our next steps will help you setup the server.

Server Setup Part 9-A: Edit Setup

[Skip this part if you’ve already completed it in the initial setup]

Click on the Edit Setup option in order to fill in your server setup configuration.

The following fields are of best interest to us in the initial cPanel server setup:
Main Shared Virtual Host IP
By default, the main server IP will be assigned as the shared virtual host IP.

Server Contact E-Mail Address
Fill out your e-mail address that will be used by the server in case some problems arise with it. I recommend using 3rd party email (e.g. hotmail.com, yahoo.com) or any other email provider that does not reside on the server. The point behind this is that if there are any issues with your server, you will not be aware to this situation since your server will be unable to send you a notice.

Primary Nameserver
Type in the hostname of your primary nameserver. Usually people register their own nameservers as ns1.myhost.com and ns2.myhost.com (where myhost.com is your domain).

Note: If you’re going to use your own nameservers, you must make sure you’ve registered them with your domain registrar.

Secondary Nameserver
This is the same setup as the Primary Nameserver, just type in your second name of your registered nameserver.

Note: Although the Third Nameserver, and Fourth Nameserver are not as necessary, you still have the option of registering and filling them in these fields.

We also have optional fields under the Edit Setup section that we can fill out only if we really need them. These are:
AIM Username, AIM Password
If you would like to receive AIM alerts, and notifications, fill in the AIM username, and password that the server should use to log in, and to send you these messages.

Server Contact AIM
Type in the AIM nickname of where your server can reach you at.

Note: You can also use the Server Contact ICQ UIN if you would like th

Once your IPs has been added to the server, the next step will be to go over the Server Setup section.  You will find this section on the top most part of your WHM left pane as presented below.

Server Setup Part 9-B: Tweak Settings

This section is pretty much self explanatory, there are no custom configurations.

The options that I recommend enabling are:

Disk Space Usage Warnings
When a user will reach 80% of your their quota, you will automatically receive a notification via email.

Email Box Usage Warnings
When a user reaches 80% of his mailbox quota, he will automatically receive a notification via email.

Attempt to prevent pop3 connection floods

Email users when they have reached 80% of their bandwidth

Use jailshell as the default shell for all new accounts (linux 2.4 or later only)
Although this feature is useful, I -do not- recommend giving any sort of shell access to your customers unless they really need it.  Shell access is one security gap that can be closed when you restrict it.

Server Setup Part 9-C: Tweak Security

Clicking on Tweak Security will open up the following options on the right frame of your browser:

The first tweak, php open_basedir will prevent from users to opening files from outside their home directory. If you wish to enable/disable this tweak, simply click on the php open_basedir Tweak link, and then either check it (to enable) or uncheck it to disable.  I recommend enabling this tweak, and then, excluding a specific user if necessary.

The second tweak, mod_userdir will allow users to view their site by entering a tilde (~), followed by their username in the address bar of the web browser.  This tweak basically allows your users
to view their web site before their domain
name has been fully propagated.  The
disadvantage is that the bandwidth used counts against your server, and not against the user.

I have no personal preference for this tweak. Basically, you’ll enable/disable it based on your users’ needs.

Server Setup Part 9-D: Contact Manager

Our next step will be to update our Contact Manager.  The Contact Manager specifies where your server sends the various alerts presented in the diagrams below.

AIM/ICQ alerts are represented by the number 2, Email notification alerts are represented by the number 3, and Pager alerts are represented by the number 1.

There is no one set of alerts you should configure with your server, you can either accept the server defaults or use the following set which I personally recommend:

Account Creation 3
Account Removal 3
Account Suspensions 3
Account UnSuspensions 3
Account Upgrade/Downgrades 3
Apache Max Clients Check 3
Disk Integrity Check 3
IP Address DNS Check 3
Kernel Crash Check 3
Kernel Version Check 3
Recently Uploaded CGI Script Mail 3
Trojan Horse/File Modification Check 3



Tip:
You can use your mail client to respond accordingly to each incoming alert with a different mail filtering rule.

Server Setup Part 9-E: Update Preferences

Just as it sounds, in this section, you will be able to set your cPanel update preferences.
I highly recommend reading each, and every build type before setting your update preferences.  Click on the Change Update Preferences option to choose your update preferences as seen in the example below:

Cpanel/WHM Updates: Manual Updates Only (Stable Tree)
DarkORB Package Updates: Automatic
Security Package Updates: Automatic

Note:  In a production environment, I recommend choosing Manual Updates Only (STABLE tree).Manual Updates Only gives you full control over your cPanel updates, in contrary to Automatic Updates, where cPanel will automatically update its version whenever a new STABLE release is available.

