Install cPanel Rocky Linux 9

Last updated on July 7th, 2024 at 01:48 pm.

Table of Contents

Prerequisite steps

1 Generate SSH Key on your local computer and add it to your cloud provider

Generate an SSH key and add it to your cloud provider for when you are deploying your server. Create a folder for storing the SSH Keys, and then generate the SSH keys of type ed25519. The keys below are named mynewsshkeys stored in ~/.ssh/myrockykeys.

mkdir -p ~/.ssh/myrockykeys

ssh-keygen -t ed25519 -f ~/.ssh/myrockykeys/mynewsshkeys

2 Log in via SSH, update and add packages

Log into your server like this with your ssh key:

ssh user@server-ip-address -i  ~/.ssh/path-to-private-key

Then update your server and install perl, wget vim and other packages. Some of these may already be installed.

sudo dnf update -y && sudo dnf install -y epel-release
sudo dnf install -y  perl curl wget vim screen

3 Change Server Hostname

Set hostname

hostnamectl set-hostname server.example.com

Next add the hostname in the /etc/hosts file as follows:

# Backup the original hosts file

sudo cp /etc/hosts /etc/hosts.bak

# Add new hostname entry in /etc/hosts file

echo '192.0.3.3 server.example.com server' | sudo tee -a /etc/hosts

4 Add the hostname to Cloudflare DNS

Here is a Cloudflare DNS tutorial video.

Add DNS records for the hostname on Cloudflare.

5 Create a swap file

Create a swap file in one command (change the size(4G) or name(mySwapfile) as needed):

sudo fallocate  -l  4G /mySwapfile ; sudo chmod 600 /mySwapfile ; sudo mkswap /mySwapfile && sudo swapon /mySwapfile ; sudo sed -i '$a\/mySwapfile  swap  swap  defaults 0 0' /etc/fstab

6 Disable SELinux

To disable SElinux open the /etc/selinux/config file and change SElinux status to disabled: SELINUX=disabled

sudo vi /etc/selinux/config

#After editing and saving the file, reboot your server

sudo reboot

Disable the firewall before installation:

iptables-save > ~/firewall.rules
systemctl stop firewalld.service
systemctl disable firewalld.service

The firewall will be enabled later.

7 Finally install cPanel

To run a Screen session, enter the screen command. If your SSH session gets unfortunately disconnected, SSH back in to your server and run the screen -r command. This reconnects you to your previous Screen session.

screen
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

Log into Cpanel / WHM

#WHM
https://hostname.example.com:2087

#cPanel
https://hostname.example.com:2083

# Set password for root
passwd root

More from docs.

For your confirmation from the cPanel docs : https://docs.cpanel.net/installation-guide/system-requirements-rockylinux/

Post installation :

8 Rocky Linux Firewall Setup with Firewalld

RHEL based distros like rocky Linux use Firewalld as the firewall front end.

Cpanel ports are listed and documented here.

Install enable and start up firewalld, but it probably is already installed.

sudo dnf install firewalld -y && sudo systemctl enable --now firewalld 

Configure Firewall rules for cpanel

/usr/local/cpanel/scripts/configure_firewall_for_cpanel

What is the state of the firewall, is it running or stopped?

sudo firewall-cmd --state

Check the current status of the firewall. What’s allowed?

sudo firewall-cmd --list-all

#Or just check the permanent rules
firewall-cmd --permanent --list-all

To list services that you can enable / allow through the firewall

firewall-cmd --get-services

To allow a specific service through the firewall :

firewall-cmd --permanent --add-service=http

# Allow multiple services
firewall-cmd --add-service={http,https}

How to add a specific port

sudo firewall-cmd --permanent --add-port=2053/tcp

# Add multiple ports
sudo firewall-cmd --permanent --add-port={80,8080,443}/tcp
#Add a port range
sudo firewall-cmd --permanent --add-port=2379-2385/tcp

List all the allowed ports:

sudo firewall-cmd --list-ports

To remove an allowed port:

sudo firewall-cmd --permanent --remove-port=2053/tcp

Reload Firewalld for the changes to take effect

sudo firewall-cmd --reload

9 Activate cPanel/WHM License

Activate the license on the WHM panel after logging in.

CPanel Server security

10 Install CSF (ConfigServer Security & Firewall)

CSF does not play together with Firewalld, so we have to disable Firewalld.

 sudo systemctl stop firewalld && sudo systemctl disable firewalld

Then install CSF

cd /root  && /
wget https://download.configserver.com/csf.tgz && /
tar -xzf csf.tgz && /
cd csf && /
./install.cpanel.sh

You can now setup CSF via the WHM interface here WHM » Home » Plugins » ConfigServer Security & Firewall.

11 Change SSH Port

Add the new SSH port to Firewalld and then edit the SSH config.


# Add to the ssh config file : Port 999
sudo vi /etc/ssh/sshd_config

In WHM, use CSF’s quick allow port to allow the above new SSH port.

How to log in with your new port

ssh user@server_ip  -i  ~/.ssh/path-to-private-key -p NewPortNumber

Add-on commands

These are commands I might need at some point during the video guide.

1. Editing SSH to only allow key based authentication for root

vi /etc/ssh/sshd_config.d/mysshconfig
#Add the following in the file
PermitRootLogin prohibit-password

2. Aliases for my benefit, add to .bashrc file of your user.

alias syd="systemctl reload"
alias syt="systemctl restart"
alias syp="systemctl stop"
alias de="dnf update"
alias dl="dnf install"

Discover more from Bizanosa

Subscribe to get the latest posts sent to your email.

Comment Here

Join this free course:

How to host multiple WordPress
websites on a VPS

Close me!