Last updated on July 7th, 2024 at 01:48 pm.
Table of Contents
Prerequisite steps
1 Generate SSH Key on your local computer and add it to your cloud provider
Generate an SSH key and add it to your cloud provider for when you are deploying your server. Create a folder for storing the SSH Keys, and then generate the SSH keys of type ed25519. The keys below are named mynewsshkeys stored in ~/.ssh/myrockykeys.
mkdir -p ~/.ssh/myrockykeys
ssh-keygen -t ed25519 -f ~/.ssh/myrockykeys/mynewsshkeys
2 Log in via SSH, update and add packages
Log into your server like this with your ssh key:
ssh user@server-ip-address -i ~/.ssh/path-to-private-key
Then update your server and install perl, wget vim and other packages. Some of these may already be installed.
sudo dnf update -y && sudo dnf install -y epel-release
sudo dnf install -y perl curl wget vim screen
3 Change Server Hostname
Set hostname
hostnamectl set-hostname server.example.com
Next add the hostname in the /etc/hosts file as follows:
# Backup the original hosts file
sudo cp /etc/hosts /etc/hosts.bak
# Add new hostname entry in /etc/hosts file
echo '192.0.3.3 server.example.com server' | sudo tee -a /etc/hosts
4 Add the hostname to Cloudflare DNS
Here is a Cloudflare DNS tutorial video.
Add DNS records for the hostname on Cloudflare.
5 Create a swap file
Create a swap file in one command (change the size(4G) or name(mySwapfile) as needed):
sudo fallocate -l 4G /mySwapfile ; sudo chmod 600 /mySwapfile ; sudo mkswap /mySwapfile && sudo swapon /mySwapfile ; sudo sed -i '$a\/mySwapfile swap swap defaults 0 0' /etc/fstab
6 Disable SELinux
To disable SElinux open the /etc/selinux/config
file and change SElinux status to disabled: SELINUX=disabled
sudo vi /etc/selinux/config
#After editing and saving the file, reboot your server
sudo reboot
Disable the firewall before installation:
iptables-save > ~/firewall.rules
systemctl stop firewalld.service
systemctl disable firewalld.service
The firewall will be enabled later.
7 Finally install cPanel
To run a Screen session, enter the screen
command. If your SSH session gets unfortunately disconnected, SSH back in to your server and run the screen -r
command. This reconnects you to your previous Screen session.
screen
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
Log into Cpanel / WHM
#WHM
https://hostname.example.com:2087
#cPanel
https://hostname.example.com:2083
# Set password for root
passwd root
More from docs.
For your confirmation from the cPanel docs : https://docs.cpanel.net/installation-guide/system-requirements-rockylinux/
Post installation :
8 Rocky Linux Firewall Setup with Firewalld
RHEL based distros like rocky Linux use Firewalld as the firewall front end.
Cpanel ports are listed and documented here.
Install enable and start up firewalld, but it probably is already installed.
sudo dnf install firewalld -y && sudo systemctl enable --now firewalld
Configure Firewall rules for cpanel
/usr/local/cpanel/scripts/configure_firewall_for_cpanel
What is the state of the firewall, is it running or stopped?
sudo firewall-cmd --state
Check the current status of the firewall. What’s allowed?
sudo firewall-cmd --list-all
#Or just check the permanent rules
firewall-cmd --permanent --list-all
To list services that you can enable / allow through the firewall
firewall-cmd --get-services
To allow a specific service through the firewall :
firewall-cmd --permanent --add-service=http
# Allow multiple services
firewall-cmd --add-service={http,https}
How to add a specific port
sudo firewall-cmd --permanent --add-port=2053/tcp
# Add multiple ports
sudo firewall-cmd --permanent --add-port={80,8080,443}/tcp
#Add a port range
sudo firewall-cmd --permanent --add-port=2379-2385/tcp
List all the allowed ports:
sudo firewall-cmd --list-ports
To remove an allowed port:
sudo firewall-cmd --permanent --remove-port=2053/tcp
Reload Firewalld for the changes to take effect
sudo firewall-cmd --reload
9 Activate cPanel/WHM License
Activate the license on the WHM panel after logging in.
CPanel Server security
10 Install CSF (ConfigServer Security & Firewall)
CSF does not play together with Firewalld, so we have to disable Firewalld.
sudo systemctl stop firewalld && sudo systemctl disable firewalld
Then install CSF
cd /root && /
wget https://download.configserver.com/csf.tgz && /
tar -xzf csf.tgz && /
cd csf && /
./install.cpanel.sh
You can now setup CSF via the WHM interface here WHM » Home » Plugins » ConfigServer Security & Firewall.
11 Change SSH Port
Add the new SSH port to Firewalld and then edit the SSH config.
# Add to the ssh config file : Port 999
sudo vi /etc/ssh/sshd_config
In WHM, use CSF’s quick allow port to allow the above new SSH port.
How to log in with your new port
ssh user@server_ip -i ~/.ssh/path-to-private-key -p NewPortNumber
Add-on commands
These are commands I might need at some point during the video guide.
1. Editing SSH to only allow key based authentication for root
vi /etc/ssh/sshd_config.d/mysshconfig
#Add the following in the file
PermitRootLogin prohibit-password
2. Aliases for my benefit, add to .bashrc file of your user.
alias syd="systemctl reload"
alias syt="systemctl restart"
alias syp="systemctl stop"
alias de="dnf update"
alias dl="dnf install"
Discover more from Bizanosa
Subscribe to get the latest posts sent to your email.