INSTALL WHM ON AWS WITH LVE & CLOUDLINUX

webjobsuk

Registered
Mar 13, 2021
4
3
3
unitedkingdom
cPanel Access Level
Website Owner
we need DEVOPS team to install WHM along with cloudlinux and imunify360 and AV+ and deploy a 8CPU with 16GB RAM for us so that laravel, Code Ignitor, php 5.6 to 8.0 must work with mongoDB and mysql

frameworks support must be opencart, sendgrid, mailgun, mandrill , drupal and wordpressmust wrok


domains are purchased from godaddy and nameservers are pointed to cloudflare always for all our domains



the setup will be for the following 3-4 servers mostly 3 servers as following



1 server opencart

1 server wordpress and drupal and php

1 server laravel



opencart only - this is where we host most of our sites are hosted and most of them have REST API serving the app - sample apis can be seen here www.opencart-api.com which we use for most websites





INFRASTRUCTURE WE USE



cloudflare paid and unpaid and domains are always pointed via cloudflare DNS and protecting it through its proxy for DDOS and other attacks

sucuri for mostly for few wp sites , astra and malcare and virusdie forall other sites for WP sites without sucuri we use cloudflare

AV+ and imunify360

anti-virus always-on server not sure which the hosting company provides

SendGrid / Mailgun to send out emails - we want to move to SES for only transactional emails arising out of the contact us form and successful orders placed on the website

WHM and CPANEL with CLOUDLINUX

cloudlinux setup and LVE configuration must be accurate as we use

MultiPHP Manager for PHP 7.0 (ea-php70)

PHP-FPM when not switched on in most cases the APIs don't work



CHALLENGES



1/ Opencart 3.0.2 doesn't work on 7.4 and 8.0 - anyone knows about this ?



2/ sendgrid always gets hijacked and starts sending 100k emails and the site owners gets crazy bills from SendGrid where someone spams the form or user registration form of opencart or woocommerce or wp sites



3/ developers of site owners are remote without a dedicated IP so that is something its a no.1 prioirity for us to find a solution to connect to WHM and to CPANEL without a dedicated IP at the user end



4/ VPN to the server via Cloudflare access or something to be set up which needs an expert to work on to let remote devs to access the cpanel via VPN or some other solution if AWS allows so that once their vpn user is blocked they must not be able to access the cpanel or ftp or even the backend



5/ backend is open and adding google authenticator to login in opencart made us face challenges where the cron job stopped working as the cron job is linked to admin account and we had to remove google authenticator for most opencart sites

6/ server security to ensure we are PCI compliance like siteground offers PCI compliance setup against pentest



7/ deploy servers that can pass pentest by white hat hackers



8/ deploy some other secure access where every login to backend is tracked for all sites from drupal to open cart to laravel backend

9/ as CENT OS version 8 is EOL and CENT OS 7.0 will also in few years will be EOL wondering to move to ubuntu or stay with just CENT OS 7.0
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Hey there! I'll answer these in order to make sure I don't miss anything :D

1 - I don't see anything specific about those PHP versions on the OpenCart site as it just mentions it needs to be PHP 5.4 or higher: System Requirements - OpenCart Documentation

However, I did see other users having problems with PHP 7.3 and PHP 8, so it may be an issue:


2 - This sounds like a security problem at the user level. You'll want to make sure you have the WHM >> Tweak Settings option called "Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)" enabled on the machine to prevent automated spam from being sent.

3 - There is no requirement to have a dedicated IP to log in to cPanel or WHM

4 - cPanel doesn't have any built-in VPN software. If you need that tool set up on the machine you could likely install a third-party application, but we can't guarantee it will work well with the cPanel tools.

5 - I don't really see a question related to number 5, but if the server cron isn't working properly we could check the machine for you.

6 - cPanel currently doesn't offer any type of PCI compliance service. You could work with a system administrator to get that set up, or you can perform a scan on the machine as there may not be much you need to do with a modern system.

7 - That would be up to your own security system and tools to deploy.

8 - Each individual site would have its own access logs on the system which you could review to get that information.

9 - At this point I'm still recommending CentOS 7. We do plan to release support for Ubuntu later this year, but it's not officially released just yet.