Both DarkORB Package Updates, and Security Package Updates can be left with the default Automatic updates. Once you setup cPanel/WHM Updates to manual updates only (stable tree), you will have to manually run cPanel updates every time you wish to it to get updated.

Server Setup Part 9-F: Server Time

Click on the drop down box and choose your time zone.  Once you’re set, click on the Change TimeZone button followed by Sync Time with Time Server .



Server Setup Part 9-G: Modify Resolver Configuration
[Skip this part if you’ve already configured your resolver in the initial setup]

Modifying the resolver will ensure that your server hostname will be resolved whenever it is being addressed across the Internet. If your server acts as its own primary nameserver, you will have to specify it in the primary resolver as shown below.  Click on Modify Resolver Configuration followed by clicking the Continue button.

As you see fit, you can modify the secondary resolver and tertiary resolver.  I recommend using the hosting provider’s own nameservers.


Once you’ve typed it all in, click on Continue.


Server Setup Part 3-H: Initial Nameserver Setup

[Skip this part if you’ve already setup your nameservers in the initial setup]

If you’ve decided that you’re going to assign the role of DNS management to your server, click on the Initial Nameserver Setup option on the left frame of WHM (under Server Setup ), and click OK on the right frame to enable it.

Note: Do not enable the nameserver option unless you are actually going to use it.

Server Setup Part 9-I: Set MySQL Root Password

[Skip this part if you’ve already changed/set your password in the initial setup]

Note: Skip this part if you’ve already set your MySQL password in the initial setup .

It is very important that you change your MySQL root password when you initially setup your server. Click on Set MySQL Root Password and set your password to no less of 6 characters.

Note: I personally recommend using small letters, capital letters, numbers, and punctuation. Also make sure that your password is no less than 8 characters. A Strong Password Generator might be a good idea to use for various security reasons.

Server Setup Part 9-J: Change Root Password

Same as we did with the MySQL Root password, I highly recommend changing the root password which was given to you by your hosting provider.  Again, you might want to use the password generator and make sure your root password is no less than 6-8 characters.

Server Setup Part 9-K: Mail Manager

Setting your Mail Manager will allow you to receive email either from root, nobody, and/or mailman. To set up your Mail Manager click on the Change System Mail Preferences option.

As written in the notes, the root user generally receives emails regarding problems on your server, or regular server activity. I highly recommend setting a forwarder for the root user on your server.

The nobody user receives bounces messages from emails sent via CGI/PHP scripts (that is, if you’re not using the suexec). By default suexec is enabled by cPanel, so it is not crucial to set up a forwarder for the nobody user.

The mailman generally receives bounce messages from the mailman list software on your server. Set up a forwarder only if you intend of using and receiving bounced emails from the mailman mailing list on your server.

If you’re in doubt , simply fill up all the fields as shown in the snap below, then click on the Change button for every user field you’ve filled.

Part 10: Backup

As smart system administrator, you should know that backups are very crucial for your business. Most of us just skip ahead saying, “Nothing will ever happen to my server, I’m doing just fine.” Well…. wrong. Nothing is 100% secure, and thus, I highly recommend using a backup drive, and configuring backups on a regular basis. For the time being, use the following backup strategy as presented below (we will expand our Backup topic on another article). Keep in mind that you must have your drive mounted, and formatted. If you’re not certain on how it is supposed to be, contact your hosting provider, or read our article on Utilizing a Backup Solution for a cPanel Based Server.

Scroll down on the left frame of your WHM until you’ve reached the Backup section as seen on the left snap shot.

Click on Configure a Backup and follow the backup strategy shown below Once all is set, click on Save.

Part 11: Security

Our final stage will be to run a Quick Security Scan on your server, which in result will disable/shutdown any unnecessary services such as lpd (printer daemon), or console mouse services.

On your WHM left frame, scroll down until you reach the Security section as seen in the snap shot on the left.

Once there, click on the Quick Security Scan button.

cPanel will start running the security check, displaying its progress on the right frame of the WHM interface.  You should be looking at something like this:

cPanel will display and disable each and every service that is unnecessary by your system, thus closing another security hole in your server.

Add a Comment

Your email address will not be published. Required fields are marked *