How to install cPanel & WHM on CentOS 7 | Google Cloud(GCP)

Prerequisites:

You will need the following items to complete this tutorial

• A Compute Engine (VM) Instance up and running with CentOS 7.

• Firewalls, Both Ingress and Egress rules.

• Ports - Both TCP and UDP.

• Static IP Address for Compute Engine VM Instance.

• cPanel & WHM License or Trial License.

• Hostname - Fully-Qualified Domain Name.

• Hardware Requirements.

CentOS - cPanel & WHM Installation Guide - System Requirements

• The system requirements for installing cPanel and WHM on a CentOS server. cPanel and WHM may be installed on CentOS 7.

How long will my preferred operating system be supported by cPanel?

• CentOS 6 — November 30, 2020

• CentOS 7 — December 31, 2024

• CentOS 8 — December 31, 2021

Important

• cPanel, LLC does not support the CentOS Stream operating system for cPanel or WHM installs. To avoid difficulties, reinstall cPanel and WHM on a supported operating system as soon as feasible if you installed them on CentOS Stream.

• The basic requirements for installing cPanel and WHM are listed on this page. A CentOS server that fulfills these criteria may not function effectively, primarily if it performs high-demand tasks.

• To install cPanel and WHM, you must log in as the root user on the server. If you don't have root access, seek assistance from your system administrator or hosting provider.

License

• A separate license is required for each cPanel and WHM server. You can get a cPanel & WHM license for your server's IP address if you don't already have one. Visit the cPanel Store to purchase a cPanel & WHM license.

• A valid license is required for cPanel and WHM.

• You must have a cPanel Store account with a validated email address in order to activate a new license.

Networking requirements

Hostname

The following requirements must be met by your hostname:

• The domain name that has been registered and is fully qualified.

• Doesn't match any of the domains on your server.

• There is a limit of 60 characters.

• Resolves to an IPv4 or IPv6 address that is valid.

If your server doesn't have a fully qualified domain name, cPanel, L.L.C. will assign one to it. See cPanel Automatically-Issued Hostnames documentation for additional information.

Why do you require a hostname that is generated automatically?

• A security warning will appear the first time a user attempts to log in to WHM on a newly installed server. It can be frightening, especially for users using a trial license and are new to cPanel and WHM.

• This occurs because most current browsers will display a warning anytime a user attempts to access a site or domain with an invalid or self-signed certificate.

• Immediately after installation, cPanel and WHM attempt to safeguard your server. To begin, it installs a self-signed certificate to safeguard the server. The server is then secured by requesting a free hostname certificate (Free cPanel-signed certificate) from the cPanel Certificate Authority.

What exactly is a free cPanel-signed certificate?

• cPanel, L.L.C. provides free signed certificates for services on your server's hostname to valid cPanel & WHM license holders.

Firewalls

• Even though the installer attempts to open the required ports during the installation process, we recommend that you disable OS firewalls before running the cPanel & WHM installation. After the installation is complete, we recommend that you set up a firewall.

Hardware requirements

Disable SELinux

• To make your system compatible with cPanel and WHM, you must disable SELinux.

Install cPanel & WHM on Google Cloud - Compute Engine

Step - 1. Create a fresh Compute Engine VM instance.

Launch a New VM Instance

• Log in to Google cloud console, and click on the navigation menu. Also, scroll down over to the Compute Engine and choose VM instances.

• Next, click on "create instance" to launch a new virtual machine, type the instance name (For example, cpanel-whm-server), and choose the region you prefer to launch the VM instance. Next, choose the zone and machine family, series (E2), and machine type(e2-small (2 vCPU, 2 GB Memory)), which is recommended hardware.

Attach a Boot Disk

• Scroll down until you notice the boot disk, click on change the boot disk, then select the operating system to CentOS and choose the version to CentOS 7 also increase the disk size to 40 GB (Recommended) and click on "select " to finalize the boot disk.

Assign a Hostname and Network tag

• Scroll down to the bottom and click on the networking, disk, security, and management option to expand and expand the networking options and add a network tag. For example, cpanel-firewall and a hostname (uswest.incapio.org.in).

• Lastly, scroll down to the network interface, and expand the default field to edit network interfaces. Beneath the External IP, click on the drop-down and choose to create an IP address for the virtual machine instance.

• Then scroll down to the bottom of the page and click on create to deploy the virtual machine instance.

Step - 2. Create Firewall Rules.

Add Ingress firewall rules.

1. Go to the Firewall rules page in the VPC network section in the Cloud Console.

2. Click Create a firewall rule.

3. On the Create a firewall rule page, enter a name and description.

4. In the Targets menu, select Specified target tags.

5. In the Target tags field, enter cpanel-firewall (which is the name that you gave in the Network tags field in the previous section).

