Dedicated IPs on Add-On domains?

optize

Well-Known Member
Apr 27, 2005
146
0
166
I have a customer, signed up for one domain, added 2 more add-on domains. He wants dedicated IPs for all 3 domains.

Is that possible within WHM?
 

JPC-Stefan

Member
Oct 29, 2008
23
0
51
It is not possible from WHM however you can do it manually from Shell as:

If suppose your cPanel account username is "USER" and domains are:

maindomain.tld
addondomain1.tld
addondomain2.tld

Then you have to edit the following files using vim or pico editor

/var/cpanel/userdata/USER/maindomain.tld
/var/cpanel/userdata/USER/addondomain1.tld
/var/cpanel/userdata/USER/addondomain2.tld

And change the IP field to in each to your desired one.

Rebuild apache configuration file by using:

>/usr/local/cpanel/bin/build_apache_conf

Restart apache service

Edit DNS zone file of each domain and point A record to new IP.
 

meeven

Well-Known Member
May 8, 2007
132
2
168
It is not possible from WHM however you can do it manually from Shell as:

If suppose your cPanel account username is "USER" and domains are:

maindomain.tld
addondomain1.tld
addondomain2.tld

Then you have to edit the following files using vim or pico editor

/var/cpanel/userdata/USER/maindomain.tld
/var/cpanel/userdata/USER/addondomain1.tld
/var/cpanel/userdata/USER/addondomain2.tld

And change the IP field to in each to your desired one.
This is really neat, thank you. I have been reading everywhere that add-on domains cannot have their own IP addresses.

In your experience, does this work flawlessly? And, I guess you can now have SSL certs for add-on domains too?

Rebuild apache configuration file by using:

>/usr/local/cpanel/bin/build_apache_conf

Restart apache service

Edit DNS zone file of each domain and point A record to new IP.
Shouldn't rebuilding apache be done by running /scripts/rebuildhttpdconf instead since EA3?
 

JPC-Stefan

Member
Oct 29, 2008
23
0
51
Sorry for my mistake the files for add-on domains should be:

/var/cpanel/userdata/USER/subdomain1.maindomain.tld
/var/cpanel/userdata/USER/subdomain2.maindomain.tld

Also don't forget to make changes in the DNS zone files.

As the domains will be on dedicated IP so I think there will be no problem in SSL certificate setup.
 

stevenc317

Well-Known Member
Jan 27, 2009
56
0
56
This is really neat, thank you. I have been reading everywhere that add-on domains cannot have their own IP addresses.
I had the same problem, finally after asking a cPanel tech (I love those guys) they pointed me in the right direction with the solution above.

In your experience, does this work flawlessly? And, I guess you can now have SSL certs for add-on domains too?
Yes, for me it has worked every time (and I setup 2 or 3 dedicated IPs each day). It is a bit of a pain and I am in the process of automating it with some perl scripting when I get a chance. Aside from that it works everytime and have been doing it for about a month.


Shouldn't rebuilding apache be done by running /scripts/rebuildhttpdconf instead since EA3?
I use /scripts/rebuildhttpdconf and it works for me.

Also as JPC-Stefan said, make sure you edit your DNS zone else the world will not know the new IP.
 

meeven

Well-Known Member
May 8, 2007
132
2
168
stevenc317, thank you for pitching in with those details. Very helpful.:)
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
Just hope the boys back at cPanel are listening. This would be SOOOOO helpful to be able to assign a dedicated IP to a specific site.
The reason you don't see dedicated IP support for addon domains is
because of international rules and ICANN IP justification regulations ...

I hate to bust everyone's bubble here but by modding the account that way,
the only thing you can do is force a dedicated IP for the domain for the web
site itself but because of various techical details involved you would not
be able to setup certificates, anonymous FTP, a proper SSL secure session,
or email on it's own IP address by doing that without further extensive
modification and that is a very serious problem for you and your customers.

Why?

ICANN justification regulations require that dedicated IP addresses
cannot be issued on accounts unless there is a justifiable reason where
a shared IP address cannot be used.

Presently only 2 modes of operation legitimately fulfill the terms and
requirement of that regulation:

1) Merchant Use / SSL Encryption

2) Anonymous FTP Server

Almost anything and everything else could be fulfilled using a shared IP
address and therefore MUST be done with a shared IP address.

Items such as "DNS servers" don't even meet the justification requirements!

Just "wanting a dedicated IP address" is not good enough either!

If you assign your client dedicated IP addresses and they are NOT explicitly
and actively using at least one of the above listed justifiable services
regularly on their account or some other service which can legitimately
meet the justification rules and only be accomplished by means of dedicated
IP address then you cannot issue dedicated IP addresses to the client
and you would be in violation of regulation to do so.

