This guide walks you through the installation process for installing cPanel on AlmaLinux 8 or 9. You’ll learn to set up, configure, and secure a robust hosting environment using a step-by-step approach. Whether you’re a beginner or an experienced administrator, this resource ensures a smooth installation process and offers tips for resolving common issues.
What is cPanel?
cPanel is one of the industry’s most widely used web hosting control panels. It provides a graphical interface that simplifies server management, allowing users to handle complex tasks easily. Through cPanel, users can manage websites, email accounts, file transfers, databases, and security settings without needing advanced technical skills. It’s particularly favored for its ease of use, robust functionality, and a suite of automation tools that simplify server management tasks. For hosting providers, cPanel is a critical tool for offering user-friendly services to their customers.
Why install cPanel on AlmaLinux 8/9?
AlmaLinux is a community-driven enterprise Linux distribution designed to replace CentOS directly. It offers the same level of stability and performance while providing long-term support and regular updates. AlmaLinux ensures compatibility with various applications, including cPanel, for hosting environments. Choosing AlmaLinux 8 or 9 means you’re working with a secure, scalable, and reliable operating system that meets the demands of modern web hosting. With extended lifecycle support, AlmaLinux is ideal for building reliable server infrastructure.
Requirements
Before starting the installation process, make sure your server meets the minimum requirements. You’ll need a VPS or dedicated server running AlmaLinux 8 or 9 with at least 2 GB of RAM, though 4 GB or more is recommended for optimal performance. Your server should also have at least 20 GB of free storage. Root access is necessary for running installation commands, and you must have a valid cPanel license. Lastly, ensure your server has a fully qualified domain name (FQDN) configured, as it’s required to set up the cPanel environment.
2. Preparing Your Server
Updating System Packages
Updating your server’s packages is critical to confirm stability, compatibility, and security. Begin by updating all system packages with the following command:
sudo dnf update -y
sudo dnf upgrade -y
This will fetch and install the latest software versions from AlmaLinux’s repositories. Updating the system reduces the risk of compatibility issues during the cPanel installation. After the update process completes, reboot the server to apply changes:
sudo reboot
This keeps the server up-to-date.
Setting the Hostname
Setting the hostname is a critical step that often needs to be noticed. A proper hostname is required for cPanel to function correctly and ensure smooth DNS resolution. To set an FQDN, use the following command:
sudo hostnamectl set-hostname server.yourdomain.com
Replace server.yourdomain.com with your actual FQDN.
You can verify that the hostname is set correctly by running:
hostnamectl
Additionally, edit the /etc/hosts file to map your hostname to the server’s IP address. Open the file with a Text editor:
sudo nano /etc/hosts
Add a line like this:
127.0.0.1 server.yourdomain.com server
This step ensures that your hostname is resolved correctly within the server environment.
3. Installing cPanel on AlmaLinux
Installing Perl
Perl is a prerequisite for cPanel installation, as several scripts rely on it. To install Perl, run:
sudo dnf install perl -y
This command ensures that the latest Perl version is installed on your server. Without Perl, the cPanel installation script will not execute properly, resulting in errors.
Once Perl is installed, you can proceed to the next step.
Downloading the cPanel Installer
The cPanel installer must be downloaded directly from the official source. Change to the /home directory and download the installer using curl:
cd /home
curl -o latest -L https://securedownloads.cpanel.net/latest
The curl command fetches the latest version of the installer, ensuring you have an up-to-date script.
Running the Installation Script
Run the downloaded installer script to begin the installation process:
sh latest
The installer script will also identify your server environment, set up some components, and download cPanel files.
The installation process may take 30 to 60 minutes, depending on the server and the internet connection. At this time, watch for errors, or a warning sign is given. If any problems arise, information is available at /var/log/cpanel-install.log.
4. Post-Installation Steps
Accessing WHM
After installation, cPanel’s Web Host Manager (WHM) interface will be available for configuration. Access WHM through your browser by navigating to:
https://your-server-ip:2087
Log in with root credentials. If you have trouble accessing WHM, ensure the firewall allows traffic on port 2087.
Completing the Initial Setup Wizard
Upon your first login to WHM, The Setup Wizard will guide you. Here are the steps:
- To begin the WHM setup process, use the EULA, which outlines the terms and conditions for using WHM and cPanel. Once you’ve understood the terms, check the box to accept the agreement. This step is mandatory to proceed with configuring your server through the setup wizard.
- A valid email address on which we receive notifications regarding the server is essential in managing the server. This email will receive important information, notifications, and messages regarding the function and status of the servers in terms of security and resource utilization. Ensure that the address is checked often so that any problems or changes that should come to your notice are dealt with immediately.
- Setting the default nameservers on your server is essential when configuring DNS. Nameservers translate domain names to IP addresses, helping internet users access your websites. In WHM, enter the nameservers your hosting provider sent you or set up your own. This makes it easy to correct domain resolution and indicates the proper connectivity for your hosted services.
