Category: Cpanel

  • CPanel SSL Renew on password protected site

    CPanel SSL Renew on password protected site

    We have a site where we host demo websites that we do for our customers. We don’t want search engines to index these sites or strangers to see them. So it is password protected. The problem is Cpanel Auto SSL needs to access URI like /.well-known/ for SSL domain validation. With password protection, SSL domain verification fails and you won’t be able to renew the SSL certificate.

    In this post, I am doing it for domain demo.hostonnet.com with Cpanel username hostond.

    cpanel password protected site ssl

    Redirect HTTP to HTTPS

    I want to force all buy SSL verification requests to get redirected to HTTPS. For this, i created a folder

    mkdir -p /etc/apache2/conf.d/userdata/std/2_4/hostond/demo.hostonnet.com/

    Now create a file

    vi /etc/apache2/conf.d/userdata/std/2_4/hostond/demo.hostonnet.com/force-ssl.conf

    Add following content to it.

    RewriteEngine On 
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

    This will redirect all requests that do not start with URI .well-known to HTTPS.

    Password Protect site

    Since HTTP only allows domain validation (pages inside folder .well-known) and redirects all other requests to HTTPS, we only need to password protect the HTTPS side of the website.

    First, create a directory

    mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/hostond/demo.hostonnet.com/

    Create file

    vi /etc/apache2/conf.d/userdata/ssl/2_4/hostond/demo.hostonnet.com/password.conf

    Add following content

    
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/demo-hon-htpaswd
    Require valid-user

    Setting Password

    HTTP Basic authentication password is stored in file /etc/apache2/demo-hon-htpaswd. To set password, use htpasswd command.

    To create a user, use

    htpasswd -c /etc/apache2/demo-hon-htpaswd admin

    This will create a user with the username “admin”. You will be asked to enter a password.

    Now restart apache

    systemctl restart httpd

    See Cpanel Server

  • Cpanel Mail Server

    To see the current mail server setup on the Cpanel server, run

    [root@server78 ~]# /scripts/setupmailserver --current
Current mailserver type: dovecot
Current storage format: maildir or mdbox
[root@server78 ~]#

    Cpanel Provide Following Mail servers

    SMTP: exim
POP/IMAP: courier, dovecot

    Roundcube mail logs in Cpanel

    tail -f /var/cpanel/roundcube/log/errors

    See exim mail server, Cpanel Server

  • How to Enable WordPress Toolkit in Cpanel/WHM

    How to Enable WordPress Toolkit in Cpanel/WHM

    WordPress Toolkit in Cpanel/WHM allows you to easily install and manage WordPress websites.

    To install WordPress Toolkit, log in to WHM as user root.

    Go to

    WHM > WHM Marketplace

    WordPress Toolkit WHMCS

    On the Next page, you have the option to install WordPress Toolkit.

    Install wordpress toolkit on cpanel server

    Methood 2: Usuing command line

    To install WordPress Toolkit in Cpanel server, login to SSH as user root, then run the following command.

    curl https://wp-toolkit.plesk.com/cPanel/installer.sh | sh

    After installation, you will be able to see WordPress Toolkit in CPanel.

    WordPress Toolkit CPanel

    You can enable/disable WordPress toolkit under Feature Manager in WHM.

    WHM > Packages > Feature Manager

    WordPress Toolkit WHM Feature Manager

    How to install WordPress using WordPress Toolkit

    This video will show how to install WordPress using WordPress Toolkit in Cpanel Server.