6. In the Source IP ranges field, enter 0.0.0.0/0.

7. In the Protocols and ports section, select Specified protocols and ports.

8. Select TCP and enter the following: 20,21,25,26,37,43,53,80,110,113,143,443,465,579,587,783,873,953,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2089,2095,2096,2195,2703,3306,6277,11371,24441

9. Select UDP and enter the following: 53,443,783,873,6277,24441

10. Click Create.

Add Egress firewall rules

1. Go to the Firewall rules page in the VPC network section in the Cloud Console.

2. Click Create a firewall rule.

3. On the Create a firewall rule page, enter a name and description.

4. In the Direction of Traffic, choose Egress.

5. In the Targets menu, select Specified target tags.

6. In the Target tags field, enter op-firewall (which is the name that you gave in the Network tags field in the previous section).

7. In the Destination IP ranges field, enter 0.0.0.0/0.

8. In the Protocols and ports section, select Allow all.

9. Click Create.

Step -3. Deploying cPanel & WHM on Compute Engine

• Navigate to the virtual machine instances interface, and click on the VM instance (cpanel-whm-server) SSH option to launch the secure shell access and type "sudo su -" and hit enter to switch to root user.

Firewalls

• For the operating system's installation setup, the CentOS distribution allows you to disable the firewall. This strategy is strongly recommended by cPanel.

• To turn off firewalls on CentOS 7, use the following instructions, where ~/firewall.rules denote the firewall rules file:

iptables-save > ~/firewall.rules
systemctl stop firewalld.service
systemctl disable firewalld.service

• Output:

[info@uswest ~]$ sudo su -
[root@uswest ~]# iptables-save > ~/firewall.rules
[root@uswest ~]# systemctl stop firewalld.service
[root@uswest ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@uswest ~]# 

How can I turn off Network Manager?

• The Network Manager service automates the system's network settings and prevents connections to IP addresses in the ipaliases module from being established.

• This automation is disabled when the Network Manager service is turned off. Any changes to the system's network settings must be addressed manually. If you disable the Network Manager and subsequently reboot the machine, any previously established connections will not be immediately reconnected.

• The network.service package is installed by default on CentOS 7 systems, however, it is not enabled. Before installing cPanel and WHM, you must disable the Network Manager service and enable the network.service service. Currently, the cPanel and WHM installers do not disable Network Manager in these systems by default.

• Use the commands below to disable Network Manager.

systemctl stop NetworkManager
systemctl disable NetworkManager

• Output

[root@uswest ~]# systemctl stop NetworkManager
[root@uswest ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@uswest ~]#

• Navigate to the directory /etc/sysconfig/network-scripts.

• With your favorite text editor, open the ifcfg-eth0 and ifcfg-lo files and, if they exist, set the following keys' values:

NM_CONTROLLED=no
ONBOOT=yes

• Output:

[root@uswest ~]# cd /etc/sysconfig/network-scripts
[root@uswest network-scripts]# nano ifcfg-eth0
[root@uswest network-scripts]# nano ifcfg-lo
[root@uswest network-scripts]#

• Do not add either of these keys if they do not already present in your ifcfg-eth0 and ifcfg-lo files.

Disable SELinux

• To make your system compatible with cPanel and WHM, you must disable SELinux.

• Use the following method to disable SELinux security features:

• Edit the /etc/selinux/config file to disable the SELINUX option, then restart the server. The contents of the /etc/selinux/config file should look like this:

• Output:

[root@uswest network-scripts]# nano /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled 
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes       are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@uswest network-scripts]# reboot

Perl installation

• Before the cPanel and WHM installation scripts can execute, Perl must be installed on your server. If Perl is not found during installation, the cPanel & WHM installer tries to install it using the yum -y install perl command.

Step - 4. Installing cPanel & WHM on CentOS

• Run the following command to install cPanel and WHM on your server:

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

• This command redirects your session to your home directory, downloads the most recent versions of cPanel and WHM, and executes the installation script.

• Output:

[2021-11-23 13:10:11 +0000] [2038] ( INFO): Congratulations! Your installation of cPanel & WHM 11.100 is now complete. The next step is to configure your server. 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): Before you configure your server, ensure that your firewall allows access on port 2087.
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): After ensuring that your firewall allows access on port 2087, you can configure your server.
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 1. Open your preferred browser
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 2. Navigate to the following url using the address bar and enter this one-time autologin url:
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): https://35.192.193.89:2087/cpsess9889560302/login/session=root%3aqvOu0TGcRnMSgBC5%3acreate_user_session%2c7eef7fb511ae79dde781d9210bc6d87a
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): After the login url expires you generate a new one using the 'whmlogin' command or manually login at:
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): https://34.135.62.112:2087
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): Visit https://go.cpanel.net/whminit for more information about first-time configuration of your server.
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): Visit http://support.cpanel.net or https://go.cpanel.net/allfaq for additional support
[2021-11-23 13:10:11 +0000] [2038] ( INFO): 
[2021-11-23 13:10:11 +0000] [2038] ( INFO): Thank you for installing cPanel & WHM 11.100!

