Subject: Mr. Teo En Ming's Guide to Deploying CentOS Web Panel (CWP) Web Hosting Control Panel on Amazon AWS Cloud ===FIRST DRAFT=== PUBLISHED 23 FEB 2020 SUNDAY, SINGAPORE, SINGAPORE I chose CentOS Web Panel because the graphical user interface is a bit like cPanel and it is free/open source. EXTREMELY DETAILED INSTRUCTIONS OF TEO EN MING'S GUIDE ====================================================== REFERENCE ========= Guide: Part 1: How I Built a cPanel Hosting Environment on Amazon AWS Link: https://wiredgorilla.com/part-1-built-cpanel-hosting-environment-amazon-aws/ Setup the Amazon AWS VPC (Virtual Private Cloud) ================================================ Go to https://us-east-2.console.aws.amazon.com/vpc/home?region=us-east-2#dashboard: Click Launch VPC Wizard. Select VPC with a Single Public Subnet. IPv4 CIDR block: 10.0.0.0/16 VPC Name: Teo En Ming VPC Public subnet's IPv4 CIDR: 10.0.0.0/24 Availability Zone: No Preference Subnet name: Public subnet Click Create VPC. Create Security Groups in Amazon AWS Cloud ========================================== Click Security Groups in the VPC Dashboard. Sub-Part 1 ========== Click Create Security Group. Security Group Name: NameServers Description: Allows access to DNS servers VPC: Teo En Ming VPC Click Create. Sub-Part 2 ========== Click Create Security Group. Security Group Name: CentOSWebPanel Description: Allows access to CentOS Web Panel VPC: Teo En Ming VPC Click Create. Sub-Part 3 ========== Select the NameServers Security Group. On the Inbound tab, click Edit. Under Type, select All Traffic. Protocol: All Port Range: 0 - 65535 Source: Anywhere Click Save. Sub-Part 4 ========== Select the CentOSWebPanel Security Group. On the Inbound tab, click Edit. Under Type, select All Traffic. Protocol: All Port Range: 0 - 65535 Source: Anywhere Click Save. Provisioning the Primary DNS Server =================================== On the EC2 Dashboard, click Instances. Click Launch Instance. Search for centos in the AWS Markpetplace. Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible). Click Continue. Select t2.micro (free tier eligible). Click Next: Configure Instance Details. Network: Teo En Ming VPC Subnet: Public subnet | us-east-2a Click Protect against accidental termination. Click Next: Add Storage Size (GiB): 8 Click Next: Add Tags Key = Name Value = ns1 Click Next: Configure Security Group Click Select an existing security group Select NameServers Click Review and Launch. Click Launch. Select Create a new key pair. Key pair name: cwp Click Download key pair. Click Launch Instances. Click Instances. Select ns1, right click and select Networking > Manage IP Addresses. Click Allocate an elastic IP to this instance. Click Allocate. Click Associate this Elastic IP Address. Instance: ns1 Click Associate. IPv4 address of Primary DNS server is 13.58.253.162 Provisioning the Secondary DNS Server ===================================== On the EC2 Dashboard, click Instances. Click Launch Instance. Search for centos in the AWS Markpetplace. Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible). Click Continue. Select t2.micro (free tier eligible). Click Next: Configure Instance Details. Network: Teo En Ming VPC Subnet: Public subnet | us-east-2a Click Protect against accidental termination. Click Next: Add Storage Size (GiB): 8 Click Next: Add Tags Key = Name Value = ns2 Click Next: Configure Security Group Click Select an existing security group Select NameServers Click Review and Launch. Click Launch. Select Choose an existing key pair. Key pair name: cwp Click Launch Instances. Click Instances. Select ns2, right click and select Networking > Manage IP Addresses. Click Allocate an elastic IP to this instance. Click Allocate. Click Associate this Elastic IP Address. Instance: ns2 Click Associate. IPv4 address of Secondary DNS server is 3.20.186.205 Provisioning CentOS 7 to Install CentOS Web Panel Later ======================================================= On the EC2 Dashboard, click Instances. Click Launch Instance. Search for centos in the AWS Markpetplace. Select CentOS 7 (x86_64) - with Updates HVM (free tier eligible). Click Continue. Select t2.micro (free tier eligible). Click Next: Configure Instance Details. Network: Teo En Ming VPC Subnet: Public subnet | us-east-2a Click Protect against accidental termination. Click Next: Add Storage Size (GiB): 30 Click Next: Add Tags Key = Name Value = CentOSWebPanel Click Next: Configure Security Group Click Select an existing security group Select CentOSWebPanel Click Review and Launch. Click Launch. Select Choose an existing key pair. Key pair name: cwp Click Launch Instances. Click Instances. Select CentOSWebPanel, right click and select Networking > Manage IP Addresses. Click Allocate an