I know there are no explicit tutorials on how to overcome the challenges of this kind of setup, and I hope you’ll find this helpful.
This article is a transcript of the video tutorial created by Cezar Cazan. I recommend watching the video as you follow the article, or watching the subtitles.
== Summary ==
The goal: having cPanel as a VPS license for hosting purposes.
In today’s tutorial, I will try to show you one way you could install cPanel as a VPS license using the Proxmox server virtualization management platform.
Disclaimer: You should always have backups and test these kinds of scenarios before launching your server into production. I will not be held responsible for the consequences of any action taken based on the information provided in this tutorial This is just an example and should be treated as such.
One last thing I need to tell you before we get started. This is my first venture into the virtualization world, and I am not an expert. However, I learned a lot in the past few months and I hope I can bring some light to other newbies that want to learn about it as well.
Now, back to the issue at hand.
But, aren’t there any tutorials online about how to do that? Well… yes and no.
On most tutorials, virtual machines get their own IP by DHCP as most people have routers or a pfsense box.
My objective was to accomplish this system by using only one internet connection without any routers, additional virtual machines or other complicated methods.
I will present you with a hypothetical scenario with a server hosted in a data center.
In my example, I have 3 public IPs one for remote management purposes, one main IP, and one extra IP.
There are 6 drives on the server: two SSDs and four hard drives. For redundancy, I recommend using RAID1 for all drives. This way if a drive fails you will be able to recover the data from the other drive.
As a side note, DELL servers tend to use the first available ethernet port for remote administration so keep this in mind when plugging the cables.
How the Proxmox system works
When you install Proxmox you get to type in your IP address, netmask, gateway, and other settings, and you might think that these settings are attributed to the physical NIC on your server.
Well, it’s not really like that; Proxmox creates a Linux bridge that will be used as the main internet connection.
You may want to create a separate internal network for the virtual machines so that they will be isolated within Proxmox.
By default, they have no connectivity to the main IP Proxmox network; they are isolated into their own network.
The idea here is to use only one IP and keep the Proxmox ports for Proxmox and the rest of the ports for the virtual machine.
In most examples I saw online, people have a router in front and the main IP is configured on the router; so, this way they choose what ports are open for what virtual machines.
Also, when they create a virtual machine the router automatically gives them an IP address; you must understand that Proxmox does not give you the DHCP by default.
If you want you can install the DHCP program but, by default you do not get IP addresses for the virtual machines; you must set IP addresses by yourself.
It’s so easy when you watch this kind of tutorial because, after you create the virtual machine it automatically gives you an IP address and everybody’s happy.
But what if you don’t have this kind of setup? The Proxmox interface only needs two ports. This way you that the other ports will not conflict with the Proxmox ones.
This gave me an idea: what if we use iptables to create some kind of bridge between the main IP network and the private network? Using iptables we will be able to route the packages from the outside to the virtual machine and the replies from the virtual machine will go back to the user that requested them.
Start building a virtualized environment with Proxmox
The first thing that you will need is a bootable USB with Proxmox.
What is Proxmox? It’s an open-source server virtualization management solution based on KVM and LXC.
Using Proxmox you can manage virtual machines, containers, highly available clusters, storage, and networks with an integrated easy-to-use web interface.
After you plug the USB in your server choose boot options and boot from the USB stick. The Proxmox installer will start.
Here you must choose the first option Install Proxmox VE. The installer loads…
In a couple of seconds, you will see the graphical install interface.
Here you’ll have to agree to the end-user license agreement and select the target disk.
I want to install Proxmox on the two SSDs but as a RAID mirror so for this, you go to options and choose mirror RAID1 and after that, you will have to choose which hard disk will be used to create the mirror. I will choose the two SSDs to create my mirror volume.
Don’t forget to deselect the other drives.
Hit the ok button, and click Next type in your country choose your time zone and keyboard layout, and hit next now choose a password I would suggest you use a very strong password after this type in your email address and hit on next this is the part where you configure your network settings.
I will choose eno.1 as the main connection and start typing the hostname IP netmask gateway and DNS servers.
After that click on install and that’s kind of it… it will take a while and then it will prompt you to reboot your server.
After the system boots, it will tell you the IP address and the port you need to access the web interface.
The first time you visit the URL please make sure to click on advanced and accept security risk, as it is a self-signed certificate. Just input your credentials and click on login.
This notice shows that you are running the free version, but you can also subscribe to a paid version on their website.
