Setup WHM & cPanel on Google Cloud with Mod_PageSpeed

Setting up Google Cloud


So you're looking for the resources to setup WHM & cPanel on Google Cloud? Well, we have that as well as how to setup Mod_PageSpeed!

Google Cloud Documentation: https://cloud.google.com/compute/docs/

Create Project



  1. Go to https://console.cloud.google.com/project and Sign In

  2. Click Create Project

  3. Type [PROJECTNAME]

  4. Click Create

  5. Add any other people you need to work on the project through IAM


Create Instance



  1. Click [PROJECTNAME]

  2. Click Menu (3 bars) >> Compute Engine

  3. Click Create Instance

  4. Enter the following:phg

    1. Name: [INSTANCENAME]

    2. Zone: europe-west1-d

    3. Machine Type: [MACHINETYPE]

    4. Click Change in Boot disk and choose:

      1. CentOS 7

      2. Boot disk type: SSD persistent disk

      3. Size: [DISKSIZE]



    5. In Firewall

      1. tick Allow HTTP traffic

      2. tick Allow HTTPS traffic



    6. Click Create



  5. Make a note of the IP address in the project variables list


Reserve IP Address



  1. Click Menu (3 bars) >> VPC network >> External IP addresses

  2. Click Ephemeral on the row that has VM instance [INSTANCENAME]

  3. Select Static

  4. In Name enter [INSTANCENAME]

  5. Click Reserve


Create Firewall Rules



  1. In Google Cloud click Firewall Rules

  2. Click CREATE FIREWALL RULE

    1. In Name enter cpanel

    2. In Source filter enter Allow from any source (0.0.0.0/0)

    3. In Allowed protocols and ports enter: tcp:20; tcp:21; tcp:22; tcp:25; tcp:26; tcp:37; tcp:43; tcp:53; udp:53; tcp:80; tcp:110; tcp:113; tcp:143; tcp:443; tcp:465; udp:465; tcp:587; tcp:783; udp:783; tcp:873;udp:873; tcp:993; tcp:995; tcp:2073; tcp:2077; tcp:2078; tcp:2079; tcp:2080; tcp:2082; tcp:2083; tcp:2086; tcp:2087; tcp:2089; tcp:2095; tcp:2096; tcp:2525; udp:2525; tcp:3306; udp:50000-60000;tcp:50000-60000

    4. Click Create







Preparing Server on SSH


Update Root Password



  1. Click SSH button on the instance row

  2. sudo su -

  3. passwd

  4. Using LastPass generate a new password, copy it, and make a note of it

  5. Paste the password and press enter (it will look like there has been nothing pasted in, still press enter)

  6. Paste the password again and press enter

  7. Add the password to LastPass


Installing screen



  1. yum install screen

  2. y


Change Hostname



  1. Change Hostname: hostname [SERVERNAME]


Create A Record



  • Add an A record to your DNS management system for [SEVERNAME] with the IP address which can be found on Google Cloud under your project instance





Installing Cloud Linux (Optional)


Buy Cloudlinux License



Downloading Cloudlinux



  1. On SSH enter the following:

  2. wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy

  3. sh cldeploy -k [CLOUDLINUX KEY]

  4. On completion, on SSH enter the following:

  5. reboot





Installing WHM


WHM Documentation: https://documentation.cpanel.net/

Buy WHM License



Downloading WHM



  1. On SSH enter the following:

  2. screen

  3. cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

  4. /usr/local/cpanel/cpkeyclt

  5. /usr/local/cpanel/bin/checkallsslcerts


Initial WHM Setup



  1. Navigate to http://[SERVERNAME]:2087 (you might have to initially navigate to https://[SERVERIP]:2087 , just note your IP in Google Cloud Engine)

