Tag: cpanel

How to stop all services on a cpanel server

To stop all services on a cPanel server, you can follow commands in the command line interface.

systemctl stop tailwatchd.service
systemctl stop dnsadmin.service
systemctl stop sw-engine.service
systemctl stop dovecot
systemctl stop exim
systemctl stop named
systemctl stop pure-ftpd
systemctl stop cpdavd
systemctl stop cpanel
systemctl stop spamd
systemctl stop jetmongod.service
systemctl stop cphulkd.service
systemctl stop mysqld.service
systemctl stop cpanel_php_fpm.service
systemctl stop ea-php83-php-fpm.service
systemctl stop ea-php82-php-fpm.service
systemctl stop ea-php80-php-fpm.service
systemctl stop ea-php74-php-fpm.service
systemctl stop ea-php73-php-fpm.service
systemctl stop crond
systemctl stop chronyd.service
systemctl stop cpanellogd.service
systemctl stop wp-toolkit-background-tasks.service
systemctl stop wp-toolkit-scheduled-tasks.service
systemctl stop rngd.service

Back to Cpanel Server

November 13, 2024

Install Memcached on cPanel Server
Login to WHM as user root, go to Terminal or login to SSH as user root. Then run the command
```
yum install memcached
```
Enable memcached to start on boot.
```
systemctl enable memcached
```
Configure memcached

Default configuration on AlmaLinux 9 look like the following
```
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"
```
edit configuration file
```
vi /etc/sysconfig/memcached
```
Lets change cache size to 128 mb

Find
```
CACHESIZE="64"
```
Replace 64 with 128

In AlmaLinux 9, memcached only listen on loop back interface IP address (127.0.0.1,::1). If your configuation don’t restrict memcache to listen to 127.0.0.1, change your options line as follows.
```
OPTIONS="-l 127.0.0.1 -U 0"
```
This will restrict memcached to listen on IP address 127.0.0.1 and -U 0 disable UDP. This is done to protect memcachd installation from attacks.

Restart memcached with
```
systemctl restart memcached
```
To verify memcached is running, run
```
[root@server1 ~]# netstat  -lntp | grep memc
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2224258/memcached   
[root@server1 ~]# 
```
We have memcached listening on 127.0.0.1:11211

Now we have memcached deamon running. We need PHP module installed.

Installing memcached PHP module

To list all available memcached PHP module, run
```
yum search php-memcached
```
To install memcache module for PHP 8.2, run
```
yum install -y ea-php82-php-memcached
```
For PHP 8.0, install package ea-php80-php-memcached, similarly, for PHP 8.1 install ea-php81-php-memcached.

If you use CloudLinux PHP selector, memcached is already installed on the system. You can enable the module using PHP Selector.

Back to memcached
December 19, 2023
Cloudflare Restore Real IP Address in Cpanel Server
When using Cloudflare, website visitors visit the Cloudflare CDN server configured as a reverse proxy server. Cloudflare CDN server fetches pages from your web server and caches them for a while, serving them to subsequent visitors. Your web application may report Cloudflare CDN server IP ad visitor IP as all requests to your website are coming from Cloudflare CDN. This can be a problem when you have an e-commerce website where you need to check visitor IPs to detect fraud signups/orders.

To restore the original visitor IP for visitors on cPanel Server running the Apache web server, you can use mod_remoteip. You can install mod_remoteip in WHM > EasyApache 4 > Apache Modules

You can also install mod_remoteip using command line
```
dnf install ea-apache24-mod_remoteip
```
Login to SSH as user root or WHM > Terminal, then edit the file
```
vi /etc/apache2/conf.modules.d/370_mod_remoteip.conf 
```
At end of the file, add
```
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
```
You can find Cloudflare IP address at

https://www.cloudflare.com/ips/

Restart Apache
```
systemctl restart httpd
```
Back to Cloudflare
April 24, 2023
How to Migrate CentOS 7 cPanel Server to Almalinux 8
CentOS Linux was discontinued at the end of 2021 in favor of CentOS Stream. CentoS 7 will continue to be supported through the remainder of the RHEL 7 life cycle, which will end on June 30, 2024. If you are using CentOS 7 server with cPanel, it is better to upgrade to AlmaLinux 8, which is a clone of RHEL 8 supported by cPanel.

cPanel provides an open-source script to upgrade your CentOS 7 installation to AlmaLinux.

https://github.com/cpanel/elevate

Download elevate-cpanel

To download elevate-cpanel, run
```
wget -O /scripts/elevate-cpanel https://raw.githubusercontent.com/cpanel/elevate/release/elevate-cpanel
chmod 700 /scripts/elevate-cpanel
```
Update the server
```
yum update
/scripts/upcp
```
Reboot the server
```
reboot
```
Check for upgrade blockers

You need to run this script to see if any software installed on your server is computable or not.
```
/scripts/elevate-cpanel --check --upgrade-to=almalinux
```
If there is no problem detected, you can run the upgrade script.