Let’s look at our node in the data center to storage: we have those two SSDs and if we go to the firewall (this is the data center level) we can select the input policy as Accept and enable the firewall.
Right now, the firewall is not enabled so we can also enable this one, okay? And we’re set to the data center level.
Next, this is the Proxmox node; this is the main node we are working on.
On the network, you see that Linux bridge I was talking to you about.
This will have the settings used on the Installer.
You will see that the settings are saved.
This Linux bridge is tied to the second eth port on the server.
Adding disks to our Proxmox server
Let’s open a shell and see the available hard drives.
Here you see all the hard drives with all their partitions; the main objective here is to create a RAID 1 mirror with the first two SAS drives.
After this, you go to the data center and you add a ZFS storage.
Let’s name it and choose the ZFS pool that we created earlier and click on add now. Let’s do this for the other two hard drives. So back to the PVE shell and repeat the command for the other two. We will name them sas900gb and choose the other two hard drives. If you only see the main disks, without partitions, you first must create the partitions and format them.
Let’s add the second one too and go back to the data center storage and another ZFS here we’ll choose a unique name and choose the ZFS pool click on Add and we are done with the hard drives.
You will see it on the left that it started creating them. Alright, let’s go to the Proxmox node and see the disks that are listed. Here everything is okay; here you can also check the health of the drives. Let’s see the available space on our system. Here we can see the main system and the hard drives that we mounted earlier together with the space used and space available. Because I want the virtual machine to be fast, I will install it on the two SSDs but first, to be sure that everything runs smoothly, I suggest you reboot the server.
Don’t worry, you can remain on this interface and it will let you know when the server has rebooted. In my case, it lasts about three or four minutes to do a full reboot.
Okay, so the disks are mounted, and everything seems to be in order.
Before creating our virtual machine, we must make that internal network.
For this, you must edit a file and you nano /etc/network/interfaces Here you will see the existing interface, the first bridge, and we will add a second bridge for the internal network. You must save. Now comes the tricky part.
You have to create some firewall rules in order to route the packets to the virtual machine, so we will go to the if-up.d folder and creates a new file there make it executable and after this, you can edit it and add your own custom firewall rules.
This is just an example of a port that’s forwarded to the virtual machine that will have that IP.
Hit save and now enable IP forwarding for the system.
You just must delete that first character to make it work.
Hit save, yes.
This will enable packets from outside to reach the virtual machine.
Right now, I want to do another reboot to be sure that everything stays okay after we boot the system.
Creating a virtual machine
Let’s fast-forward a little bit and we’re back okay let’s create a virtual machine click the create VM button see the ID, give it a name, in my case centOS7vm, hit next, and here is the first problem.
You need an ISO image to put the virtual machine from.
In order to do that you can connect via WinSCP and upload the image there or get it from the shell.
For this way add a directory, let’s call it isostore, select everything and click Add and this is where we’ll put our image.
Right now, if you go to create the virtual machine again you must be certain that the file is there. Hit next, choose the ISO, next, select your hard disk size and location – so I’m going to leave it on the two SSDs and give it 200 gigabytes – hit next, now give it sockets and cores, in my case: two sockets and ten cores.
Choose the available memory for the virtual machine; so, if I want 40 gigabytes this is the number, okay? Hit next; in my experience, the Intel network card works better, and don’t forget to select the new bridge, VMBR1, click Next and finish.
Right now, we will go into the options menu, and you can see on the left that the system already created the virtual machine, so the virtual machine is created but not started yet. You can click on it and on the hardware section. Let’s check that the network card is selected, the memory, the sockets, the CPU and the hard drive is okay.
At the options menu, you have the option to start on boot, so when you reboot the Machine it will also start the virtual machine.
Let’s go to the firewall section and click on input policy and select accept. Before starting our virtual machine, I recommend a reboot of the server to make sure that everything runs smoothly. Okay, the server has rebooted; let’s see if the virtual machine has started automatically: yes, let’s turn it off so you can go to summary and it shut down. There, I want to add another hard drive to it. I will make sure that it’s turned off, go to the hardware section and add a new hard disk. Here, I will choose the pool and choose the size.
Because I want to make sure that I input a proper value, I will go and double-check the space available on that hard drive. Okay, so we’d have eight hundred something gigs so we’ll go and add my hard disk.
From that available pool and say, let’s say… 750 gigs.