  2. Login using root as the username

  3. Step 1: Click I Agree/Go To Step 2

  4. Step 2:

    1. Enter your chosen email as the Server Contact Email Address (e.g. sys@[SERVERTLD])

    2. Enter 8.8.8.8 as the Primary Resolver

    3. Enter 8.8.4.4 as the Secondary Resolver

    4. Enter 1.1.1.1 as the Tertiary Resolver (optional)



  5. Click Save & Go to Step 3

  6. Click Skip This Step and Use Default Settings

  7. Click Save & Go to Step 5

  8. Click Skip This Step and Use Default Settings

  9. Click Finish Setup Wizard

  10. Click Go to WHM

  11. Click Save Settings


Configuring WHM Settings


Configure Apache



  1. Go to https://[SERVERNAME]:2087 and login as root

  2. Go to Software >> EasyApache 4

  3. Click Customize

  4. Make sure the following is ticked.

  5. Click Apache Modules

    1. mod_bwlimited

    2. mod_cache

    3. mod_cache_disk

    4. mod_cache_socache

    5. mod_cgi

    6. mod_cpanel

    7. mod_data

    8. mod_dav (optional)

    9. mod_dav_fs (optional)

    10. mod_deflate

    11. mod_env

    12. mod_expires

    13. mod_file_cache

    14. mod_headers

    15. mod_imagemap

    16. mod_mime_magic

    17. mod_mpm_prefork

    18. mod_proxy

    19. mod_proxy_fcgi

    20. mod_proxy_ftp

    21. mod_proxy_html

    22. mod_proxy_http

    23. mod_proxy_scgi

    24. mod_proxy_wstunnel

    25. mod_security2

    26. mod_socache_memcache

    27. mod_ssl

    28. mod_suexec

    29. mod_suphp

    30. mod_unique_id

    31. mod_version



  6. Click PHP Versions

    1. php56 (Optional, don't use if you don't have any 5.x sites currently)

    2. php70

    3. php71

    4. php72



  7. Click Php Extensions ( Make sure to tick all versions of each extensions )

    1. libc-client

    2. pear

    3. php-bcmath

    4. calendar

    5. cli

    6. common

    7. curl

    8. devel

    9. fileinfo

    10. fpm

    11. ftp

    12. gd

    13. iconv

    14. imap

    15. ioncube10

    16. litespeed (optional for LSWS)

    17. mbstring

    18. mcrypt

    19. mysqlnd

    20. pdo

    21. posix

    22. soap

    23. sockets

    24. xml

    25. zendguard

    26. zip

    27. intl

    28. runtime



  8. Click Review

  9. Save as Profile (for use in deploying another server later, or restoring the current one)

  10. Click Provision

  11. Click Done





Apache Config File Optimizations



  1. Go to Service Configuration >> Apache Configuration

  2. Click Include Editor

  3. Under “Post VirtualHost Include” select “All versions” from the dropdown

  4. In the text area paste the following code:


## EXPIRES CACHING ##
<IfModule mod_expires.c>
 # Enable expirations
 ExpiresActive On
 # Default directive
 ExpiresDefault "access plus 1 month"
 # My favicon
 ExpiresByType image/x-icon "access plus 1 year"
 # Images
 ExpiresByType image/gif "access plus 1 month"
 ExpiresByType image/png "access plus 1 month"
 ExpiresByType image/jpg "access plus 1 month"
 ExpiresByType image/jpeg "access plus 1 month"
 # CSS
 ExpiresByType text/css "access plus 1 month"
 # Javascript
 ExpiresByType application/javascript "access plus 1 year"
 # PDF
 ExpiresByType application/pdf "access plus 1 month"
 # Flash
 ExpiresByType application/x-shockwave-flash "access plus 1 month"
</IfModule>
## EXPIRES CACHING ##
## ENABLE GZIP COMPRESSION ##
<IfModule mod_deflate.c>
 # Compress HTML, CSS, JavaScript, Text, XML and fonts
 AddOutputFilterByType DEFLATE application/javascript
 AddOutputFilterByType DEFLATE application/rss+xml
 AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
 AddOutputFilterByType DEFLATE application/x-font
 AddOutputFilterByType DEFLATE application/x-font-opentype
 AddOutputFilterByType DEFLATE application/x-font-otf
 AddOutputFilterByType DEFLATE application/x-font-truetype
 AddOutputFilterByType DEFLATE application/x-font-ttf
 AddOutputFilterByType DEFLATE application/x-javascript
 AddOutputFilterByType DEFLATE application/xhtml+xml
 AddOutputFilterByType DEFLATE application/xml
 AddOutputFilterByType DEFLATE font/opentype
 AddOutputFilterByType DEFLATE font/otf
 AddOutputFilterByType DEFLATE font/ttf
 AddOutputFilterByType DEFLATE image/svg+xml
 AddOutputFilterByType DEFLATE image/x-icon
 AddOutputFilterByType DEFLATE text/css
 AddOutputFilterByType DEFLATE text/html
 AddOutputFilterByType DEFLATE text/javascript
 AddOutputFilterByType DEFLATE text/plain
 AddOutputFilterByType DEFLATE text/xml
 # Remove browser bugs (only needed for really old browsers)
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 Header append Vary User-Agent
</IfModule>
## ENABLE GZIP COMPRESSION ##