Upgrade to AlmaLinux 8

To upgrade to AlmaLinux, run
```
/scripts/elevate-cpanel --start --upgrade-to=almalinux
```
Server will auto restart during the upgrade process. Once it is finished, you will have AlmaLinux 8.

Back to Cpanel
March 24, 2023
How to Benchmark Cpanel server
Benchmarking a server helps to determine its performance score. By benchmarking a server, you can also compare its performance score with other servers. Benchmarking can also help identify any issues with the server that may be causing poor performance, such as faulty hardware or software.

To benchmark a Cpanel Server, I will use Geekbench 5.

Create a script
```
vi benchmark.sh
```
Add following content
```
whmapi1 configureservice service=cpsrvd enabled=1 monitored=0 > /dev/null 2>&1
whmapi1 configureservice service=mysql enabled=1 monitored=0 > /dev/null 2>&1
whmapi1 configureservice service=httpd enabled=1 monitored=0 > /dev/null 2>&1
/scripts/restartsrv_cpsrvd --stop > /dev/null 2>&1
/scripts/restartsrv_mysql --stop > /dev/null 2>&1
/scripts/restartsrv_httpd --stop > /dev/null 2>&1

wget -S https://raw.githubusercontent.com/serverok/server-setup/master/benchmark/geekbench-5.sh
bash ./geekbench-5.sh

/scripts/restartsrv_cpsrvd --start > /dev/null 2>&1
/scripts/restartsrv_mysql --start > /dev/null 2>&1
/scripts/restartsrv_httpd --start > /dev/null 2>&1
whmapi1 configureservice service=cpsrvd enabled=1 monitored=1 > /dev/null 2>&1
whmapi1 configureservice service=mysql enabled=1 monitored=1 > /dev/null 2>&1
whmapi1 configureservice service=httpd enabled=1 monitored=1 > /dev/null 2>&1

rm -f geekbench-5.sh
```
https://gist.github.com/serverok/83d6f79fc47d0060c72538c066849950

What the script will do is stop MySQL, Apache and Cpanel, then run the greekbench. After benchmarking is completed Apache, MySQL and Cpanel will be started.

To start the benchmark, run following command.
```
benchmark.sh
```
IMPORTANT: when you run benchmark, web server stop serving websites, so only do this when you have less visitors like night time or during server setup.

After the benchmark is finished, scroll up, you will see benchmark result like the following

You can find server benchmarks results i have taken at

https://browser.geekbench.com/user/55314

Back to Geekbench
January 5, 2023
How to Upgrade MySQL/MariaDB in WHM cPanel Server
cPanel server supports MySQL and MariaDB. In most cases MySQL and MariaDB are compatible, you will be fine with either of them.

Find current MySQL version

Before you upgrade, find out what version of MySQL or MariaDB you are using with the command
```
mysql --version
```
In this server, we have MariaDB 10.3.37.

You can note down the rpm files, so you know the exact RPMs names in case you need to revert back.
```
rpm -qa | egrep -i "(mysql|mariadb)" | grep -v php | grep -v alt
```
Backup MySQL database

Before upgrading MySQL take a backup of the MySQL folder.

Disable Monitoring for MySQL/MariaDB so it won’t auto start
```
whmapi1 configureservice service=mysql enabled=1 monitored=0
```
Stop MySQL
```
/scripts/restartsrv_mysql --stop
```
Take a copy of MySQL data directory
```
mkdir -p ~/mysql-backup
cp -r /var/lib/mysql/ ~/mysql-backup/
```
If you use a non-default MySQL data directory location, you may need to change the path /var/lib/mysql.

