Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web Hosting Control Panel on Amazon AWS Cloud

From: Turritopsis Dohrnii Teo En Ming
Date: Sun Feb 23 2020 - 08:22:19 EST


Subject: Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web
Hosting Control Panel on Amazon AWS Cloud

===FIRST DRAFT===

PUBLISHED 23 FEB 2020 SUNDAY, SINGAPORE, SINGAPORE

I chose CentOS Web Panel because the graphical user interface is a bit
like cPanel and it is free/open source.

EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S GUIDE
======================================================

REFERENCE
=========

Guide: Part 1: How I Built a cPanel Hosting Environment on Amazon AWS

Link: https://wiredgorilla.com/part-1-built-cpanel-hosting-environment-amazon-aws/

Setup the Amazon AWS VPC (Virtual Private Cloud)
================================================

Go to https://us-east-2.console.aws.amazon.com/vpc/home?region=us-east-2#dashboard:

Click Launch VPC Wizard.

Select VPC with a Single Public Subnet.

IPv4 CIDR block: 10.0.0.0/16

VPC Name: Teo En Ming VPC

Public subnet's IPv4 CIDR: 10.0.0.0/24

Availability Zone: No Preference

Subnet name: Public subnet

Click Create VPC.

Create Security Groups in Amazon AWS Cloud
==========================================

Click Security Groups in the VPC Dashboard.

Sub-Part 1
==========

Click Create Security Group.

Security Group Name: NameServers

Description: Allows access to DNS servers

VPC: Teo En Ming VPC

Click Create.

Sub-Part 2
==========

Click Create Security Group.

Security Group Name: CentOSWebPanel

Description: Allows access to CentOS Web Panel

VPC: Teo En Ming VPC

Click Create.

Sub-Part 3
==========

Select the NameServers Security Group.

On the Inbound tab, click Edit.

Under Type, select All Traffic.

Protocol: All

Port Range: 0 - 65535

Source: Anywhere

Click Save.

Sub-Part 4
==========

Select the CentOSWebPanel Security Group.

On the Inbound tab, click Edit.

Under Type, select All Traffic.

Protocol: All

Port Range: 0 - 65535

Source: Anywhere

Click Save.

Provisioning the Primary DNS Server
===================================

On the EC2 Dashboard, click Instances.

Click Launch Instance.

Search for centos in the AWS Markpetplace.

Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible).

Click Continue.

Select t2.micro (free tier eligible).

Click Next: Configure Instance Details.

Network: Teo En Ming VPC

Subnet: Public subnet | us-east-2a

Click Protect against accidental termination.

Click Next: Add Storage

Size (GiB): 8

Click Next: Add Tags

Key = Name

Value = ns1

Click Next: Configure Security Group

Click Select an existing security group

Select NameServers

Click Review and Launch.

Click Launch.

Select Create a new key pair.

Key pair name: cwp

Click Download key pair.

Click Launch Instances.

Click Instances.

Select ns1, right click and select Networking > Manage IP Addresses.

Click Allocate an elastic IP to this instance.

Click Allocate.

Click Associate this Elastic IP Address.

Instance: ns1

Click Associate.

IPv4 address of Primary DNS server is 13.58.253.162


Provisioning the Secondary DNS Server
=====================================

On the EC2 Dashboard, click Instances.

Click Launch Instance.

Search for centos in the AWS Markpetplace.

Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible).

Click Continue.

Select t2.micro (free tier eligible).

Click Next: Configure Instance Details.

Network: Teo En Ming VPC

Subnet: Public subnet | us-east-2a

Click Protect against accidental termination.

Click Next: Add Storage

Size (GiB): 8

Click Next: Add Tags

Key = Name

Value = ns2

Click Next: Configure Security Group

Click Select an existing security group

Select NameServers

Click Review and Launch.

Click Launch.

Select Choose an existing key pair.

Key pair name: cwp

Click Launch Instances.

Click Instances.

Select ns2, right click and select Networking > Manage IP Addresses.

Click Allocate an elastic IP to this instance.

Click Allocate.

Click Associate this Elastic IP Address.

Instance: ns2

Click Associate.

IPv4 address of Secondary DNS server is 3.20.186.205

Provisioning CentOS 7 to Install CentOS Web Panel Later
=======================================================

On the EC2 Dashboard, click Instances.

Click Launch Instance.

Search for centos in the AWS Markpetplace.

Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible).

Click Continue.

Select t2.micro (free tier eligible).

Click Next: Configure Instance Details.

Network: Teo En Ming VPC

Subnet: Public subnet | us-east-2a

Click Protect against accidental termination.

Click Next: Add Storage

Size (GiB): 30

Click Next: Add Tags

Key = Name

Value = CentOSWebPanel

Click Next: Configure Security Group

Click Select an existing security group

Select CentOSWebPanel

Click Review and Launch.

Click Launch.

Select Choose an existing key pair.

Key pair name: cwp

Click Launch Instances.

Click Instances.