As a server owner and there by a host, you have a little flexibility via rules
for allowing hosts to maintain a pool of potential IPs to be used but that
doesn't extend down to your clients if you want to operate within the rules.

Are you properly querying your clients as to their reasons for requesting IPs?

Are you monitoring your clients to make sure their activities on their site
continue to require the necessity for a dedicated IP and that they are
actually actively using those service(s) requiring a dedicated IP?

If you answer 'no' to either of these then you need to do some serious
rethinking, re-working, and cleanup of your current allocated IP pool.
 
Last edited:

stevenc317

Well-Known Member
Jan 27, 2009
56
0
56
Spiral,

Yes you are right on ICANN, but that does not mean cPanel cannot support this. In my case I have 56 dedicated IP addresses on my cPanel box due to 52 of my customers have their own SSL certificates, the other IPs are for nameservers, etc. My hosting provider (Rackspace) allows me to have unlimited IPs on the condition that I fill out an affidavit for ICANN when I request my IP blocks. Currently it is a real pain to have to manually reconfigure cPanel for each site having a specific IP address.

Why not create each as their own 'Account'? The reason is I do not host your typical $9.95/month for 100mb, rather we design turn key web solutions for targeted industries (EX: Auto Corner Dealership Website System for Automotive Dealers). Since this system is run on centralized scripts I must have them all in the same 'account' so that Apache will allow for them to read and write their files as needed. If they where each in their own account it would be a nightmare of permission issues trying to access files across users.

Now if someone is looking to do SEO they are out of luck as that is a violation of ICANN (and Google/MSN/etc). Even if you were able to get past those undetected, you better have one heck of a big ISP because Google only counts cross-links from different 'C Blocks', if it is the same (which most smaller hosts have) it will not make a difference. In my case a few are from a different C Block -- which is a bonus I guess -- but that wasn't the reason for it.
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
Yes you are right on ICANN, but that does not mean cPanel cannot support this. In my case I have 56 dedicated IP addresses on my cPanel box due to 52 of my customers have their own SSL certificates, the other IPs are for nameservers, etc.
That's a lot of domains but by what you just said qualifies because
SSL does require a dedicated IP be in place.

My hosting provider (Rackspace) allows me to have unlimited IPs on the condition that I fill out an affidavit for ICANN when I request my IP blocks. Currently it is a real pain to have to manually reconfigure cPanel for each site having a specific IP address.
That affidavit is you asserting that you will adhere to the regulations
and enforce those policies on your server and your clients.

Why not create each as their own 'Account'? The reason is I do not host your typical $9.95/month for 100mb, rather we design turn key web solutions for targeted industries (EX: Auto Corner Dealership Website System for Automotive Dealers). Since this system is run on centralized scripts I must have them all in the same 'account' so that Apache will allow for them to read and write their files as needed. If they where each in their own account it would be a nightmare of permission issues trying to access files across users.
Absolutely WRONG! Setting them all up on their own accounts
and reading and writing to files across accounts is ridiculously simple,
has really nothing to worry about in terms of permissions, and is
not even close to resembling any "nightmare" as you put it.

It sounds to me more of a case of you don't know how apparently. ;)

Now if someone is looking to do SEO they are out of luck as that is a violation of ICANN (and Google/MSN/etc). Even if you were able to get past those undetected, you better have one heck of a big ISP because Google only counts cross-links from different 'C Blocks', if it is the same (which most smaller hosts have) it will not make a difference. In my case a few are from a different C Block -- which is a bonus I guess -- but that wasn't the reason for it.
I know something you don't know about that! :p

Google and most of the others no longer care about IP address or
domain name as that is unknown to most not how things are indexed
and the way it is really being done is very sophisticated and very cool!

Setting up multiple domains and multiple IP addresses and cross linking
each of your sites won't do you any good whatsoever and in fact will
actually heavily REDUCE your rankings and REDUCE your indexed levels.

I wrote the new engine and crawler to one of the major search engines
and I was consulted for several others on this very topic and though I
am not at liberty to discuss how it's been done now, I can tell you that
all the SEO dabblers out there are in for a very rude awakening!
 
Last edited:

stevenc317

Well-Known Member
Jan 27, 2009
56
0
56
Absolutely WRONG! Setting them all up on their own accounts
and reading and writing to files across accounts is ridiculously simple,
has really nothing to worry about in terms of permissions, and is
not even close to resembling any "nightmare" as you put it.

