Guide to Installing cPanel on Rackspace Cloud Servers

I have seen a lot of questions about cPanel on the cloud and several people were having issues getting it going. I wrote this guide for myself a while back and thought I would share it with you. I have had my server up and running for about 1 year now. If you have any questions, please do not hesitate to ask.

There are some parts where I could not put code in the code tag. It would generate a url that would not allow you to copy+paste. If you see any errors, please let me know and I will change it in the post.

I have included in this post some extra server hardening and some extra software that I found useful. Please do not assume that your server is fully hardened using this guide. I would recommend googling Server Hardening

This is pretty much a step by step guide.

You must have a cPanel license. You can google for places to get one.

Big help in writing this guide.
http://forums.cpanel.net/f185/beginners-guide-securing-your-server-30159.html
http://cloudservers.rackspacecloud.com/index.php/CentOS_-_cPanel/WHM_11.24

Setup Hostname

Code:
nano /etc/sysconfig/network

Change the line in the file to

Code:
HOSTNAME=myserver.domain.com

Restart Server
Restart the server after making hostname change.

Setup Basic System Stuff

Change Password

Code:
passwd

Update The System

Code:
yum update

Install Perl

Code:
 cd ~
 sudo yum install perl

Disable SELinux

Code:
nano /etc/selinux/config

change line in file to

Code:
SELINUX=disabled

Install Cpanel

cd /home
wget -N http://layer1.cpanel.net/latest
sh latest
/usr/local/cpanel/cpkeyclt

Config Server (IPTables) Install

Instructions from – http://www.configserver.com/free/csf/install.txt

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

Code:
perl /etc/csf/csftest.pl

Then Remove files

Code:
 rm -rf csf
 rm -rf csf.tgz

Don’t worry if you cannot run all the features, so long as the script doesn’t
report any FATAL errors

That’s it. You can then configure csf and lfd by editing the files
directly in /etc/csf/*, or on cPanel servers use the WHM UI

If you need to remove

Code:
 cd /etc/csf
 sh uninstall.sh

Connect to cPanel
https://IP:2087
where IP is the ip of your cloud server instance.
root as username
password that was entered from above.

Nameserver Setup
Go to tweak Settings

Check box – ** Disable whois lookups for the nameserver IP manager.

You should then be able to go into Nameserver IPs and assign IP’s

Update Preferences
Select Automatic (RELEASE tree)
This is what I recommend. You can select whatever release tree you wish however.

Automatic

bandmin – Inherit
courier – Inherit
dovecot – Inherit
exim – Inherit
ftp – Inherit
mysql – Inherit
nsd – Inherit
python – Inherit

Automatic

Let the system do the upgrade.

Tweak Settings
You can check settings as needed later. Nothing is needed to be done immediately.

If you so choose to…

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Default catch-all/default address behavior for new accounts – blackhole

Under System
Use jailshell as the default shell for all new accounts and modified accounts

ConfigServer Security&Firewall (under Plugins)
On the WHM UI menu, scroll all the way to the bottom. You will see ConfigServer Security&Firewall. Click that to make changes to your firewall.

Change testing from 1 to 0

You may also want to setup automatic updates.

Enable open_basedir Security
Go to Security Center then Tweak PHP open_basedir Security

Then Enable php open_basedir Protection.

Click Save.

Enable Shell Fork Bomb Protection
Go to Security Center then Shell Fork Bomb Protection

Then click enable protection button.

Enable cPHulk
Go to Security Center then Configure cPHulk

Then click enable button.

Disable Anonymous FTP
Goto Service Configuration =>> FTP Server Configuration

Disable Allow Anonymous FTP for both Annonymous logins and uploads.

Click save.