Select CentOSWebPanel, right click and select Networking > Manage IP Addresses.

Click Allocate an elastic IP to this instance.

Click Allocate.

Click Associate this Elastic IP Address.

Instance: CentOSWebPanel

Click Associate.

IPv4 address of CentOS Web Panel is 3.21.30.127

RFERENCE
========

Guide: Connecting to Your Linux Instance Using SSH

Link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

How to SSH into Linux Instances in Amazon AWS Cloud
===================================================

$ chmod 600 cwp.pem

For Primary DNS Server:

$ ssh -i cwp.pem centos@xxxxxxxxxxxxx

For Secondary DNS Server:

$ ssh -i cwp.pem centos@xxxxxxxxxxxx

For CentOS Web Panel:

$ ssh -i cwp.pem centos@xxxxxxxxxxx

REFERENCE
=========

Guide: How To Configure BIND as a Private Network DNS Server on CentOS 7

Link: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-centos-7

Configuring the Primary DNS Server
==================================

$ sudo passwd

$ su -

# yum install bind bind-utils

# yum install nano

# nano /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 10.0.0.99; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { 3.20.186.205; };
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

include "/etc/named/named.conf.local";

# nano /etc/named/named.conf.local

zone "teo-en-ming.com" {
type master;
file "/etc/named/zones/db.teo-en-ming.com"; # zone file path
};

# chmod 755 /etc/named

# mkdir /etc/named/zones

# nano /etc/named/zones/db.teo-en-ming.com

$TTL 604800
@ IN SOA ns1.teo-en-ming.com. ceo.teo-en-ming.com. (
2020022301 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.teo-en-ming.com.
IN NS ns2.teo-en-ming.com.

; name servers - A records
ns1.teo-en-ming.com. IN A 13.58.253.162
ns2.teo-en-ming.com. IN A 3.20.186.205

; Additional A records
www.teo-en-ming.com. IN A 3.21.30.127

# named-checkconf

# systemctl start named

# systemctl enable named

Testing the Primary DNS Server
==============================

$ dig @13.58.253.162 teo-en-ming.com

Configuring the Secondary DNS Server
====================================

$ sudo passwd

$ su -

# yum install nano

# yum install bind bind-utils

# nano /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 10.0.0.76; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

include "/etc/named/named.conf.local";

# chmod 755 /etc/named

# nano /etc/named/named.conf.local

zone "teo-en-ming.com" {
type slave;
file "slaves/db.teo-en-ming.com";
masters { 13.58.253.162; }; # ns1 private IP
};


# named-checkconf

# systemctl start named

# systemctl enable named

Testing the Secondary DNS Server
================================

$ dig @3.20.186.205 teo-en-ming.com

Configuring Custom Name Servers At Your Domain Registrar
========================================================

Go to DNS management.

Under host names,

Set ns1 to 13.58.253.162

Set ns2 to 3.20.186.205

Set custom name servers to:

ns1.teo-en-ming.com

ns2.teo-en-ming.com

REFERENCE
=========

Guide: How to Set up a CentOS Web Panel

Link: https://www.alibabacloud.com/blog/how-to-set-up-a-centos-web-panel_595183

Setting Up CentOS Web Panel
===========================

$ sudo passwd

$ su -

# yum -y update && yum -y install wget

# hostnamectl set-hostname www.teo-en-ming.com

# cd /usr/local/src && wget http://centos-webpanel.com/cwp-el7-latest
&& sh cwp-el7-latest

Started installing CentOS Web Panel at 6.24 PM on 23 Feb 2020 Sunday.

Completed installing CentOS Web Panel at 6.30 PM on 23 Feb 2020 Sunday.

Total duration: 6 mins

#############################
# CWP Installed #
#############################

Go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/

http://3.21.30.127:2030
SSL: https://3.21.30.127:2031
---------------------
Username: root
Password: ssh server root password
MySQL root Password:

#########################################################
CentOS Web Panel MailServer Installer
#########################################################
SSL Cert name (hostname): www.teo-en-ming.com
SSL Cert file location /etc/pki/tls/ private|certs
#########################################################

Visit for help: www.centos-webpanel.com
Write down login details and press ENTER for server reboot!
Please reboot the server!
Reboot command: shutdown -r now

# shutdown -r now

Configuring CentOS Web Panel Web Hosting Control Panel
======================================================

Go to https://3.21.30.127:2031

>From the left menu, click on CWP Settings, then select Edit Settings.

Admin Email: ceo@xxxxxxxxxxxxxxxxxxxx

Check Activate NAT-ed network configuration.

Click Save Changes.

>From the left menu, click DNS Functions, then select Edit Nameservers IPs.

Name Server 1: ns1.teo-en-ming.com 13.58.253.162

Name Server 2: ns2.teo-en-ming.com 3.20.186.205

Click Save Changes.

That's all.

In future, go to https://www.teo-en-ming.com:2031

It works!

AUTHOR: MR. TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE






-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----