Web Server Setup Series - Fix CWP Errors & Warnings To Improve Server Security
Table of Contents
Welcome to the second part of the web server setup series. In this part, I’ll show you how to fix CWP (CentOS web panel) errors and warnings, create new user accounts, create hosting packages, and create an FTP account. So let’s start.
In the last part, I installed CentOS web panel on my virtual private server. If you’ve not installed it, read the first part to install CWP on your server.
Fix errors and warnings on the control panel
Set root email
When you login to the CWP control panel, you’ll see several errors popping up in the header. It’s important to fix these errors before moving forward.
The panel requires a root email account for further notifications from the control panel. To fix it, click the button ‘Set root email’ and type your email address.
You can also forward all system emails to the root email. Hit save to save the changes.
After setting up root email, log out of the panel and log back in.
Change default SSH port
The SSH protocol is a method to securely connect to remote server. The default port for SSH communication is 22. It is suggested to change the default SSH port 22 to something else to improve the security of our server.
Change default SSH port by either clicking the link on the error /etc/ssh/sshd_config or from the sidebar options.
Now to set the ssh port manually, uncomment the line “Port 22” and replace 22 with your desired port. To uncomment, remove the hash ‘#’.
Now save settings. We also need to update port number in the firewall settings so that we can connect through the new port.
From the sidebar go to Security > Firewall Manager.
Click Configuration > Main Configuration and it will open up the settings. Now search the following TCP incoming and outgoing ports and add your ssh port in here.
Now save changes and restart SSH server and firewall.
Enable Firewall. If you had already enabled it before adding port, then restart it.
And that’s it. You have changed the default SSH port, allowing the connection through that port in the firewall. Now re-login to the panel and the message to update the port should go away. If you still see the message, make sure to save the changes after changing the port.
And that’s all. We have fixed all the warnings. If you still see some of the initial warnings, please check you saved the settings after making changes. Also, remember that from now on we’ll have to provide the SSH port while connecting to the server otherwise you’ll get error “Connection refused“. ssh username@server-ip -p port-number
Create hosting packages
In the future, you’ll have multiple users or clients hosting their own websites on your server. You can charge your clients based on the resources you provide to them. For example, you can create a package for new developers allowing them 1GB storage, 1GB bandwidth, 2 email accounts, 2 FTP accounts, etc. You can do that by creating a new package.
Packages allow the admin to easily control the resources on the server. To create a new package, from sidebar click the Package > Add a package. It’ll show you the following screen.
It’s very simple to add a package. Fill in all the fields and hit the create button. You can leave a field empty and cwp will assign a default value to that field.
You can create multiple packages and when creating an account, you’ll be given an option to assign that user a package. We’ll see that in the next step.
You can see all the packages by going to Packages > List packages.
Create a new User account
After creating multiple packages, it’s time to create a user. Creating a new user is also very easy. Go to User accounts > New account.
In the first field enter the domain name that the user wants to point to the server. Enter a username, password, email account, Server IP, and packages. You can see all the packages that you have created plus a default one. Select a package for this account.
In the screenshot the Inode option is hidden. Inode means the number of files that the user can host on the server storage. All other options are pretty clear. Just fill them, hit Create button and the user has been created.
Now it’ll print all the new user details such as username, password, email address and the login panel for the user. Save this somewhere in a document. Now notice that the login panel for this new user is not the same for admin. For admin, we have server-ip:2030 but for users the panel allows dashboard access at server-ip:2082.
Now visit server-ip:2082 which is user login page.
Enter the username and password.
The user dashboard has fewer options than the root dashboard. Server stats and processes should not be visible to all users so they’re not appearing on the user dashboard. Right sidebar shows all the resources available to the user such as databases, emails, domains, and FTP accounts. Some quick actions such as antivirus scan and file system lock are also in the right sidebar.
All other management options are under sidebar navigation menu and dashboard. I’ll suggest you take a look at these options one by one so that you can get the idea what cwp can do.
Hide all processes if not owned by the user is NOT activated on your server
After creating a new user, you will see another warning on the root user dashboard. On the panel, you can monitor all the processes running the server. By default, all users’ processes are visible. The panel recommends hiding the processes if not owned by current user. Click the link in the error and it’ll take you to the settings page.
Click “Enable protection” and that’s it.
hide all processes in cwp panel security hide all processes cwp activated
Create FTP account
If admin has allowed FTP account to the user, then FTP accounts can be created right from the dashboard option. Click FTP accounts.
add ftp account create ftp accounts in cwp orig
Click FTP accounts and click create FTP account. You’ll have the following dialogue. Simply fill in the information and that’s it. Now you can use FTP clients such as Filezilla to connect to the server.
Conclusion
So this was the second part of web server setup series. We have fixed all the warnings, improving the security of our server. In this part, I also wanted to point a domain to our server but due to the length of this article, I’m going to do that in the next article. If you have any suggestions or doubt then do tell me in the comment section below.
LinuxAndUbuntu Newsletter
Join the newsletter to receive the latest updates in your inbox.