    Uninstall WordPress Toolkit

    If you want to remove WordPress Toolkit, run

    rpm -e wp-toolkit-cpanel

    See Cpanel Server, WordPress

  • Check if Cpanel Server need reboot from command line

    To check if Cpanel/WHM server need reboot from command line, run

    whmapi1 system_needs_reboot

    Example

    On a server with latest kernal

    [root@ns522466 ~]# whmapi1 system_needs_reboot
--- 
data: 
  details: {}

  needs_reboot: 0
metadata: 
  command: system_needs_reboot
  reason: OK
  result: 1
  version: 1
[root@ns522466 ~]#

    On a server that need reboot

    [root@server22 ~]# whmapi1 system_needs_reboot
--- 
data: 
  details: 
    kernel: 
      boot_version: 3.10.0-962.3.2.lve1.5.42.el7.x86_64
      running_version: 3.10.0-962.3.2.lve1.5.39.el7.x86_64
    updates: 
      glibc: 2.17-323.el7_9
      linux-firmware: 20200421-80.git78c0348.el7_9
      openssl-libs: 1:1.0.2k-21.el7_9
  needs_reboot: 1
metadata: 
  command: system_needs_reboot
  reason: OK
  result: 1
  version: 1
[root@server22 ~]#

    See Getting WHM Access from SSH on Cpanel Server

  • Roundcube Webmail Logs in Cpanel Server

    Roundcube logs that are located at the following paths:

    /var/cpanel/roundcube/log/errors
/var/cpanel/roundcube/log/sendmail

    Cpanel roundcube logs

    /var/cpanel/roundcube/log/sendmail have logs for every email sent.

    See Cpanel

  • How to Disable Mailman in cPanel?

    How to Disable Mailman in cPanel?

    Mailman is a mailing list management software that comes by default on Cpanel Servers. Most websites don’t need this feature. Most small sites don’t need email discussion features provided by Mailman, mostly used by large scale open-source software for email discussion.

    To disable Mailman, login to WHM

    Method 1

    In WHM, search for “service manager”, click on “Service Manager” link. On next page, make sure checkboxs right side of Mailman is not checked.

    WHM Cpanel Service Manager

    Method 2

    Go to

    WHM > Server Configuration > Tweak Settings

    Search for mailman.

    Cpanel/WHM disable mailman

    Set value for “Enable Mailman mailing lists” to Off. Scroll down, click the “Save” button.

    See Cpanel Server, Cpanel Server Setup

  • Disable cPHulk Brute Force Protection

    Disable cPHulk Brute Force Protection

    Cpanel Servers have a bruceforce attack detection module called cPHulk Brute Force Protection. In case your server have another bruteforce detection software like ConfigServer Security & Firewall, you may need to disable cPHulk Brute Force Protection as you don’t need 2 software for same purpose running on the server.

    To disable cPHulk Brute Force Protection, run

    /usr/local/cpanel/bin/cphulk_pam_ctl --disable

    You can also use

    https://SERVER_IP:2087/scripts2/doautofixer?autofix=disable_cphulkd

    Or login to WHM, Go to 

    WHM Home > Security Center > cPHulk Brute Force Protection

    click OFF button to disable cPHulk.

    disable cPHulk

  • Modify Apache Virtual Host for a site in Cpanel Server

    On Cpanel server Apache configuration file get recreated every time you modify or add a new web site. In cause you need to modify VirtualHost entry for a web site hosted in cpanel, you should not edit /etc/apache2/conf/httpd.conf file.

    If you open /etc/apache2/conf/httpd.conf and check virtual host entry for a web site, you will see line like

    # Include "/etc/apache2/conf.d/userdata/std/2_4/USERNAME/DOMAINNAME/*.conf"
# Include "/etc/apache2/conf.d/userdata/ssl/2_4/USERNAME/DOMAINNAME/*.conf"

    in non-ssl and ssl virtual host entry for a domain. To modify virtual host entry, you need to create the folder, then create a file with extension .conf

    Then rebuilt httpd.conf by running

    /usr/local/cpanel/scripts/rebuildhttpdconf

    During rebuild, the script will check for the conf file, if found the line get uncommented (remove # from beginning of Include line).

    For a web site, i need to protect it with password. This is a feature available in cpanel, but i want it done on server side, so no one accidently make this site public by deleting .htacess.

