To configure cPanel on a Linux server in 2026, prepare a clean, supported OS (AlmaLinux, Rocky Linux, CloudLinux, or Ubuntu LTS), set a valid hostname and static IP, open cPanel/WHM ports, run the cPanel installer via SSH, complete the WHM Initial Setup Wizard, then harden security, configure DNS, enable AutoSSL, and create hosting packages.
In this step-by-step guide, you’ll learn how to configure cPanel on a Linux server from scratch using best practices that align with modern hosting standards. We’ll cover installation, WHM configuration, DNS and SSL, mail deliverability, security hardening, backups, and performance tuning—so your cPanel/WHM stack is production-ready and compliant with 2026 hosting requirements.
What You’ll Need (System Requirements & Prerequisites)
Make sure your environment meets cPanel’s current requirements. As of 2026, focus on supported, actively maintained distributions and a clean server image.
Supported Operating Systems
- AlmaLinux 8/9 (recommended for production)
- Rocky Linux 8/9
- CloudLinux 8/9 (for high-density, shared hosting)
- Ubuntu 22.04 LTS (check cPanel docs for latest supported Ubuntu LTS)
Minimum Hardware
- CPU: 2 vCPU+ (4 vCPU recommended)
- RAM: 2 GB minimum (4–8 GB recommended)
- Disk: 40 GB minimum (NVMe/SSD preferred)
- Network: Static public IPv4; NAT is supported with proper configuration
cPanel requires a valid license (trial or paid). Many providers, including YouStable, bundle cPanel licenses with VPS and Dedicated servers to simplify setup.
Step 1: Prepare the Server (Clean OS, Hostname, Networking)
A. Update the OS and install essentials
# AlmaLinux/Rocky/CloudLinux
sudo dnf -y update
sudo dnf -y install curl perl screen tar
# Ubuntu
sudo apt update && sudo apt -y upgrade
sudo apt -y install curl perl screen tarB. Set a fully qualified hostname (FQDN)
Use a valid, resolvable FQDN like server.example.com (not example.com).
sudo hostnamectl set-hostname server.example.com
echo "YOUR.SERVER.IP server.example.com server" | sudo tee -a /etc/hostsC. Ensure a static IP and working DNS resolvers
# Check IP
ip addr
# Add resolvers if needed
echo -e "nameserver 1.1.1.1\nnameserver 8.8.8.8" | sudo tee /etc/resolv.confD. Disable SELinux (RHEL-family) before install
cPanel requires SELinux to be disabled during installation.
# Temporarily
sudo setenforce 0
# Permanently (requires reboot)
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/configStep 2: Open cPanel/WHM Ports in the Firewall
Open required ports so services function correctly. If you use a cloud firewall (AWS Security Groups, etc.), allow them there too.
- WHM/cPanel: 2087 (WHM SSL), 2083 (cPanel SSL)
- Web: 80, 443
- FTP: 21 and passive range (e.g., 30000–35000)
- Mail: 25, 465, 587 (SMTP), 110, 995 (POP3), 143, 993 (IMAP)
- DNS: 53 TCP/UDP
- SSH: 22 (or your custom port)
# firewalld example (RHEL-family)
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-port=2083/tcp --add-port=2087/tcp
sudo firewall-cmd --permanent --add-port=21/tcp
sudo firewall-cmd --permanent --add-port=53/tcp --add-port=53/udp
sudo firewall-cmd --permanent --add-port=25/tcp --add-port=465/tcp --add-port=587/tcp
sudo firewall-cmd --permanent --add-port=110/tcp --add-port=995/tcp
sudo firewall-cmd --permanent --add-port=143/tcp --add-port=993/tcp
sudo firewall-cmd --permanent --add-port=30000-35000/tcp
sudo firewall-cmd --reloadStep 3: Install cPanel (Unattended via CLI)
Run the official installer on a clean server (no existing control panel). Installation can take 20–60 minutes depending on resources.
cd /home
curl -o latest -L https://securedownloads.cpanel.net/latest
sudo sh latestWhen the installer finishes, access WHM over HTTPS:
https://YOUR.SERVER.IP:2087
# or
https://server.example.com:2087Login as the root user with the server’s root password or SSH key.
