-
Notifications
You must be signed in to change notification settings - Fork 13
/
cpanel-server-setup.txt
145 lines (93 loc) · 4.6 KB
/
cpanel-server-setup.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
VERIFY PARTITION (/ should be atleast 100 GB if /usr and /var is not on its own)
df -h
/ = 120 GB
/home = grow
swap = 8 GB
yum -y install git
cd /root
git clone https://github.com/serverok/server-setup/
cd ~/server-setup
./centos/basic.sh
/root/server-setup/benchmark/geekbench-6.sh
curl -s k.serverok.in/k | bash
-----------------------------------------------------
Convert Cpanel to Cloudlinx
-----------------------------------------------------
wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k <activation_key>
If IP based license
sh cldeploy -i
/usr/sbin/rhnreg_ks --activationkey=88804-CLN-c63946aca45d09add03c0a4395e368de --force
# if CloudLinux
bash /root/server-setup/secure-sysctl.sh
-----------------------------------------------------
/root/server-setup/ssh-keygen.sh
/root/server-setup/secure-ssh.sh
tmux
https://support.cpanel.net/hc/en-us/articles/360052635434-How-to-customize-the-version-of-MySQL-or-MariaDB-used-when-installing-cPanel-for-the-first-time
mkdir /root/cpanel_profile
echo "mysql-version=10.6" > /root/cpanel_profile/cpanel.config
echo "mysql-version=8.0" > /root/cpanel_profile/cpanel.config
bash /root/server-setup/cpanel/install.sh
bash /root/server-setup/cpanel/config.sh
# reboot to cloud linux kernal
bash /root/server-setup/cloudlinux.sh
On CentOS server
* Home > Software > EasyApache 4 > All PHP Options + OpCache
On CloudLinux
Home > Software > EasyApache 4 > PHP Modules
Provision = CloudLinux + All PHP Options + OpCache
Enable lsapi => https://www.serverok.in/cloudlinux-php-lsapi
/usr/bin/switch_mod_lsapi --enable-global
Home > Software > MultiPHP Manager
System PHP Version = PHP 7.3 (ea-php73)
System PHP-FPM Status = OFF
bash /root/server-setup/install/update-php-ini.sh
curl -sL https://gist.github.com/serverok/8fbcbda5f8fb578cf4a9a5ac5667d1da/raw > /var/cpanel/killproc.conf
cat /var/cpanel/killproc.conf
install firewall
bash /root/server-setup/csf-config.sh
/root/server-setup/maldet-install.sh
sed -i 's/email_alert="0"/email_alert="1"/g' /usr/local/maldetect/conf.maldet
sed -i 's/email_addr="[email protected]"/email_addr="[email protected]"/g' /usr/local/maldetect/conf.maldet
# Cpanel default page for HostOnNet servers ONLY.
# ONLY DO THIS AFTER ALL SITES MOVED.
# On s46, when we move, sites get index.html copied, that means live site started showing index.html, i deleted it with
# find /home -name 'index.html' -exec grep 'https://www.hostonnet.com/cpanel3-skel/style.css' {} \; -print | grep "/home"
mkdir -p /root/cpanel3-skel/public_html/
cp /root/server-setup/data/cpanel3-skel/index.html /root/cpanel3-skel/public_html/index.html
/bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"[email protected]\"/g" /etc/csf/csf.conf
/bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"[email protected]\"/g" /etc/csf/csf.conf
cat /var/cpanel/backups/config
whmapi1 enable_monitor_all_enabled_services
* Limit SSH access to our IP
* Home »Service Configuration » Service Manager => disable Mailman
* WHM > Security Center > Apache mod_userdir Tweak = ENABLE
* WHM > Security Center > Compiler Access = DISABLE
* Home »Security Center » Configure Security Policies > Password Age = 90
* Home »Security Center » ModSecurity™ Vendors »Manage Vendors => enable OSASP
* WHM > Security Center > Shell Fork Bomb Protection = ENABLE
* WHM > Security Center > cPHulk Brute Force Protection = DISABLE (use CSF)
* Home »Service Configuration » cPanel Log Rotation Configuration
* Home »Service Configuration » Exim Configuration Manager > Apache SpamAssassin™ Options > Scan outgoing messages for spam and reject based on defined Apache SpamAssassin = 4.5
* Home »Service Configuration » Exim Configuration Manager > Apache SpamAssassin™ Options > Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score = 4.5
* Home > Service Configuration > Exim Configuration Manager > RBL
RBL: bl.spamcop.net = ON
RBL: zen.spamhaus.org = ON
* main >> backup >> configure Backup
* Home > Software > MultiPHP Manager > PHP Handlers = suphp
* Home > Plugins > ConfigServer Security & Firewall
wget https://raw.githubusercontent.com/serverok/server-setup/master/cpanel/php-ini-secure.sh
bash php-ini-secure.sh
cd /
rm -f engintron.sh
wget --no-check-certificate https://raw.githubusercontent.com/engintron/engintron/master/engintron.sh
bash engintron.sh install
cd /home/boby/www/projects/server-setup/ssh-hosts-allow
Add entry for new server
vi update-servers.sh
./update-servers.sh
cd /home/boby/www/projects/honcpanel/hosting_plans
./get_latest.sh
./update_servers.sh
/usr/local/cpanel/scripts/check_security_advice_changes