Trust Your Technolust

Category: cPanel

Redis sockets in cPanel and CloudLinux CageFS

Install Redis normally

Add the user to the Redis group

usermod -a -G redis YourUserHere

Open up the CageFS mount points file

nano /etc/cagefs/cagefs.mp

Add the Redis folder to the mount points.

/var/run/redis

Enable the socket in the Redis config file

nano /etc/redis.conf

Add the following:

unixsocket /var/run/redis/redis.sock
unixsocketperm 770

Every time you restart Redis the socket will disappear from the CageFS, breaking all the code using the socket, we can add extra commands to the Redis systemd unit to automatically restore it.

This is completely optional if your Redis never crashes/needs restarting, but will save headaches otherwise. The + in the command makes the command run as root, which is needed to update the CageFS skeleton.

nano /etc/systemd/system/redis.service.d/restore.cagefs.socket.conf

Add:

[Service]
ExecStartPost=+cagefsctl --force-update
ExecStartPost=+cagefsctl -M

Reload systemd

systemctl daemon-reload

 

You can now safely restart Redis as you would normally and the users you’ve added to the Redis group will be able to use sockets at /var/run/redis/redis.sock

 

This method was used to make sockets work with the wonderful XenForo Redis Addon from Xon  if you used this guide, you can them enable it by opening src/config.php and adding:

// setup Redis caching
$config['cache']['enabled'] = true;
$config['cache']['provider'] = 'SV\RedisCache\Redis';
$config['cache']['namespace'] = 'SomePrefix';
$config['cache']['config'] = [
    'host' => '/var/run/redis/redis.sock',
    'use_lua' => true,
    'serializer' => 'igbinary', // most CloudLinux installs should have this enabled, if your site presents a white screen after adding this, set to 'php'
    'database' => 1,
];

Basic cPanel Settings You Should Change

The cPanel Control Panel is a graphical interface used to manage your website’s hosting account. It provides all the tools you need to create and manage your website, including a file manager, password manager, and domain manager.

The cPanel Control Panel is easy to use and provides all the features you need to manage your website. You can use the file manager to upload and manage your website’s files, the password manager to create and manage your website’s passwords, and the domain manager to manage your website’s domains.

The cPanel Control Panel also includes a variety of other features, such as a built-in website builder, a one-click installer for popular applications, and a variety of templates you can use to create your website.

When first installing cPanel many users are going to be simply overwhelmed with the amount of options that WHM presents the server administrator, but here are some options and packages that (in our opinion) you should change or install as soon as you install it.

CSF

The CSF firewall is a one stop shop for preventing the worst brute force attacks your server will see, it will protect multiple services on a cPanel server.

Tweak Settings

Tweak settings can be found near the top of the left hand menu on WHM.

Turn OFF “BoxTrapper Spam Trap”, this options sounds good in theory, but will usually end up with you being listed on various mail block lists.

Setting “Max hourly emails per domain” to something like 5000 will at least limit the amount of spam that a single user can send

Apache Configuration > Global Configuration

Disable “Trace”, it’s a little used feature that can give an adversary more information about your server

Set “Server Signature” to Off to hide some version information on error pages

Set “Server Tokens”  to “Product Only” to hide as much information about your server setup easily.

Exim Configuration Manager > Advanced Editor

Make sure the following is set on log_selector, this gives you more data to track spammers using your server

log_selector = +arguments +subject +received_recipients

EasyApache

As a starting point we would recommend the “CloudLinux + All PHP options + OpCache +mod_lsapi” profile if you’re using CloudLinux or “All PHP options + OpCache” if you’re using a CentOS install, these are both great baseliens that should support most things your customers need.

cPanel Addons

There are a vast amount of addons you can get for your cPanel server, however there are some key ones you might want to consider depending on your use case

CloudLinux

CloudLinux is an alternative Linux distribution that is fully focussed on the security of shared systems, this in our opinion is an essential addon for any cPanel server, mainly due to the PHP selector, which allows each user to use their own PHP version, also of great use to us is the ability to separate users in to their own LVE (Lightweight Virtual Environment), this effectively stops users from spying on one anothers files.

LiteSpeed Enterprise

LiteSpeed is a fantastic server for serving high load websites, while that feature sounds great in theory it’s mostly reserved for higher load websites, so if you’re just starting out it may not make much sense to spend the extra money on this.

Imunify360

Imunify is essentially a HIPS and Anti Virus system for your cPanel (and other control panels) server. It is great for detecting malware that users have uploaded to your server in real-time, which is great for a shared hosting envvironment where users and webmasters cannot be trusted fully. This may have more limited use on internal and/or highly controlled systems but it may be worth the piece of mind for some people.

© 2024 TL;DR Tips

Theme by Anders NorénUp ↑