It sounds to me more of a case of you don't know how apparently. ;)
I overly simplified my statements here for the sake of saving time, but let me assure you I have exhausted the techs at cPanel to come up with a solution that would work.

EX:
'System cgi' located - /home/mysystem/cgi-bin/thesystem/myCoolScript.pl
'Customer 1' located /home/mysystem/public_html/thesystem/www.CoolCustomer1.com
'Customer 2' located /home/mysystem/public_html/thesystem/www.CoolCustomer2.com

I need the cgi scripts in 'system cgi' to read and write to Customer 1 & Customer 2.

This works perfectly fine, but if you move it out into their own Accounts....
'System cgi' located - /home/mysystem/cgi-bin/myCoolScript.pl
'Customer 1' located /home/customer1/public_html/
'Customer 2' located /home/customer2/public_html/

Then you have permissions issues writing from 'mysystem' to 'customer1' or 'customer2'. This issues is easily fixed in Linux (or in the case of my other servers which are Solaris based) using FACLs and assigning those users to the same group and giving group rwx access. Simple. Well not with cPanel, it has a hissy-fit when you enable FACLs. As I said above cPanel techs went around and around with myself and my techs at Rackspace. No solutions worked.

If you have any ideas, I would honestly appreciate you input.


I know something you don't know about that! :p

Google and most of the others no longer care about IP address or
domain name as that is unknown to most not how things are indexed
and the way it is really being done is very sophisticated and very cool!

Setting up multiple domains and multiple IP addresses and cross linking
each of your sites won't do you any good whatsoever and in fact will
actually heavily REDUCE your rankings and REDUCE your indexed levels.

I wrote the new engine and crawler to one of the major search engines
and I was consulted for several others on this very topic and though I
am not at liberty to discuss how it's been done now, I can tell you that
all the SEO dabblers out there are in for a very rude awakening!
Not worth debating, because we are actually in agreement (for the most part), you just elaborated more than I did. Now if you read (or listen) to what Matt Cutts (Google) tells you that they do look at an IP address within the same C Block as spamming. While they never say (nor do I care) that an IP from a different C Block will help you, but he does say multiple links from within the same block will hurt you. Anyone that spends there day trying to spoof Google into get a few more PR points in an idiot and will get nowhere. Google tells you what they want you to do, make a good site with good content -- that is it. Anything else is a waste of time.

Now back to the point of this whole thread. Dedicated IPs for an addon website is a useful feature. But there are so many other things that cPanel needs to improve first.
 

S-Combs

Well-Known Member
Jun 10, 2004
78
0
156
[Original Topic]

The ability to modify the IP address of Add-On domains would be a very benificial addition for us and our clients as well.

Many of our commerce clients have multiple domains/stores that each require dedicated SSL.

Some of these additional domains/stores started out using only PayPal without the SSL requirement but later moved to more advanced payment gateways that do and this is where headaches begin.

[/end]
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
Thank you for bringing this thread back to its original concept. I agree with you that a dedicated IP on an 'add-on' domain basis is needed for users of SSLs.
What do you mean "bring it back" as it never left the original topic!

Incidentally, I already said SSL was a reason for a dedicated IP:
Spiral said:
Presently only 2 modes of operation legitimately fulfill the terms and
requirement of that regulation:

1) Merchant Use / SSL Encryption

2) Anonymous FTP Server
I don't argue with having dedicated IPs for addon domains, I am just simply pointing out that customers cannot have dedicated IPs for all their domains simply because "they want one". If they have a legitimate reason such as using each for e-commerce on their own SSL certificates then that would be perfectly fine to do that and there should be a setup to allow for that.

Where things become an issue and I have seen it myself is where clients ask to have a dedicated IP for all their add-on domains on their accounts and they have no legitimate purpose for allocating that under IP regulations.
 

D-Litz

Active Member
Feb 4, 2009
35
0
56
cPanel Access Level
Root Administrator
It is not possible from WHM however you can do it manually from Shell as:

If suppose your cPanel account username is "USER" and domains are:

maindomain.tld
addondomain1.tld
addondomain2.tld

Then you have to edit the following files using vim or pico editor

/var/cpanel/userdata/USER/maindomain.tld
/var/cpanel/userdata/USER/addondomain1.tld
/var/cpanel/userdata/USER/addondomain2.tld

And change the IP field to in each to your desired one.

Rebuild apache configuration file by using:

>/usr/local/cpanel/bin/build_apache_conf

Restart apache service

Edit DNS zone file of each domain and point A record to new IP.
Now does this effect cPanel updates? Will these settings stay put?

Did you happen to develop the script yet?