Child pages
  • How to Build a Hosting Environment on Amazon AWS
Skip to end of metadata
Go to start of metadata

Overview

Warning:

This document describes an unsupported method that we do not guarantee will work in the future.

  • We are not responsible for any data loss that an attempt to perform these steps causes.
  • We strongly recommend that you read Amazon’s AWS User Guide before you begin this process.

This document provides the steps to build a production cPanel & WHM hosting environment on top of Amazon’s AWS cloud service. Amazon’s AWS platform exists behind a NAT infrastructure. This infrastructure provides a solid hosting architecture that uses the following Amazon AWS features

This document assumes that you will use dedicated DNS instances, but you could also use these instructions on dual-use instances that serve as both web servers and nameservers.

Build a hosting environment on Amazon AWS


 

Before you begin.

Before you attempt this process, make certain that you fulfill the following prerequisites:

  • You must have a working knowledge of system administration and networking principles.
  • You must be familiar with cPanel & WHM and cPanel DNSONLY.
  • You must have an active AWS account.

For more information, read the following Amazon AWS documentation:

 


 

Set up your Virtual Private Cloud.

To set up your Amazon Virtual Private Cloud (VPC), navigate to the Amazon VPC console and create a VPC. When you create the VPC, enable the VPC with a Single Public Subnet Only setting.

 


 

Create security groups.

Security groups are firewall rules that apply on a per-instance basis. All configurations require primary security groups for nameserver and web servers.

In the Amazon VPC console, create a new security group and open the firewall ports for cPanel & WHM services. For more information about cPanel & WHM's port configuration requirements, read our How to Configure Your Firewall for cPanel & WHM's Services documentation.

Notes:

  • You should only need to execute this step one time, when you create your first Amazon AWS configuration. We recommend that you save the security group and utilize it for any additional configurations that you create.
  • Some configurations may require additional security groups.
  • If all of the inbound and outbound traffic at the firewall level is pass-through, use a software-based firewall.

 


 

Create an Amazon EC2 instance.

Use the Amazon EC2 console to create an Amazon EC2 instance with the following settings:

  • Enable CloudWatch Monitoring
  • Enable the Termination Protection setting.
  • Select Stop as the Shutdown Behavior setting.
  • Configure the EC2 instance to use the security groups that you created in Step 3.

Note:

We recommend that you use a standard naming schema (for example, set Name to the hostname of the instance and create an additional Type key that you set to the function of the instance).

 


 

Allocate and associate an elastic IP address.

To allocate and associate an elastic IP address (EIP), use the Amazon VPC console. When you allocate EIPs, you must select the Allow Reassociation checkbox.

 


 

Install cPanel & WHM.

Use the instructions in our Installation Guide documentation to install the desired cPanel products (cPanel & WHM or cPanel DNSONLY).

 


 

Change the root password.

Log in to the system via SSH as the root user, and use the passwd command to change the system's root password.

 


 

Complete the Initial Setup Wizard interface.

Navigate to https://192.0.2.123:2087, where 192.168.0.123 represents the new instance's EIP address, log in to WHM, and complete the steps in WHM's Initial Setup Wizard interface.

Important:

Because you will implement a clustering environment, do not run local DNS services. Select Disabled under Nameserver Configuration.

 


 

Verify your 1:1 NAT setup.

To verify that the system properly detected your NAT configuration and mapped it to the correct IP address, perform the following steps:

  1. Navigate to WHM's Basic WebHost Manager Setup interface (Home >> Server Configuration >> Basic WebHost Manager Setup).
  2. Make certain that the The IP address that will be used for setting up shared IP virtual hosts setting displays your public IP address. 
    • If the setting does not display the correct public IP address, enter the correct IP address in the Internet/Local IP text box and click Save Changes.
    • If this setting displays your private IP address, the system did not properly detect your NAT configuration. For more information, read the Force NAT mode section below.
  3. Navigate to WHM's Show or Delete Current IP Addresses interface (Home >> IP Functions >> Show or Delete Current IP Addresses).
  4. If the system properly detected the NAT configuration, a NAT Mode section will display the mapped local and public IP addresses. Click Validate to test the NAT configuration.