Change MySQL Root Password
Goto Mysql =>> MySQL Root Password

Change root password for MySQL

Imagemagick Install

Code:
yum install ImageMagick

Ruby Install

Code:
/scripts/installruby

iftop Install
From – http://ex-parrot.com/pdw/iftop/

cd ~
mkdir src
cd src
wget http://anduin.linuxfromscratch.org/sources/BLFS/6.3/l/libpcap-0.9.6.tar.gz
tar -xzf libpcap-0.9.6.tar.gz
cd libpcap-0.9.6
./configure
make
make install
cd ..

wget http://ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
tar -xzf iftop-0.17.tar.gz
cd iftop-0.17
./configure && make
make install
cd ../..
rm -rf src/

To use just issue the command iftop from the command line
ctrl-c to exit

mytop Install
From – http://jeremy.zawodny.com/mysql/mytop/

cd ~
mkdir src
cd src
wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz
tar -xzf mytop-1.6.tar.gz
cd mytop-1.6
perl Makefile.PL
make
make test
make install

After installation you will need to change a file to allow this program to function. There were some changes that happened in the later CentOS distributions.

Code:
nano /usr/local/bin/mytop

Ctrl+w
Search for
long|!
Then change

Code:
 "long|!" => \$config{long_nums},

to

Code:
 # "long|!" => \$config{long_nums},

All you are doing is commenting out a single line.

DOCUMENTATION
man mytop

IPTraf Install

Code:
yum install iptraf

To use just issue command iptraf from command line.

Install Clam Antivirus and cPanel Pro
!!! MAKE SURE TO GET LICENSE FIRST !!!
Go to – http://pro.cpanel.net/activate/

Go to Manage Plugins
Select Install and Keep Updated for both cPanel Pro and clamavconnector.
Click save

After install is complete go to the Configure ClamAV Scanner under plugins
and enable the Scan Mail. Then click save.

Set an SSH Legal Message

Code:
nano /etc/motd

Enter the following into the file.

Code:
 ALERT! You are entering a secured area! Your IP and login information
 have been recorded. System administration has been notified.

 This system is restricted to authorized access only. All activities on
 this system are recorded and logged. Unauthorized access will be fully
 investigated and reported to the appropriate law enforcement agencies.

You should be setup and ready to go with your new server! Please let me know if there is anything else that needs to be edited.

Cron jobs for rotating backups on Rackspace Cloud

I had found several scripts to run as cron jobs to create rolling back ups of my sites. But I couldn’t get any of them to work. The rolling backs ups that is. I turned to RSC tech support and they referred me to this blog post: http://capellic.com/blog/backup-script-rackspace-cloud

It worked the first time. The only changes I made were to set the script with the proper variables for my site.

Then I went ahead and modified the scripts so I had 7 days of daily backups and created a second script and cron job for 8 weeks of weekly backups. What is great about this script is I can set the frequency of the Cron jobs such that I tested the full run in one day. I set the daily script to run every 5 minutes and the weekly script every hour.

Here is my daily script dailybackup.sh:

Code:
#!/bin/bash
 # Modeled after <a href="http://snippets.dzone.com/posts/show/4172" target="_blank" rel="nofollow">http://snippets.dzone.com/posts/show/4172</a>

 #### VARIABLES
 # ACCOUNT_ROOT can be found on the Features tab in the control panel for the site
 export ACCOUNT_ROOT="/mnt/stor2-wc2-dfw1/427054/www.DOMAIN_NAME.com"
 export WEB_ROOT="${ACCOUNT_ROOT}/web/content"
 export DB_HOST="DB_SERVER_INTERNAL_NAME"
 export DB_USER="DB_USERNAME"
 export DB_PASSWORD="DB_PASSWORD"
 export DB_NAME="DB_NAME"