  1. Click Update

  2. Click Restart Apache





Configuring PHP



  1. Go to Software >> MultiPHP INI Editor

  2. Under Select PHP Version go through each version and configure the following:

  3. allow_url_fopen = Enabled

  4. Ignore: max_execution_time = 360

  5. Ignore: max_input_time = 180

  6. Ignore: memory_limit = 512M

  7. Ignore: upload_max_filesize = 256M

  8. Ignore: In “Editor Mode” post_max_size = 256M

  9. In “Editor Mode” always_populate_raw_post_data = -1

  10. Click Save


Disable Compiler



  1. Go to Security Center >> Compiler Access

  2. Click Disable Compilers


Configure open_basedir Fix



  1. Go to Security Center >> PHP open_basedir Tweak

  2. Tick Enable php open_basedir Protection.

  3. Click Save


Configure Shell Fork Bomb Protection



  1. Go to Security Center >> Shell Fork Bomb Protection

  2. Click Enable Protection


Disable Traceroute



  1. Go to Security Center >> Traceroute Enable/Disable

  2. Click Disable


Configure Shell Fork Bomb Protection



  1. Go to Security Center >> Shell Fork Bomb Protection

  2. Click Enable Protection


Allow SMTP on Port 2525



  1. Go to Service Configuration >> Service Manager

  2. Tick both boxes next to Exim Mail Server (on another port) to 360

  3. Change Allow exim to listen on a port other than 25. to 2525

  4. Click Save


Install ClamAV and Munin



  1. Go to cPanel >> Manage Plugins

  2. Click Install ClamAV for cPanel

  3. Click Install Munin for cPanel


Default Show All on List Accounts



  1. Go to Server Configuration >> Tweak Settings

  2. Click Display

  3. Number of accounts per page to display in “List Accounts”. = All

  4. Click Save


Prevent “nobody” from sending mail & Disable Horde and Squirrel



  1. Go to Server Configuration >> Tweak Settings

  2. Click Mail

  3. Prevent “nobody” from sending mail = On

  4. Enable Horde Webmail = Off

  5. Enable Mailman mailing lists = Off

  6. Enable Roundcube webmail = Off

  7. Enable SquirrelMail webmail = Off

  8. Click Save


Restrict Spam on Server



  1. Go to Service Configuration >> Exim Configuration Manager

  2. Under the RBLs section:

    1. Click On for RBL: bl.spamcop.net

    2. Click On for RBL: zen.spamhaus.org



  3. Under the Apache SpamAssassin™ Options section

    1. Click On for Apache SpamAssassin™: Forced Global ON

    2. Click On for Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting

    3. Click On for Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting



  4. Click Save


Change hostname



  1. Go to Networking Setup >> Change Hostname

  2. In New Hostname enter: [FQDN] (your fully qualified domain name)

  3. Click Change


Edit default Quota Plan



  1. Go to Packages >> Edit a Package

  2. Click default

  3. Click Edit

  4. Change the following:

    1. Disk Quota (MB): 5000

    2. Monthly Bandwidth (MB): 100000

    3. Max FTP Accounts: 5

    4. Max Email Accounts: 0

    5. Max Email Lists: 0

    6. Max Databases: 1

    7. Max Subdomains: 5

    8. Max Parked Domains: 5

    9. Max Addon Domains: 5

    10. Maximum Hourly Email by Domain Relayed: 250

    11. Maximum percentage of failed or deferred messages a domain may send per hour: 250

    12. Click Save Changes







Graceful Server Reboot



  1. Go to System Reboot >> Graceful Server Reboot

  2. Click Proceed





Mod_PageSpeed Setup


On SSH enter the following:

  1. yum install rpm-build cpio ea-apache24-mod_version

  2. wget https://github.com/pagespeed/cpanel/raw/master/EA4/ea-apache24-mod_pagespeed-latest-stable.src.rpm

  3. rpmbuild --rebuild ea-apache24-mod_pagespeed-latest-stable.src.rpm

  4. rpm -ivh /root/rpmbuild/RPMS/x86_64/ea-apache24-mod_pagespeed*.rpm

  5. /etc/init.d/apache2 restart or service httpd restart


Note: 1- if you get following error on Step 3 :
"RPM build errors:
File must begin with "/": %_httpd_moddir/*.so
File must begin with "/": %_httpd_modconfdir/*.conf"

Just create a file named "macros.apache2" in '/etc/rpm/ directory and paste the below content into that and then restart from step 3.
%_httpd_mmn 20120211x8664
%_httpd_apxs /usr/bin/apxs
%_httpd_dir /etc/apache2
%_httpd_bindir %_httpd_dir/bin
%_httpd_modconfdir %_httpd_dir/conf.modules.d
%_httpd_confdir %_httpd_dir/conf.d
%_httpd_contentdir /usr/share/apache2
%_httpd_moddir /usr/lib64/apache2/modules

The installation script will copy "pagespeed.conf" file into " /usr/local/apache/conf/ " or " /etc/apache2/conf.modules.d" on your server. Documentation for Mod_PageSpeed can be found here.

Check back with us for more updates, and the videos coming wednesday! https://lemacksmedia.com

Comments

Post a Comment

Popular posts from this blog

Gmail confidential mode launching on by default on June 25, 2019

Image
Originally Posted on Google's G Suite Updates Blog What’s changing Earlier this year, we announced the launch of Gmail confidential mode for G Suite in beta. On June 25, 2019, this feature will become generally available and your users will have the option to send emails with confidential mode. At launch, confidential mode will be set to default ON for all domains with Gmail enabled, unless you choose to disable this feature (see instructions below). Who’s impacted Admins and end users Why you’d use it Confidential mode provides built-in information rights management controls in your emails by allowing senders to create expiration dates and revoke previously sent messages. Because a sender can require additional authentication via text message to view an email, it’s also possible to protect data even if a recipient’s email account has been hijacked while the message is active. Additionally, with confidential mode, recipients don’t have the option to forward, copy, print, or downl
Read more

Check out the new G Suite Learning Center

Image
Originally Posted on Google's G Suite Updates Blog What’s changing We’re launching a revamped G Suite Learning Center . Who’s impacted Admins and end users Why you’d use it This completely redesigned site features 300+ guides and customer-friendly enhancements, including: An Announcements tab with lists of new and updated Learning Center guides. A “Day 1” checklist to help new G Suite users get started on their first day. An improved search function to help you find help and training content across the G Suite Learning Center. Guides that are easier to print and save as PDFs or customize in Google Docs and Slides. How to get started Admins and end users: The new G Suite Learning Center can now be found at support.google.com/a/users, but you can still use the old web address gsuite.google.com/learning-center. Additional details This initial launch is for the English language site only. In the coming months, we’ll release our revamped Learning Center in Japanese, Spanish, Portugue
Read more

Bulk-export Hangouts Meet hardware fleet information

Image
Originally Posted on Google's G Suite Updates Blog What’s changing We’ve added the ability to export detailed information about all Hangouts Meet hardware devices in a domain to a Google Sheet or CSV file in a single action. Who’s impacted Admins only Why you’d use it Having access to up-to-date information about all Meet devices allows G Suite admins to better understand usage across their entire organization by: Populating data for reports/dashboards Auditing organization-wide peripherals usage Analyzing data for external systems such as ticket/support system or financial functions such as asset tracking or inventory management How to get started Admins: To export your list of devices, follow the steps in the Help Center. After completion, the results will be available from the Tasks icon at the top of the page. Depending on the selected format the information can then be viewed in Google Sheets, or downloaded as a CSV file. End users: No action required Additional information T
Read more