Best Practices for cPanel Virtualization Templates
Last modified: November 12, 2020
While we recommend and support the use of the usual cPanel & WHM installation process, it may require more time than is necessary for Virtual Private Server (VPS) and Virtual Machine (VM) hosts. Instead, you can provision VPS or VM systems with a templated cPanel & WHM environment.
If you offer template installations of cPanel & WHM, we recommend that you become a cPanel Partner.
cPanel Partners can use our API to automatically provision their own cPanel & WHM, CloudLinux™, and KernelCare licenses through their billing system.
cPanel Partners can also enable or disable some very specific options within WHM.
For more information, see our Partner NOC requirements.
Get a development license
Before you begin, apply for a free development license via our Developer License Application.
Apply for one license per template.
IP addresses are specific to each template.
Create a minimal installation for templating
When you create templates, we recommend:
Creating only 64-bit templates. cPanel & WHM does not support 32-bit systems.
Keeping templates small (virtual disks of 10 GB or smaller). After you convert the template for a customer’s VPS, use your virtualization software to automatically expand its virtual disk capacity to a 20 GB minimum.
Pre-installation configuration files
We provide extensive documentation on preconfiguring cPanel & WHM. For more information, read our Installation Guide.
In most cases, preconfiguring these files removes the need to log in to the VPS or VM before you grant access to your customer.
We recommend that you customize the following files:
This file allows you to configure cPanel & WHM’s release tier and other update settings.
Users can change these settings within WHM at any time. Most of these settings appear in WHM’s Update Preferences interface (WHM >> Home >> Server Configuration >> Update Preferences)
You cannot downgrade major versions, and you cannot change a server’s release tier to circumvent this restriction.
For more information, read our Product Versions and the Release Process and The cPanel & WHM Update Configuration File — cpupdate.conf documentation.
This file determines the locations that your server downloads updates from.
By default, cPanel & WHM servers retrieve updates directly from cPanel, L.L.C. through our
httpupdate.cpanel.netpool of update servers.
If you are a cPanel Partner with your own FastUpdate server, you can edit the
HTTPDUPDATEsetting to only update from that FastUpdate server:
For more information, read our Customize Your Installation documentation.
This file contains basic server information for cPanel & WHM, including the IP address, nameservers, and home directory.
This file contains extensive configuration options for cPanel & WHM.
cPanel & WHM installation
After you finish preconfiguring your installation, you can install cPanel & WHM. For more information, read our Installation Guide.
After you have successfully installed cPanel & WHM, you can set new defaults. You can also secure SSH or update your security configuration.
We recommend that you do not log in to WHM while making the template. If you do, remove the
/etc/.whostmgrftfile before publishing the template.
Do not shut down the VM to create the template until after you perform these steps.
Prevent locked licenses
To ensure that cPanel, L.L.C. doesn’t lock your development license, we strongly recommend creating one VM per template and maintaining it. This will:
Require one license and one IP address per templating VM.
Ensure that cPanel, L.L.C. doesn’t lock your license or licenses.
Allow you to start the VM again to perform updates.
Run the following commands to ensure that cPanel, L.L.C. does not lock your license:
rm -f /usr/local/cpanel/cpanel.lisc
The following BASH script runs these commands:
Avoid security vulnerabilities
To avoid security issues before you finalize your template:
Remove the generated SSH host keys and temporary files.
Clear the hostname from within the operating system and the
Finalize your template
Your templates must meet, and we recommend that they exceed, our system requirements. Most providers offer a few different templates.
Each VPS or VM needs a SWAP file or partition. Partitions must have at least 256 MB.
After you finish the post-installation tasks, and before you deploy your VPS or VM, finalize your template. Make certain to perform each of the following actions:
ADDRvalue in the
/etc/wwwacct.conffile with the main IP address for the VPS or VM.
Automatically run the
/usr/local/cpanel/bin/set_hostnamescript on the first boot of the image before any cPanel & WHM services start. You can either randomize the hostname or set the hostname based on your customer’s choice.
If you run a 1:1 NAT environment, run the
/scripts/build_cpnatscript to build your NAT file.
/scripts/rebuildhttpdconfscript to rebuild your Apache configuration with the correct addresses.
The following BASH script performs all of these tasks except for updating the
When you deploy the customer’s VPS, you must automatically update some files.
If you use the
libguestfs virt-sysprepcommand, you can do this via the
If you use a tool such as
libguestfs virt-sysprepto help finalize your template, ensure that you do not accidentally remove any user accounts or cron jobs.
If you do not use the
libguestfscommand, consult your hypervisor’s documentation for an alternative option to run scripts or commands upon first boot.
Updating your templates over time
As cPanel, L.L.C. releases updates, you will need to update your templates.
To avoid this situation, plan regular updates on all of your templates.
To run a cPanel & WHM update for your template, run the following commands:
yum update -y /scripts/upcp
Before you shut down the VM or VPS to recreate the template, run the same commands from the Prevent locked licenses section above. If you don’t, your license may become locked.
Common OpenVZ and Virtuozzo issues
You may experience some common issues when you use OpenVZ or Virtuozzo.
On CentOS 7 or 8, CloudLinux 7 or 8, or Red Hat® Enterprise Linux® 7, your hostname may not meet the requirement for a Fully Qualified Domain Name (FQDN).
Virtuozzo controls the hostname via the VPS configuration (the
--hostnameoption for the
If you set the hostname manually, Virtuozzo will reset the hostname on the next reboot. Make sure to set up the full hostname correctly after you provision the VM. cPanel & WHM requires an FQDN.
OpenVZ and Virtuozzo require you to enable second-level quotas, which can cause quota-initiation issues. For more information, read:
Jailshell requires specific steps to enable a full
proc mount. For more information, read our How to Troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS documentation.