- Defining a single IP address is crucial when hosting various accounts on a single server that utilizes the same IP. In WHM, multiple IPs are allocated to accounts that do not have a dedicated IP address. Multiple IPs are cheaper than dedicated IPs and suitable for organizations that require a reasonable distribution of resources needed for connectivity to hosted domains.
Following the wizard, ensure your server is correctly configured and ready for production use.
Configuring DNS
Proper DNS configuration is essential for checking that your domains point to the correct IP address. In WHM, navigate to DNS Functions, where you can add DNS records for your server. Create “A” records for your hostname and nameservers, linking them to your server’s IP address.
This setup allows you to manage DNS zones for your hosted domains easily.
5. Securing Your cPanel Installation
Setting Up a Firewall
A firewall is critical for protecting your cPanel server from unauthorized access and potential threats. Use the Firewalld tool for efficient management:
sudo dnf install firewalld -y
To install the firewall package. This makes sure that you have the necessary software for network security.
sudo systemctl enable firewalld
To configure the firewall to start automatically whenever the server reboots. This ensures consistent protection for your server by maintaining active security measures at all times, preventing unauthorized access, and reducing vulnerabilities from unprotected periods during system restarts.
sudo systemctl start firewalld
This ensures your server is immediately protected against unauthorized access by initiating the firewall service. Starting the firewall promptly safeguards your system while you proceed with other configurations or increase security.
Allow important cPanel ports for proper functionality:
sudo firewall-cmd --permanent --add-service=http
This command will allow permanent passage of the HTTP service through the firewall so that your server will accept web connections on port 80. For example, it is required by the hosting sites and other HTTP content that is not encrypted. It remains as such even after the instance has been rebooted, giving you uninterrupted access to the hosted websites.
sudo firewall-cmd --permanent --add-service=https
Prepending this command permanently adds https traffic and makes port 443 available for encrypted communication. Regarding the third argument, it is essential to note that session configurations for safe data exchange, such as login credentials or transactions, can be damaged, and your server loses the ability to work with SSL/TLS connections.
sudo firewall-cmd --permanent --add-port=2087/tcp
This command opens port 2087 permanently for TCP traffic, facilitating secure access to WHM (Web Host Manager). WHM provides administrative control for managing server configurations and hosting accounts. Ensuring this port is open allows uninterrupted remote management of your cPanel server.
sudo firewall-cmd --permanent --add-port=2083/tcp
This command alters the system’s setting where port number 2083 is opened to the TCP to enable a safe connection with the cPanel interface. It helps users view their hosting accounts, establish domains, and monitor the resources used. In addition, it assists in achieving the maximum reliability of access while the server is being rebooted.
sudo firewall-cmd --reload
The reload command on the firewall triggers the changes in the rules to be immediately put into practice. This is done to reload new configuration changes, such as adding new services and opening ports on the server without restarting. It makes continuous connections with the servers while changing the firewall settings.
This configuration blocks unnecessary traffic while keeping critical services accessible.
Enabling AutoSSL
AutoSSL automates SSL certificate provisioning, securing your domains with HTTPS. In WHM, go to SSL/TLS » Manage AutoSSL, and select “cPanel (powered by Sectigo)” as the provider.
Run AutoSSL for your domains to apply SSL certificates. This process increases security and improves search engine rankings by enabling HTTPS.
Updating cPanel and AlmaLinux
Regular updates ensure your server and control panel remain secure and feature-rich. Update your system packages with the following:
sudo dnf update -y
Update cPanel using its built-in update script:
/usr/local/cpanel/scripts/upcp
Keeping everything up-to-date minimizes vulnerabilities and makes sure of optimal performance.
6. How to Install and use ConfigServer Security & Firewall (CSF) on the VPS
ConfigServer Security & Firewall, or CSF, is a powerful application and tool designed for Linux-based servers, particularly for the cPanel & WHM hosting servers. Others include a stateful packet inspection (SPI) firewall, intrusion detection, and login tracking. With CSF, server administrators gain robust tools for protecting their hosting environments from unauthorized access and malicious activities.
Here’s a Step-by-Step Guide to CSF on cPanel & WHM.
What is CSF and Why Use It?
CSF is not just a firewall; it’s a complete security suite designed to safeguard servers. Key features include:
- Firewall Protection: Blocks unwanted traffic while allowing necessary services.
- Intrusion Detection: Monitors server activities and responds to potential threats.
- Login Tracking: Tracks login attempts and locks out malicious IP addresses.
- Email Alerts: Sends notifications for suspicious activity or security breaches.
- Integration with WHM: Provides an easy-to-use interface within cPanel/WHM for configuration and monitoring.
CSF is highly recommended for cPanel and WHM users because it integrates seamlessly, enhances security, and is easy to manage.
Requirements for Installing CSF
Before proceeding, ensure the following:
- Root Access: You must have root-level access to your server via SSH.
- cPanel Installed: cPanel & WHM should already be installed on your server.
- System Updates: Ensure your server is up-to-date with all system updates to avoid compatibility issues.
Run these commands to update your server:
sudo dnf update -y
This keeps the server up-to-date.