You can find the MySQL data directory with the command
```
root@server20 [~]# mysql -e "show variables like 'datadir';"
+---------------+-----------------+
| Variable_name | Value           |
+---------------+-----------------+
| datadir       | /var/lib/mysql/ |
+---------------+-----------------+
root@server20 [~]# 
```
Start MySQL
```
/scripts/restartsrv_mysql
```
Enable Monitoring
```
whmapi1 configureservice service=mysql enabled=1 monitored=1
```
Upgrade MySQL/MariaDB using WHM

Login to WHM as user root. Go to
```
WHM > SQL Services > MySQL/MariaDB Upgrade
```
You can also use the search box in WHM, and search for “MariaDB upgrade”.

On this page, select the MySQL or MariaDB version you need. Then click on the “Continue” button.

It will show some warnings related to MySQL/MariaDB changes. You need to check all check boxes, then click on the “Continue” button.

On this page, you get 2 options “Unattended Upgrade” and “Interactive Upgrade”. You can select any of it and click the “Continue” button to do the upgrade.

Back to cPanel Server
November 17, 2022
How to install PHP 7.4 mcrypt module in Cpanel Server
mcrypt is a PHP module, that was DEPRECATED in PHP 7.1.0, and REMOVED in PHP 7.2.0. mcrypt is removed from PHP, now it is available as a PECL module at

https://pecl.php.net/package/mcrypt

To install mcrypt on Cpanel Server, first, install libmcrypt-devel package with yum
```
yum install -y libmcrypt-devel
```
To install the module with PHP 7.4, run
```
/opt/cpanel/ea-php74/root/bin/pecl install mcrypt-1.0.5
```
After installation, you can verify from command line with
```
# /opt/cpanel/ea-php74/root/bin/php -m | grep mcrypt
mcrypt
# 
```
If you want to install with another PHP version, change ea-php74 with your PHP version.

After installing, restart Apache and php-fpm service
```
/scripts/restartsrv_apache
/scripts/restartsrv_apache_php_fpm
```
To verify, create a phpinfo() file on your website. Go to the URL, and search for mcrypt on the page. You will see

Back to Cpanel Server
October 29, 2022
How to prevent Symlink Attack on Cpanel Server

Symlink attack exploits the way Linux operating systems handle symbolic links (symlinks). A symlink is a pointer to another file or directory that is used by the operating system to access the linked file or directory. In a symlink attack, an attacker creates a symbolic link that points to a file or directory that the attacker does not have permission to access. When the web server attempts to access the linked file or directory, the attacker can gain access to it.

Symlink attacks can be used to gain access to sensitive data. On a Cpanel Server, hackers usually create a symlink to common configuration files used by popular CMS on other hosting accounts on the same server. With this hackers can get database credentials of other websites hosted on the server. Many CMS store user credentials in the MySQL database, and they will be able to change passwords and gain access to websites.

Solution 1: CloudLinux CageFS (Paid)

The best way to prevent a symlink attack on the Cpanel server is to use CloudLinux CageFS, this isolates each site into its own isolated areas, so one website’s files won’t be able to another site.

Solution 2: mod_ruid2

If you are not using CloudLinux, you can use the following method to protect against the symlink attack. mod_ruid2 is an Apache module, that can be enabled in EasyApache 4.

In WHM > Software > EasyApache 4, enable mod_ruid2.

Under WHM > Server Configuration > Tweak Settings, enable jail Apache

Go to WHM > Security Center > Security Advisor, and install KernelCare’s Free Symlink Protection.

If you enable SSH access for cPanel accounts, make sure it is “jailed Shell” under WHM > Account Functions > Manage Shell Access

Back to cPanel Server

September 17, 2022

Enable WebSocket in Cpanel Server with Nginx

On a Cpanel server, WebSocket server was running on port 8080. It worked fine with HTTP. After enabling HTTPS, it stopped working.

The website code had the following entry

var websocket_server = new WebSocket("ws://domain.com:8080");

This Cpanel server had ea-nginx (Nginx provided by Cpanel) installed.

To fix the error, I created a file

vi /etc/nginx/conf.d/ws-domain.com.conf

In the above, replace domain.com with the actual domain name.