    To do this, i created folders

    mkdir -p /etc/apache2/conf.d/userdata/std/2_4/serverok/demo.serverok.in/
mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/serverok/demo.serverok.in/

    In this cause, cpanel user name is “serverok” and the web site url is demo.serverok.in

    I created .conf file in both folders

    vi /etc/apache2/conf.d/userdata/std/2_4/serverok/demo.serverok.in/password.conf
vi /etc/apache2/conf.d/userdata/ssl/2_4/serverok/demo.serverok.in/password.conf

    Add content

    
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/serverok-htpaswd
    Require valid-user


Now rebuild httpd.conf with


    /usr/local/cpanel/scripts/rebuildhttpdconf

    

    Restart Apache with
    

    systemctl restart httpd

    

    Now when i visit the web site, it ask for password. We have not yet created password file, so create it with
    

    htpasswd -b -c /etc/apache2/serverok-htpaswd USERNAME_HERE PASSWORD_HERE

    

    See Cpanel Server, Apache

  • Configure Cpanel Server service using whmapi1

    To disable monitoring of MySQL service, run

    whmapi1 configureservice service=mysql enabled=1 monitored=0

    This wil prevent MySQL service get auto started.

    To enable Monitoring for MySQL service, run

    whmapi1 configureservice service=mysql enabled=1 monitored=1

    If you want to disable a service, change enabled=1 to enabled=0

    See whmapi1

  • Cpanel Server Setup

    Configure Service Manager

    * disable eximstats. It use mysql to store log, better disable it. WHM > Service Manger > Eximstats = DISABLE

    FTP Server Config (pureftpd)

    * FTP Server Configuration > TLS Encryption Support = Disabled
    * FTP Server Configuration > Allow Anonymous Logins = No
    * FTP Server Configuration > Allow Anonymous Uploads = No
    * FTP Server Configuration > Allow Logins with Root Password = No

    Security Center Configuration

    * WHM > Security Center > Apache mod_userdir Tweak = ENABLE
    * WHM > Security Center > Compiler Access = DISABLE
    * WHM > Security Center > PHP open_basedir Tweak = ENABLE
    * WHM > Security Center > Manage External Authentications > Configure = ALL OFF
    * WHM > Security Center > Shell Fork Bomb Protection = ENABLE
    * WHM > Security Center > SSH Password Authorization Tweak = DISABLED
    * WHM > Security Center > cPHulk Brute Force Protection = DISABLE (use CSF)

    Service Configuration

    * Service Configuration > cPanel log rotation configuration
    * home > service configuration > exim configuration manger > Scan outgoing messages for spam and reject based on spamassassin® internal spam_score setting [?] on

    Other Settings

    * change main shared ip – home »server configuration »basic cPanel & whm setup
    * add new ip address – home »ip functions »add a new ip address ( 192.168.4.128-255 format)
    * home »server configuration »Basic cPanel & whm Setup
    * home »server configuration »tweak settings

    * home »service configuration »exim configuration manger
    * home »service configuration »php configuration editor
    * home »system health »background process killer
    * main >> backup >> configure Backup
    * home »software »easyapache (apache update) Suphp enable on easyapache
    * plugins >> configserver security and firewall

    See Cpanel Server

  • Cpanel Statistics Software Configuration

    Cpanel Statistics Software Configuration

    Cpanel provide 3 different Statistics programs (Analog, AWStats and Webalizer). Enabling all 3 is not required as it use more CPU and do same task. AWStats is best out of the 3. Most users will be happy with just Awstats.

    With better stats like Google Analytics, even Awstats is not required.

    So i only enable Awstats, disable other 2.

    Cpanel Statistics Software Configuration

    See Cpanel Server Setup

  • powerdns cpanel

    # service pdns status
25512: Child running on pid 25514
#

    PowerDNS Process

    # ps aux | grep pdns
root     25512  0.0  0.0 111124  3264 ?        Ssl  15:53   0:00 /usr/sbin/pdns_server --daemon --guardian=yes
named    25514  0.0  0.1 417752  7668 ?        Sl   15:53   0:00 /usr/sbin/pdns_server-instance --daemon --guardian=yes
#

    PowerDNS Config File

    vi /etc/pdns/pdns.conf