Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 60

Overview

cPanel, Inc. supports the use of cPanel & WHM inside of a Linux Container (LXC). An LXC container provides an environment that resembles a standard Linux installation, but does not require a separate kernel. For more information about LXC containers, read the Linux Containers documentation.

Run cPanel & WHM inside a Linux Container

To run cPanel & WHM inside an LXC container, we strongly recommend that you use the following settings:

Host

We strongly recommend that you use Red Hat® Enterprise Linux (RHEL) 7, or CentOS 7 as your LXC host. This configuration ensures the best compatibility with cPanel & WHM. While other Linux distributions may work, they require that the system administrator performs additional steps, which we do not support.

Guest

We strongly recommend that your LXC containers use CentOS, or RHEL 6 as a guest. A CentOS, or an RHEL 7 installation require additional steps to use it as a guest.

Privileged vs unprivileged containers

cPanel & WHM functions in both privileged and unprivileged containers. We strongly recommend that you run cPanel & WHM in a privileged container, because it expects unrestricted access to the system. 

The following limitations are inherent to an unprivileged container:

    • The host operating system treats the root user as a non-root user.
    • You cannot raise the hard limit of a process if you previously lowered it. This action could cause EasyApache 4 to fail. 
    • Subtle behavior differences may occur. 

ProxMox

If you use the Proxmox virtualization software version 4.1 to create a CentOS 6 LXC container inside which to install cPanel & WHM, you may experience the following issues:

  • MySQL®-based sites cannot connect to the databases. This is because the ProxMox LXC container creates the /var/lib/mysql/mysql.sock MySQL socket with insufficient privileges.

  • The Dovecot Mail Server does not function. This is because the ProxMox LXC container creates the files in the /var/run/dovecot/login directory with insufficient privileges.

To correct these issues, perform the following steps:

  1. Run the yum install -y acl command.
  2. Change to the /var/lib/mysql directory.
  3. Set 777 file permissions to allow the user to create MySQL sockets. To do this, run the following commands:

    # setfacl -d -m g::rwx .
    # setfacl -d -m o::rwx .
  4. Restart MySQL. To do this, run the service mysql restart command.
  5. Change to the /var/run/dovecot/login directory.
  6. Set 777 file permissions to allow the user to create files within the directory. To do this, run the following commands:

    # setfacl -d -m g::rwx .
    # setfacl -d -m o::rwx .
  7. Restart the Dovecot server. To do this, run the /usr/local/cpanel/scripts/restartsrv_dovecot command.

Required changes for CentOS 7 or RHEL 7

You must make the following configuration changes to run cPanel & WHM inside an LXC container:

  1. After you create the LXC container, change the lxc.include line in the lxc.conf file to the following line:

    lxc.include = /usr/share/lxc/config/fedora.common.conf
  2. Edit the lxc.conf file to drop setfcap and setpcap capabilities. To do this, comment the following lines:

    # lxc.cap.drop = setpcap
    # lxc.cap.drop = setfcap
  3. If your system uses AppArmor, you must uncomment the following line in the lxc.conf file: 

    lxc.aa_profile = unconfined

    Notes:

    Some system configurations will not run properly with cron inside an LXC container. Individual cron jobs fail to execute even though the cron daemon is active. This issue is a direct result of the incompatibility between the container environment and the pam_loginuid module.

    To resolve this conflict, disable the pam_loginuid module for cron with the following comment in the /etc/pam.d/crond directory:

    #
    # The PAM configuration file for the cron daemon
    #
    #
    # No PAM authentication called, auth modules not needed
    account		required	pam_access.so
    account 	include 	password-auth
    #session	required	pam_loginuid.so
    session		include		password-auth
    auth		include		password-auth

    Updates to your cron package may cause the service to reactivate. Inspect this file for changes after each system update.

Additional documentation