Step 1: Log In to Your Server
Start by logging in as root. This will give you the permissions necessary to install and configure software.
Step 2: Navigate to the Root Directory
Change to the /root directory, where you will download and install the CSF package. Use the following command:
cd /root
This is the root user’s default working directory, ensuring that all downloaded files can be easily located and managed.
Step 3: Download the CSF Package
Download the latest version of CSF from its official source using the wget command:
wget https://download.configserver.com/csf.tgz
This command fetches the compressed package (csf.tgz) and saves it to your current directory.
Step 4: Extract the CSF Package
Once the download is complete, extract the contents of the package with the tar command:
tar -xzf csf.tgz
This creates a directory named csf that contains all the files required for installation.
Step 5: Install CSF
Change to the newly created CSF directory:
cd csf
Run the installation script tailored for cPanel & WHM environments:
sh install.cpanel.sh
This script configures CSF to integrate easily with cPanel. The installation is quick and automatic.
Step 6: Configure CSF
After installation, CSF runs in testing mode by default. Testing mode prevents the firewall from blocking traffic, allowing you to verify the configuration without disrupting services.
To configure CSF:
Access the CSF Interface in WHM:
- Login to WHM.
- Navigate to Plugins » ConfigServer Security & Firewall.
Disable Testing Mode:
- In the CSF settings, locate the TESTING option.
- Change its value from 1 to 0.
- Click the Change button to save your configuration.
Allow Necessary Ports:
- Edit the list of allowed ports under the “Firewall Configuration” section.
- Include important cPanel & WHM ports such as:
- 2087 (WHM secure port)
- 2083 (cPanel secure port)
- 80 (HTTP)
- 443 (HTTPS)
Apply the Changes:
- Restart CSF to activate your configuration:
csf -r
Step 7: Remove Conflicting Utilities
CSF is incompatible with certain firewall utilities, such as Firewalld. To avoid conflicts, remove Firewalld from your server:
yum remove firewalld
This step allows CSF to run in the background and leaves them with complete control of the server’s configuration.
Step 8: Enable Advanced Security Features
CSF comes with additional tools that enhance server security:
Login Failure Daemon (LFD):
- Monitors login attempts.
- Automatically blocks IPs that exceed the allowed login failures.
Intrusion Detection:
- Detects and blocks shared server exploits and attacks.
Email Notifications:
- Set up CSF to send alerts for events like:
- Unauthorized access attempts.
- New root logins.
- High server load.
These features provide real-time protection and notification, promptly addressing potential threats.
Step 9: Integrate Additional ConfigServer Tools
To further enhance functionality, consider using ConfigServer Mail Queues (CMQ), an add-on that provides a detailed interface for managing Exim mail queues in WHM. This tool is handy for troubleshooting email delivery issues. For more information, visit the ConfigServer CMQ website.
Best Practices for CSF Management
Regular Updates:
Keep CSF updated to benefit from the latest security patches and features. Run:
csf -u
Audit Logs:
Periodically review CSF logs for any unusual activity.
Adjust Firewall Rules:
- As your hosting needs change, update the allowed ports and services list.
10. Troubleshooting Common Issues
Installation Errors
If cPanel was not installed successfully, the log file will be at /var-log/cpanel-install.log. The general causes of failure are inadequate server resources, network connectivity failure, or missing dependencies. Just check that your server satisfies all the requirements, and maybe try rerunning the installer.
Network and DNS Issues
If domains don’t resolve correctly, check your DNS configuration. Use the dig command to verify DNS records:
dig +short yourdomain.com
The command checks the status of the DNS for your domain. It retrieves the associated IP address in a basic format, which helps confirm that you have set the DNS setting to your server appropriately. This is principally impacting the proper running of websites and services.
Restart the network service if necessary:
sudo systemctl restart network
This command helps to reset the network service on your server. This is useful when one or the other change has been made to the network configuration or DNS servers. It can help to fix the connection problem and let the server run under the newest network settings.
Proper DNS setup is crucial for smooth server operation.
Licensing Problems
If you face licensing issues, make sure your cPanel license is active. Activate your license by running the following:
/usr/local/cpanel/cpkeyclt
This command sends or updates your cPanel license by talking to the cPanel licensing server. It helps guarantee that your cPanel is correctly licensed so that you will have full summary and control of administrative and hosting elements without disruptions. Running this command is necessary if you face licensing errors.
To check the status of your server license, go to the official cPanel License Verification page. Then, go to your server and type in the license check to validate the license. This step allows your cPanel installation to follow the licensing laws and eliminate problems associated with them.
11. Conclusion
You’ve successfully installed and set up cPanel on AlmaLinux OS 8 or AlmaLinux OS 9. Your server is now online. It also takes care of email and DNS. Use this again regularly to ensure the hosting environment remains up-to-date, backed up, and secure. That way, you backed up your web hosting requirements with cPanel and AlmaLinux as your most worthy building blocks.
About the writer
Vinayak Baranwal wrote this article. Use the provided link to connect with Vinayak on LinkedIn for more insightful content or collaboration opportunities.