Add following content

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream websocket {
    server 127.0.0.1:8080;
}

Create file

vi /etc/nginx/conf.d/users/CPANEL_USER/domain.com/wss.conf

Replace CPANEL_USER with the actual Cpanel user name for the website. domain.com with real domain name,

Add following

location /wsapp/ {
    proxy_pass http://websocket;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host;
}

Restart nginx

systemctl restart nginx

In your application code, find

var websocket_server = new WebSocket("ws://domain.com:8080");

Replace with

var websocket_server = new WebSocket("wss://domain.com/wsapp/NNN");

See Cpanel Server

June 8, 2022

Ubuntu Cpanel Can’t locate FindBin.pm in @INC

Cpanel control panel recently started supporting Ubuntu Operating System. Ubuntu support was announced after RedHat stopped supporting RHEL-based CentOS. When I install Cpanel on Ubuntu 20.04 server, I got the following error message

Can't locate FindBin.pm in @INC (you may need to install the FindBin module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.30.0 /usr/local/share/perl/5.30.0 /usr/lib/x86_64-linux-gnu/perl5/5.30 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.30 /usr/share/perl/5.30 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /home/cPanelInstall/selfgz1202/install line 12.
BEGIN failed--compilation aborted at /home/cPanelInstall/selfgz1202/install line 12.

To fix the error install package “libfindbin-libs-perl” with apt

sudo apt install libfindbin-libs-perl

Back to Cpanel Server

June 3, 2022

How to Increase size of /tmp on cpanel server

To increase the size of /tmp folder, first, stop monitoring services, so it won’t get auto started while we resize /tmp folder

whmapi1 configureservice service=cpsrvd enabled=1 monitored=0
whmapi1 configureservice service=mysql enabled=1 monitored=0
whmapi1 configureservice service=httpd enabled=1 monitored=0

Now stop Cpanel, MySQL and Apache services

/scripts/restartsrv_cpsrvd --stop
/scripts/restartsrv_mysql --stop
/scripts/restartsrv_httpd --stop

Unmout current /tmp folder

umount /tmp

Rename tmp file

mv /usr/tmpDSK /usr/tmpDSK.old

Create a new file

dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=10000000
mkfs.ext3 /usr/tmpDSK

This will create a 10 GB /tmp folder. If you need to change the size, adjust “count=10000000”.

Now you can mount the /tmp folder with the command

mount -a

mount -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp

Start the services

/scripts/restartsrv_cpsrvd --start
/scripts/restartsrv_mysql --start
/scripts/restartsrv_httpd --start

Enable monitoring

whmapi1 configureservice service=cpsrvd enabled=1 monitored=1
whmapi1 configureservice service=mysql enabled=1 monitored=1
whmapi1 configureservice service=httpd enabled=1 monitored=1

Your /etc/fstab will have the following entry for /tmp folder

/usr/tmpDSK             /tmp                    ext3    defaults,noauto        0 0

If you want the default size, that works for most, you can use Cpanel provided script.

/scripts/securetmp

Running this script will auto-create /tmp folder with 4 GB size.

Back to Cpanel Server

May 27, 2022

How to install PHP ssh2 module in Cpanel Server
PHP ssh2 module allows you to connect to SSH servers. On Cpanel servers, this module is not available under EasyApache. You need to install using PECL. The PECL module installer in WHM does not list this module. The module is available to download from

https://pecl.php.net/package/ssh2

To install it, log in to the Cpanel server as SSH user root or login to WHM as user root, go to Terminal.

Run the command
```
/opt/cpanel/ea-php74/root/bin/pecl install ssh2-1.3.1
```
This will install ssh2 module for PHP 7.4.

For PHP 8.0, you can run
```
/opt/cpanel/ea-php80/root/bin/pecl install ssh2-1.3.1
```
You can also specify the full download URL for the SSH2 module like
```
/opt/cpanel/ea-php74/root/bin/pecl install https://pecl.php.net/get/ssh2-1.3.1.tgz
```
If you need to install SSH module for another PHP version, change ea-php74 to whatever PHP version you are using. Make sure you select the appropriate ssh2 module version that works with the PHP version you are using.

After installing, restart Apache with
```
systemctl restart httpd
```
To verify the ssh2 module is installed, create a PHP file with phpinfo() function, you will see.

Back to Cpanel Server
April 8, 2022

Tag: cpanel

Configure memcached

Installing memcached PHP module

Download elevate-cpanel

Update the server

Reboot the server

Check for upgrade blockers

Upgrade to AlmaLinux 8

Find current MySQL version

Backup MySQL database

Upgrade MySQL/MariaDB using WHM

Solution 1: CloudLinux CageFS (Paid)

Solution 2: mod_ruid2