 #### PROGRAM - NO EDITING AFTER THIS LINE SHOULD BE NECESSARY
 echo "Rotating daily backups..."
 rm -rf $ACCOUNT_ROOT/backup_daily/07
 mv $ACCOUNT_ROOT/backup_daily/06 $ACCOUNT_ROOT/backup_daily/07
 mv $ACCOUNT_ROOT/backup_daily/05 $ACCOUNT_ROOT/backup_daily/06
 mv $ACCOUNT_ROOT/backup_daily/04 $ACCOUNT_ROOT/backup_daily/05
 mv $ACCOUNT_ROOT/backup_daily/03 $ACCOUNT_ROOT/backup_daily/04
 mv $ACCOUNT_ROOT/backup_daily/02 $ACCOUNT_ROOT/backup_daily/03
 mv $ACCOUNT_ROOT/backup_daily/01 $ACCOUNT_ROOT/backup_daily/02
 mkdir $ACCOUNT_ROOT/backup_daily/01
 echo "... done rotating daily backups."

 echo "Starting database backup..."
 mysqldump --host=$DB_HOST --user=$DB_USER --password=$DB_PASSWORD --all-databases | bzip2 > $ACCOUNT_ROOT/backup_daily/01/mysql-`date +%Y-%m-%d`.bz2
 echo "... daily database backup complete."

 echo "Starting file system backup..."
 tar czf $ACCOUNT_ROOT/backup_daily/01/web_backup.tgz $ACCOUNT_ROOT/web/content/
 echo "... daily file system backup complete."

 exit 0
 #### END PROGRAM

Here is my weekly script weeklybackup.sh:

Code:
#!/bin/bash

 #### VARIABLES
 # ACCOUNT_ROOT can be found on the Features tab in the control panel for the site
 export ACCOUNT_ROOT="/mnt/stor2-wc2-dfw1/427054/www.DOMAIN_NAME.com"

 #### PROGRAM 
 echo "Rotating backups..."
 rm -rf $ACCOUNT_ROOT/backup_weekly/08
 mv $ACCOUNT_ROOT/backup_weekly/07 $ACCOUNT_ROOT/backup_weekly/08
 mv $ACCOUNT_ROOT/backup_weekly/06 $ACCOUNT_ROOT/backup_weekly/07
 mv $ACCOUNT_ROOT/backup_weekly/05 $ACCOUNT_ROOT/backup_weekly/06
 mv $ACCOUNT_ROOT/backup_weekly/04 $ACCOUNT_ROOT/backup_weekly/05
 mv $ACCOUNT_ROOT/backup_weekly/03 $ACCOUNT_ROOT/backup_weekly/04
 mv $ACCOUNT_ROOT/backup_weekly/02 $ACCOUNT_ROOT/backup_weekly/03
 mv $ACCOUNT_ROOT/backup_weekly/01 $ACCOUNT_ROOT/backup_weekly/02
 mv $ACCOUNT_ROOT/backup_daily/07 $ACCOUNT_ROOT/backup_weekly/01
 echo "... done rotating backups."

 exit 0
 #### END PROGRAM

Each of theses scripts are stored in a cronjobs directory inside of web/content.

I created a backup_daily and backup_weekly directory at the root for the site. This is where the scripts will store the back up files.

Then I created two cronjobs. One that runs the daily backup each day at 3am and the other that runs the weekly backup every 7 days at 2:30 am.