Let’s start the virtual machine. Let’s install CentOS7 as cPanel works best with CentOS. The install process is easy. I will choose apt-get Anaconda package manager. So, I will choose to install the main system on the two SSDs for speed as I was saying, choose the language in region and hit on Continue. First, I want to select my date and time in the region, in my case is Bucharest and click on done. Software selection: I will go with a minimal install, and here I want to select the SSD as my main drive for installing it.
If you want, you can personalize your installation, but in this example, I will leave it as it is. Just click on done; after this, you must configure your network, so in my Linux bridge I’ve configured already a network for the virtual machines. The first thing I’ll do is turn off ipv6 because we don’t use it and configure the ipv4 settings to be in manual mode, and after, click Add and start typing your internal IP address; on the gateway, you have to put the IP from your bridge (you saw that was it 10.10.10.100), and input your DNS servers for the internet connection.
Turn it on, click on done and you’re ready to begin the installation.
Security policy: we’ll live it at default and click on begin installation.
As it installs, we can choose a root password. I suggest you type in a strong password here, as some ports will be open to the Internet and you want to make sure that the brute-force attacks are not very successful…
🙂 I will fast-forward this installation Okay, it’s time to reboot our server just go and hit on Reboot I like the thing that you are all doing it from this web interface.
Now the machine will reboot and in just a couple of seconds, you will see the terminal waiting for the login.
Let’s type our credentials and that’s it!
You have a virtual machine.
Let’s verify the internet connection is configured properly: (nmtui) here we go to edit and check that everything is OK. If you did something wrong this is your chance to repair it. Get back and let’s give it a hostname; this is very important, and it should be a first name that will not be used by the system. Choose a unique name and hit okay; now we’re ready to quit this. In order to install cPanel, you need to disable the network manager. How to disable Network Manager in CentOS 7: https://documentation.cpanel.net/display/CKB/How+to+Disable+Network+Manager
Nano editor is not installed by default, so you must use vi for this. So first you must configure your main interface, insert the necessary line, save the file, and do this for the other one as well. This is a requirement from cPanel as it has its own network manager. Okay, let’s save it. Now let’s turn off this virtual machine, let’s reboot the whole server.
Now let’s see if the two machines can talk to each other. Here we see that the virtual machine has already started, let’s login here, okay… let’s ping the Gateway.
The Gateway replies, that’s great! Let’s go to the Proxmox node and try to ping our virtual machine. The virtual machine replies! That’s good! open a putty connection to the virtual machine and install a small script to ensure that the packages will not be blocked by the virtual machine.
So, for this, you’ll have to go in this folder, create the file and put up the following code. The reason for this is that the packages will reach this virtual machine after you put those firewall rules with the necessary ports, but by default, I saw that centOS7 is blocking the port packages from coming out to the internet, so these scripts ensure that after the system is booted that the rule that blocks the packages, will be dropped.
This is done by the IP tables rule. By making this script we will make sure that after reboot the command will be run again; let’s save this let’s see if it’s written correctly…
Okay, everything seems correct, let’s close this putty connection and do a full reboot of the server. Maybe some of the reboots are not necessary, but I like to do them in order to make sure that everything will run smoothly.
Let’s ping again… we see that Proxmox cannot go to the virtual machine as its booting, and as soon as it boots the machine will reply. Let’s try this from the virtual machine as well, and we log in and try to ping our gateway… so the gateway responds, everything is okay. Right now, I will disable the firewall, but remember to put your own firewall rules to make it more secure.
Before starting the cPanel installer please make sure that you have forwarded all the necessary ports in the Proxmox firewall configuration file.
After you do this what you need to do is place this server in the data center and login to this web interface and start the installation script.
Installing cPanel is very easy as you only need to run this command after you login into your virtual machine.
The command for installing cPanel on your machine: https://documentation.cpanel.net/display/76Docs/Installation+Guide
Once you do this, cPanel will start installing and it will take around, I don’t know, 30 minutes – minutes, it depends on your configuration After it installs you can go to its main IP on its main port ( that’s 2087 ) and you can start your cPanel configurations.
Cheap cPanel licenses
The VPS license for cPanel is cheaper than a full server license.
You can get a good deal for your own servers! Cheap cPanel license: http://bit.ly/cpaneldiscount
Command to run after you buy the cPanel license: login into your server via ssh and run usr/local/cpanel/cpkeyclt command. That’s it!
Do you want the full firewall scripts, already configured for the cPanel VM?
Visit this link and drop me a line for receiving a quote, here: http://bit.ly/2UYNPYI