Warning:

cPanel & WHM and cPanel DNSONLY only support 1:1 NAT configurations for use with fresh installations.

 


 

Configure the DNS cluster.

Important:

Only perform this step and Step 11 if you intend to run more than one DNS server in your hosting environment.

To configure your DNS cluster, perform the following steps:

  1. Navigate to https://nameserver:2087/, where nameserver represents the instance's hostname, and log in as the root user.
  2. Navigate to WHM's DNS Cluster interface (Home >> Clusters >> DNS Cluster).

  3. Select Enable DNS Clustering and click Change.
  4. Click Return to Cluster Status.
  5. Navigate to WHM's Remote Access Key interface (Home >> Clusters >> Remote Access Key).

  6. Copy the remote access key to your clipboard or into a text document.
  7. In a new browser tab, navigate to https://webserver:2087/, where webserver represents another instance's hostname, and log in as the root user.
  8. Repeat steps 2 through 4 to enable DNS clustering.
  9. In WHM's DNS Cluster interface (Home >> Clusters >> DNS Cluster), enter the appropriate information to add the nameserver to the DNS cluster.

    • Select the Setup Reverse Trust Relationship checkbox.
    • From the DNS Role menu, select Synchronize Changes
  10. Click Submit. The server will attempt to establish a trust relationship with the DNS cluster. If the connection succeeds, the following verification messages will display, where nameserver-ip is the IP address of the nameserver:

    The Trust Relationship has been established...
    The new role for nameserver-ip is sync. 
  11. Click Return to Cluster Status.
  12. Repeat steps 5 through 10 for your secondary nameserver.

 


Verify that the system properly configured your DNS cluster.

To verify that the system properly configured your DNS cluster, perform the following steps:

  1. Navigate to https://virtualserver:2087/, where virtualserver represents your virtual server's hostname, and log in as the root user.
  2. Navigate to WHM's DNS Cluster interface (Home >> Clusters >> DNS Cluster).

  3. Verify that a relationship with each of your nameservers displays in the Servers in your DNS cluster table, and that the DNS role is Synchronize Changes.
  4. In a new browser tab, navigate to https://nameserver:2087/, where nameserver is your primary nameserver's hostname, and log in as the root user.
  5. Navigate to WHM's DNS Cluster interface (Home >> Clusters >> DNS Cluster).

  6. Verify that a relationship with your virtual server displays in the Servers in your DNS cluster table, and that the DNS role is Standalone.
  7. Repeat steps 4 through 6 for your secondary nameserver.

Notes:

  • Occasionally, the interface may display the trust relationship for the virtual server but not for the nameserver, or you may see authentication errors. To resolve this issue, follow Step 11 to create the access key and add the server to the cluster for both the virtual server and the nameserver.
  • DNS clustering may fail if your firewall rules do not open the proper ports. For more information, read our How to Configure Your Firewall for cPanel & WHM's Services documentation.
  • After you set up the DNS cluster, configure your server as you would any other NAT implementation with cPanel & WHM.

 

Force 1:1 NAT detection


In some cases, the system will not properly detect 1:1 NAT mode. If the The IP address that will be used for setting up shared IP virtual hosts setting displays a local IP address rather than a public IP address, you must force the system to detect your 1:1 NAT configuration. 

To force 1:1 NAT detection, perform the following steps:

  1. Use SSH to log in as the root user.
  2. Run the following command:

    /scripts/build_cpnat

    If the system detects 1:1 NAT, you will see output that resembles the following example:

    info [build_cpnat] 10.0.0.12 => 54.208.28.232
  3. Repeat the steps in the Verify your 1:1 NAT setup section above to ensure that the system detected and mapped your IP address correctly.

Remember:

cPanel, Inc. and cPanel Technical Support do not provide assistance with these methods.

Additional documentation

There is no content with the specified labels

There is no content with the specified labels