Rackspace Rack Review – December 2012

Happy holidays and welcome to Rack Review! This monthly digest features new product updates, combined with news and tips to help make your Rackspace® experience a rewarding one.
Cloud Networks Now Available
Cloud Networks is a powerful new addition to the open cloud that provides you with the ability to create isolated, layer 2 networks that look like traditional networks in both architecture and function – simplifying networking in the cloud. With the click of a button, you are now able to create software-defined networks allowing you to enhance the network security for your Cloud Servers™, creating sub-nets and controlling the traffic that flows between servers. Learn more.
The Architecture and Development Behind Cloud Block Storage
Last month we introduced one of our latest open cloud offerings, Cloud Block Storage, and this month we want to dive into the technical details behind it. Cloud Block Storage provides high performance and is ideal for applications that require large amounts of storage, scaling independently of your Cloud Server. There is a lot of history behind how this came about and how it can be leveraged. Come read about it on our DevOps blog.
Send and Receive Email in Your App for FREE
A few months ago, Rackspace acquired Mailgun, making it easy for you to send, receive and track emails through your websites and applications via the RESTful API or SMTP. Mailgun is the email automation engine trusted by over 10,000 developers who are sick of fighting with email servers. With sample code written in all of the most popular languages, like Ruby, PHP, Python, C# and Java, integration is easy. All Rackspace customers receive a $19/month credit for Mailgun services (use coupon code mg4rackspace). That’s enough to send up to 19,000 emails per month at no cost to you! Visit Mailgun to sign up.
Manage the Rackspace Open Cloud with the New Windows 8 App
We are offering you a new application that gives you the option to manage your Rackspace Cloud account directly from Microsoft’s newly-launched Windows 8 operating system. This free application can help you get even more out of your investment in the Rackspace Cloud by allowing you to manage your Cloud Servers directly from Windows 8. Learn more.
Help Protect Your VMware Virtual Machines with Replication
You need to have the ability to recover business-critical virtual machines (VMs) and restart the important apps in the event of a data center outage or unplanned downtime. Geographical redundancy is a key component to any sound disaster recovery (DR) strategy, and it’s a must-have for when disaster strikes. Read how VM Replication helps protect and recover Rackspace-hosted VMs by easily and affordably replicating VMs between our data centers.
Protect Servers Using Bastion Hosts and Isolated Cloud Networks
The public Internet can be a scary place for servers. Log files of servers attached to public addresses will show regular port scans and URL snooping. These log entries are the inescapable reminder that your hosts are always one misconfiguration away from disaster. We can help! We have created a guide that will teach you how to create a bastion host and an isolated cloud network so you can reduce the number of servers that have to encounter these threats. Learn more on our DevOps blog.
Giving Back to the Local Community
We held the largest Thanksgiving drive and distribution in San Antonio, Texas, – providing 1,000 families with turkeys and all the trimmings through our annual Turkey Drive, supported by the San Antonio Food Bank.
NoSQL Explained
For over thirty years, relational database technology has been the gold standard. Modern workloads and unprecedented data volumes, however, are driving businesses to look at alternatives to the traditional relational database. This “NoSQL movement” has given rise to a host of non-relational-database technologies, designed for large-capacity storage and scalability. We’ve taken some time to explain some of the popular options available for NoSQL.
Caching for the Holidays
Around the holidays, getting cash for a gift might make you think that the person didn’t put a lot of thought into your present. However, in the world of server configurations, giving cache to your customers is probably one of the best things you can do. Learn more about caching.
25 Most Influential Executives of 2012
Our own Lanham Napier, Rackspace CEO, was on the list of “The 25 Most Influential Executives of 2012.” See the full list here.
Tired of Email Management Hassles? Make the Move Now with Free Hosted Microsoft® Exchange Migrations
Tired of the headache of managing your own Exchange email server? Or worse, dealing with an unreliable or unresponsive provider? For a limited time, we are offering free email migrations (up to 250 Exchange mailboxes) when you sign up for a new Rackspace Hosted Exchange account. Our reliable, business-class Exchange hosting takes email off of your worry list, so you can stay focused on your business, while we manage your email. Learn more about our migration services. (Offer ends December 31, 2012)
Join Us in the Fight Against Patent Trolls
Fed up with patent trolls? So are we. Find out what we’re doing to help keep technologies out of the claws of patent trolls. And, better yet, join us in the fight. Find out more.
Start Using SharePoint® 2013 Today
We are glad to offer you two ways to get your own SharePoint 2013 site up and running today. The first option is the free trial, where you can get 45 days to explore and experience SharePoint 2012. Sign up for this limited time offer. The second option is to create your own Cloud Server with SharePoint 2013 and SQL Server 2012 images, ideal for project-based SharePoint deployments. To do this, simply go to the Cloud Control Panel and choose one of the available SharePoint images to get started right away.
Looking for extra help to reach your goals in the cloud? Visit the Rackspace Cloud Tools Marketplaceto find a catalogue of third-party-developed applications designed for the Rackspace open cloud. This month’s featured partners are:

SOASTA – Load and Performance Testing Solution
SOASTA CloudTestis an end-to-end integrated platform, available as a turnkey on-demand service for external, web-scale testing and as on-premise editions for use by testers behind the firewall. Cloud testing easily enables fast, low-cost testing at full web-scale, providing the confidence that the web or mobile application or site can withstand daily load in addition to the largest peaks and surges in traffic.Papertrail – Detect & Avoid Infrastructure Problems
Papertrail helps detect, resolve and avoid infrastructure problems using log messages. Aggregate and manage log messages from Cloud Servers, Managed Hosting, Hybrid Hosting, and other servers — both flat files and syslog. Setup takes a minute, then tail, search, react, analyze and archive.

 

Featured Rackspace Blog Postsfrom this past month:

  • Scale Storage Independently From Your Cloud Servers With Cloud Block Storage – Read
  • Mobile Sync for Rackspace Email, Take it Anywhere – Read
  • Cassandra By Example – Read
  • Out of time this holiday season? 5 Survival Tips to get ready for the rush – Read
  • Business Email Blunders: Could This Happen To You? – Read
  • Which CMS is right for you? – Read

1 big server 4 nodes running all services vs. 2 small servers 2 nodes each with services separated?

Questions:

I have a question i need some opinions on

I have a linux cloud server now that is hosting a few sites and is a little bogged down memory wise primarily MySQL i am looking to add a node or 2 but realised it doesn’t cost any more to have 2 smaller VPS 1 dedicated to MySQL and one for the web server.

What would be the better solution?

1 big server 4 nodes running all services
VS
2 small servers 2 nodes each with services separated?

Answers:

This is a general architectural decision that is made by people using all stacks out there. LAMP, MSFT, et al. It really depends on how you define “Better”…

Some people will say you should always separate your web server from your DB server. Sometimes that’s because of political decisions made within an enterprise. You’ll see one team dedicated to web and another DB team, so to keep the bureaucracy running smoothly big orgs separate the software onto different hardware.

It’s not only political though, there are other rational reasons as well that are relevant to a smaller organization — security is one. If your web server gets hacked, which is more likely because it must be exposed to the world to serve its pages, then your DB server can remain unscathed — hidden safely behind a private IP or firewall. Your system is also more scalable when separated, because you can grow both servers independently.

The downsides of separating the software onto two boxes include the need to patch and maintain two separate machines, either virtual or hard. There is also a performance hit due to sending requests from the web server outside over the network to another machine. So while more scalable, it won’t necessarily make your website faster to separate the db and web services onto two separate machines.

Of course, that depends on your programming. Do you use indexes properly? How much of the processing is done in stored procedures vs. procedural PHP, .NET, etc? If 75% of your website’s work is done by the database server and you split it off into 50% of the total available horsepower, then your site will slow down when compared to having both systems on the same machine — and that’s without considering the network latency.

So really, to provide a reasoned opinion, I would need to know more about your priorities. Do you want the fastest page loads? Highest security? Least maintenance time/cost? Flexibility? Scalability? Cost?

If I can assume you want your site to be faster, then I would guess, and that’s about all it is with what I know now — a guess, that your site will be faster with one big box, because you can dedicate more ram to the database. If your web server only needs 10% of what is available and you give it a whole machine which is 50% of your total, then 40% is unused and could be used by MySQL to run queries.

So, if your web server only needs one node and you give it two, one is unused when you could put three to mysql if both web and db were running on the same 4 node server.

Anyway, hope this helps! Good luck!