Setup and Secure CPANEL / WHM on AWS Lightsail

Today will be a refresher video on setting up Cpanel for Lightsail. A while back I did an introductory video on setting up Cpanel on Lightsail instance. This was when AWS introduced an blueprint/image of Cpanel for Lightsail instances. It was a popular video and based on comments and emails many of you found it useful. The process has changed a little so in this video I’ll walkthrough setting up

  1. Cpanel on Lightsail
  2. Perform basic security configuration and optimization
  3. Install an Antivirus software
  4. Install a Firewall
  5. Setup a couple of websites

Steps:

  1. Setup new instance.
  2. Attach a static IP
    1. Create IP and wait 2-5 minutes before attaching it to your instance
  3. Reset the password
    1. SSH into instance:
    2. Type sudo passwd
  4. In your browser load https://your_ip_address:2087 to start the setup
  5. Change / Update the trial license with the static IP (If NEEDED)
  6. Login to Server again and finish setup
  7. Check IP Address configured in Cpanel
    1. Server Configuraiton -> Basic Webhost Manager Setup. change UP
  8. Update Service Manager and turn off un-needed services.
  9. Run Security Advisor
    1. Enable Apache Jail
    2. Install ImunifyAV (or Clam AV)
    3. Update system Kernal with sudo yum -y update and reboot the system
    4. Bind MySQL to local IP only
    5. Disable remoterootlogin sudo vi /etc/ssh/sshd_config,
      1. set PermitRootLogin to no
      2. Restart SSH
  10. Install CSF firewall
    1. wget https://download.configserver.com/csf.tgz
    2. tar -xzf csf.tgz
    3. cd csf
    4. sudo ./install.sh
  11. Setup Account
  12. Configure Cpanel Site Software Add-on for WordPress
  13. Install WordPress on the account
  14. Enable ModSecurity Rules Set (OWASP® ModSecurity CRS | cPanel & WHM Documentation)