• To login to cPanel & WHM, we require a root password. Use the following command to update or modify the root password.

[root@uswest ~]# passwd root
Changing password for user root.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@uswest ~]#

Step - 5. Enabling Firewall and Network Manager services.

• To enable, Firewalls and Network Manager. Use the following commands to activate and start the services.

Firewall Services

iptables-restore < ~/firewall.rules
systemctl start firewalld.service
systemctl enable firewalld

• Output:

[root@uswest ~]# iptables-restore < ~/firewall.rules
[root@uswest ~]# systemctl start firewalld.service
[root@uswest ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbusorg.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multiuser.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@uswest ~]#

Network Manager

systemctl enable network.service
systemctl start network.service

• Output:

[root@uswest ~]# systemctl enable network.service
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network on
[root@uswest ~]# systemctl start network.service
[root@uswest ~]# 

Step - 6. Access WHM

How can I get into WHM?

• To access WHM, open your favourite browser and input the IP address or domain, as well as the 2087 port. As an example:

• https://34.135.62.112:2087 — Use your IP address to connect to WHM through an encrypted connection. For example, https://VM-Instance-External-IP:2087

• https://uswest.incapio.org.in:2087 — Use your domain name to connect to WHM over an encrypted connection.

Use your WHM account.

To log in with your WHM account, complete these steps:

• In the Username text box, type your WHM username (root).

• In the Password text box, type your root password.

• Click the Login button. The WHM Home interface will be displayed.

Conclusion:

Here are some more setup options that are recommended.

Google has blocked port 25.

Google disables port 25 for outbound email traffic by default.

• For additional information on Google's port 25 limitations, see the Sending Email from Instance documentation.

• Read Google's SMTP relay: Route outgoing non-Gmail messages through Google.

• Support article and the Smarthost configuration part of our Exim Configuration Manager manual for potential solutions.

Getting rid of an instance

• Read Google's Deleting Instance documentation to learn how to delete a Google Compute instance.

What is egress and ingress in Google Cloud(GCP) - Compute Engine

Traffic flow direction

• A firewall rule's direction can be either ingress or egress. The direction is always defined in the VM to which the firewall rule applies.

• Connections sent from a source to a target are described by the ingress direction. Ingress rules apply to packets for new sessions where the packet's destination is the target.

• The egress direction refers to traffic that is sent from a source to a destination. Egress rules apply to packets for new sessions in which the source is the target.

• Google Cloud uses ingress if you don't provide a direction.

Ingress

Ingress firewall rules regulate incoming connections from a source to your VPC network's target instances. An ingress rule's source can be defined as one of the following:

• A range of IPv4 or IPv6 addresses, with an IPv4 address (0.0.0.0/0) as the default.

• Network tags identify other instances in your VPC network.

Egress

Outgoing connections from target instances in your VPC network are controlled by egress firewall rules. Allow action egress rules allow traffic from instances based on the rule's other components. You can, for example, allow outbound traffic to particular destinations, such as a range of IPv4 addresses, using protocols and destination ports you define. On the other hand, egress rules with a deny action prohibit traffic depending on the rule's other components.

• A destination is required for every egress regulation. Any IPv4 address (0.0.0.0/0) is the default destination, but you can construct a more particular destination by using a CIDR-formatted range of IPv4 or IPv6 addresses. You can restrict traffic to instances in your network and to locations outside your network, including destinations on the internet, by specifying a range of IP addresses.

Frequently Asked Questions

How can I get a free trial of cPanel hosting?

You are eligible for a 15-day trial license if you install a new VM instance of cPanel and WHM on a server. This will provide you the opportunity to try the software before investing in a complete license for your server.

Activation

Follow the steps below to sign up for a trial license for cPanel & WHM during the WHM Getting Started process:

1. The interface will display a "Get Started with a Free cPanel Trial!" message after agreeing with the End User License Agreement.

2. Log in by clicking the Login button. The cPanel Store will display on the screen.

3. Go to your cPanel Store account and log in. You can create an account if you don't already have one.

4. You will be led back to the WHM interface once you have successfully logged in. If the activation was successful, a green checkmark would appear next to Activate Trial License.

What is the hostname of the Google Compute Engine?

How many tcp ports do cPanel and WHM require?