elastic IP to this instance. Click Allocate. Click Associate this Elastic IP Address. Instance: CentOSWebPanel Click Associate. IPv4 address of CentOS Web Panel is 3.21.30.127 RFERENCE ======== Guide: Connecting to Your Linux Instance Using SSH Link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.... How to SSH into Linux Instances in Amazon AWS Cloud =================================================== $ chmod 600 cwp.pem For Primary DNS Server: $ ssh -i cwp.pem centos@13.58.253.162 For Secondary DNS Server: $ ssh -i cwp.pem centos@3.20.186.205 For CentOS Web Panel: $ ssh -i cwp.pem centos@3.21.30.127 REFERENCE ========= Guide: How To Configure BIND as a Private Network DNS Server on CentOS 7 Link: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-... Configuring the Primary DNS Server ================================== $ sudo passwd $ su - # yum install bind bind-utils # yum install nano # nano /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; 10.0.0.99; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-transfer { 3.20.186.205; }; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named/named.conf.local"; # nano /etc/named/named.conf.local zone "teo-en-ming.com" { type master; file "/etc/named/zones/db.teo-en-ming.com"; # zone file path }; # chmod 755 /etc/named # mkdir /etc/named/zones # nano /etc/named/zones/db.teo-en-ming.com $TTL 604800 @ IN SOA ns1.teo-en-ming.com. ceo.teo-en-ming.com. ( 2020022301 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers - NS records IN NS ns1.teo-en-ming.com. IN NS ns2.teo-en-ming.com. ; name servers - A records ns1.teo-en-ming.com. IN A 13.58.253.162 ns2.teo-en-ming.com. IN A 3.20.186.205 ; Additional A records www.teo-en-ming.com. IN A 3.21.30.127 # named-checkconf # systemctl start named # systemctl enable named Testing the Primary DNS Server ============================== $ dig @13.58.253.162 teo-en-ming.com Configuring the Secondary DNS Server ==================================== $ sudo passwd $ su - # yum install nano # yum install bind bind-utils # nano /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; 10.0.0.76; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named/named.conf.local"; # chmod 755 /etc/named # nano /etc/named/named.conf.local zone "teo-en-ming.com" { type slave; file "slaves/db.teo-en-ming.com"; masters { 13.58.253.162; }; # ns1 private IP }; # named-checkconf # systemctl start named # systemctl enable named Testing the Secondary DNS Server ================================ $ dig @3.20.186.205 teo-en-ming.com Configuring Custom Name Servers At Your Domain Registrar ======================================================== Go to DNS management. Under host names, Set ns1 to 13.58.253.162 Set ns2 to 3.20.186.205 Set custom name servers to: ns1.teo-en-ming.com ns2.teo-en-ming.com REFERENCE ========= Guide: How to Set up a CentOS Web Panel Link: https://www.alibabacloud.com/blog/how-to-set-up-a-centos-web-panel_595183 Setting Up CentOS Web Panel =========================== $ sudo passwd $ su - # yum -y update && yum -y install wget # hostnamectl set-hostname www.teo-en-ming.com # cd /usr/local/src && wget http://centos-webpanel.com/cwp-el7-latest && sh cwp-el7-latest Started installing CentOS Web Panel at 6.24 PM on 23 Feb 2020 Sunday. Completed installing CentOS Web Panel at 6.30 PM on 23 Feb 2020 Sunday. Total duration: 6 mins ############################# # CWP Installed # ############################# Go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/ http://3.21.30.127:2030 SSL: https://3.21.30.127:2031 --------------------- Username: root Password: ssh server root password MySQL root Password: ######################################################### CentOS Web Panel MailServer Installer ######################################################### SSL Cert name (hostname): www.teo-en-ming.com SSL Cert file location /etc/pki/tls/ private|certs ######################################################### Visit for help: www.centos-webpanel.com Write down login details and press ENTER for server reboot! Please reboot the server! Reboot command: shutdown -r now # shutdown -r now Configuring CentOS Web Panel Web Hosting Control Panel ====================================================== Go to https://3.21.30.127:2031
From the left menu, click on CWP Settings, then select Edit Settings.
Admin Email: ceo@teo-en-ming-corp.com Check Activate NAT-ed network configuration. Click Save Changes.
From the left menu, click DNS Functions, then select Edit Nameservers IPs.
Name Server 1: ns1.teo-en-ming.com 13.58.253.162 Name Server 2: ns2.teo-en-ming.com 3.20.186.205 Click Save Changes. That's all. In future, go to https://www.teo-en-ming.com:2031 It works! AUTHOR: MR. TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE-----