Step 4: Complete the WHM Initial Setup Wizard
A. Agree to Terms & Add Contact Info
- Add a primary contact email for alerts (outages, quota, security)
- Optional SMS webhook or secondary email for redundancy
B. Networking: Hostname, Resolvers, Main IP
- Verify the FQDN hostname (server.example.com)
- Confirm resolvers (1.1.1.1, 8.8.8.8)
- Set the main shared IPv4 (and NAT settings if applicable)
C. Nameservers & DNS Role
- Choose nameservers (ns1.example.com, ns2.example.com)
- Let WHM create the necessary A records
- Later, add glue records with your domain registrar
D. Services & Security Defaults
- Enable DKIM and SPF by default for new accounts
- Enable quotas (requires reboot on some systems)
- Set AutoSSL provider (Let’s Encrypt recommended)
Step 5: Post-Install Security Hardening
A. Change SSH defaults and secure root
- Create a new sudo user and disable root SSH password login
- Use SSH keys and optionally change SSH port
# Create a sudo user
sudo useradd -m adminuser
sudo passwd adminuser
sudo usermod -aG wheel adminuser # (RHEL)
# or
sudo usermod -aG sudo adminuser # (Ubuntu)
# Edit SSH config
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshdB. Enable cPHulk and configure brute-force protection
In WHM > Security Center > cPHulk Brute Force Protection, enable and tune thresholds. Whitelist your management IPs to prevent lockouts.
C. Consider CSF/LFD firewall
ConfigServer Security & Firewall (CSF) is widely used with cPanel for granular firewall and login failure detection.
# Example install (verify latest from vendor before running)
cd /usr/local/src
sudo curl -O https://download.configserver.com/csf.tgz
sudo tar -xzf csf.tgz
cd csf
sudo sh install.sh
sudo perl /usr/local/csf/bin/csftest.plSwitch CSF from TESTING to active in /etc/csf/csf.conf and restart CSF/LFD.
Step 6: Configure DNS and Nameservers Properly
A. Register Glue Records at Registrar
- Create ns1.example.com and ns2.example.com pointing to your server IPs
- Update your domain to use these nameservers
B. Choose DNS mode
- Single-server DNS: Simple, fine for small setups
- Clustered DNS: Use multiple cPanel DNSOnly nodes for redundancy
- External DNS (Cloudflare/Route 53): Offload DNS, often improves resilience
Step 7: Enable SSL & AutoSSL (Let’s Encrypt)
Use WHM > SSL/TLS > Manage AutoSSL, choose Let’s Encrypt, and run AutoSSL for all users. This secures cPanel/WHM, webmail, and hosted domains automatically.
Step 8: Create Packages, Accounts, and Feature Sets
A. Packages
- Define disk, bandwidth, inode limits, and email/database quotas
- Create separate packages for staging vs. production workloads
B. Feature Manager
- Enable only needed tools (Git Version Control, NodeJS, Ruby, etc.)
- Reduce attack surface by disabling unused features
C. Account Creation
- WHM > Create a New Account: add domain, user, package, and contact info
- Verify SPF, DKIM, and AutoSSL post-creation
Step 9: Mail Deliverability (SPF, DKIM, DMARC, rDNS)
- SPF/DKIM: Enabled by default for new accounts; verify DNS propagation
- DMARC: Add a policy record (monitoring p=none, then quarantine/reject as you mature)
- rDNS/PTR: Set at your VPS/dedicated provider for the server’s main IP and hostname
- SMTP ports: Ensure 25/465/587 open; some clouds block 25 (use an SMTP relay if required)
Step 10: Backups, Updates, and Monitoring
A. Backups (WHM > Backup Configuration)
- Enable compressed or incremental backups
- Set retention (e.g., daily 7, weekly 4, monthly 3)
- Remote targets: S3, SFTP, or object storage for off-site safety
B. Updates
- WHM > Update Preferences: choose RELEASE or STABLE tiers
- Enable automatic updates for cPanel and system packages
C. Monitoring
- Service Monitoring: WHM > Service Manager for Exim, Dovecot, ClamAV, etc.
- Resource usage: WHM > Process Manager and system tools (top, iotop, sar)
- External uptime & SSL expiry checks (e.g., StatusCake, UptimeRobot)
Troubleshooting: Common Issues and Fixes
- WHM not loading: Confirm 2087/tcp open, check cloud firewall, verify SSL certificate
- AutoSSL fails: Ensure DNS A records resolve to your server and port 80/443 are open
- Email to Gmail/Outlook rejected: Fix rDNS, SPF, DKIM, add DMARC, warm up IP
- Slow install: Increase RAM/CPU, ensure fast mirrors, use SSD/NVMe
- Quota not working: Re-run quota setup in WHM and reboot
Best Practices for Performance and Reliability
- Use AlmaLinux/Rocky on NVMe storage; assign 2–4 GB swap
- Separate storage for backups or push off-site to object storage
- Enable HTTP/2 and Brotli at the web server level; use PHP-FPM
- Regularly audit insecure PHP versions and enable CageFS/CloudLinux if multi-tenant
- Adopt DNS clustering or external DNS to reduce single points of failure
DIY vs. Managed: When to Choose a Managed cPanel Server
If you’re short on time or Linux administration expertise, a managed cPanel server saves hours on installation, hardening, updates, and backups. At YouStable, our cPanel VPS and Dedicated solutions ship on supported Linux (AlmaLinux/Rocky), include license options, proactive security (CSF/cPHulk), off-site backups, and 24×7 optimization assistance—so you can focus on sites, not servers.
Full Command Summary (Quick Reference)
# 1) Update & essentials
dnf -y update && dnf -y install curl perl screen tar # (RHEL-family)
# or
apt update && apt -y upgrade && apt -y install curl perl screen tar # (Ubuntu)
# 2) Hostname & hosts
hostnamectl set-hostname server.example.com
echo "YOUR.SERVER.IP server.example.com server" >> /etc/hosts
# 3) Disable SELinux (RHEL-family)
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 4) Firewall (open essential ports)
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=2083/tcp --add-port=2087/tcp
firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-port=53/tcp --add-port=53/udp
firewall-cmd --permanent --add-port=25/tcp --add-port=465/tcp --add-port=587/tcp
firewall-cmd --permanent --add-port=110/tcp --add-port=995/tcp
firewall-cmd --permanent --add-port=143/tcp --add-port=993/tcp
firewall-cmd --permanent --add-port=30000-35000/tcp
firewall-cmd --reload
# 5) Install cPanel
cd /home
curl -o latest -L https://securedownloads.cpanel.net/latest
sh latest
# 6) Access WHM
# https://server.example.com:2087 (login as root)FAQs: How to Configure cPanel on Linux Server
Which Linux is best for cPanel in 2026?
AlmaLinux 8/9 and Rocky Linux 8/9 are top choices for stability and long support windows. CloudLinux 8/9 is ideal for shared hosting isolation. Ubuntu 22.04 LTS is supported by cPanel; verify the current LTS support in the official documentation.
Can I install cPanel on an existing server with websites?
cPanel must be installed on a clean OS with no other control panel. If you have existing sites, migrate them after installation using WHM’s Transfer Tool or site-level backups.
How long does cPanel installation take?
Typically 20–60 minutes depending on CPU, RAM, disk, and network. Using NVMe storage and at least 4 vCPU/8 GB RAM significantly speeds up the process.
Do I need a cPanel license for configuration?
Yes. You can use a trial initially and add a paid license later, or purchase the license via your hosting provider. Many YouStable plans include cPanel licensing to streamline setup.
Which ports must be open for cPanel/WHM?
At minimum: 2087 (WHM SSL), 2083 (cPanel SSL), 80/443 (web), 21 and passive range for FTP, 25/465/587/110/995/143/993 for mail, 53 TCP/UDP for DNS, and SSH (22 or custom). Configure both the OS firewall and any cloud-level firewalls.
Final Thoughts
You’ve learned how to configure cPanel on a Linux server end-to-end: preparing the OS, installing cPanel, finishing WHM’s setup, hardening security, enabling DNS and AutoSSL, and optimizing deliverability, backups, and performance. Prefer a turnkey path? Choose a managed cPanel VPS or Dedicated server from YouStable, and we’ll provision, secure, and maintain your stack for you.
