How to Install WHM/cPanel on CloudLinux

CloudLinux OS is the operating system of choice for shared and reseller hosting because it introduces LVE (Lightweight Virtual Environment) resource limits that keep one customer from starving another of CPU, memory, or I/O. Combined with WHM/cPanel, CloudLinux gives you a production-grade multi-tenant hosting platform that is still simple to administer. This guide walks through a clean WHM/cPanel install on CloudLinux, covers every prerequisite, and finishes with the security hardening steps that auditors expect.

Prerequisites

Before you start, confirm the following:

• A freshly provisioned server with at least 2 vCPU, 4 GB RAM, and 40 GB free on /. Production hosts should have 8 GB RAM and NVMe storage.
• CloudLinux OS 8 or 9 installed (minimal profile is fine). cPanel's supported list always tracks the current CloudLinux releases.
• A licensed CloudLinux activation key. A cPanel license is separately required and must be registered to the server's main IP.
• A resolvable fully-qualified hostname pointing to the server's public IPv4.
• Root SSH access over a non-default port.
• No existing Apache, MySQL, PHP, Exim, or mail stack installed; cPanel installs its own versions.

Step 1: System Preparation

Set the hostname, verify network identity, and update packages:

hostnamectl set-hostname srv01.example.com
echo "1.2.3.4 srv01.example.com srv01" >> /etc/hosts
dnf update -y
dnf install -y perl curl wget tar nano bind-utils policycoreutils-python-utils

Disable services cPanel replaces:

systemctl disable --now firewalld
systemctl disable --now NetworkManager  # optional; cPanel supports NM
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config

SELinux must not be enforcing during the install. You can re-evaluate after cPanel is up, but most production cPanel servers run with SELinux in permissive mode.

Step 2: Install CloudLinux if Starting from a Different OS

If you provisioned a RHEL/AlmaLinux host instead of CloudLinux, you can convert it using the cldeploy script. Skip this step if your server already boots CloudLinux.

wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k YOUR_ACTIVATION_KEY
reboot

After reboot confirm the kernel:

uname -r
# Expect: 4.18.0-xxx.lve.elX.x86_64 or similar CloudLinux-branded kernel

Step 3: Install WHM/cPanel

cPanel provides an installer script that handles all dependencies. Run it from a detached screen or tmux session because the install takes 30 to 90 minutes.

cd /home && screen -S cpinstall
curl -o latest -L https://securedownloads.cpanel.net/latest
sh latest

During installation you will see progress for Apache, PHP, Exim, Dovecot, MySQL or MariaDB, and the WHM web interface. On a clean CloudLinux 9 host with NVMe storage, expect roughly 45 minutes.

Step 4: First Login and License Activation

Once the installer completes, WHM is available at https://srv01.example.com:2087. Log in as root with your SSH password. The first-run wizard prompts for:

• Network configuration (main IP, DNS resolvers).
• Nameservers (configure ns1 and ns2 on separate IPs ideally on separate servers).
• Services and FTP server choice (Pure-FTPd is the default).
• Feature showcase selections.

If your license is not yet active, run /usr/local/cpanel/cpkeyclt after registering the IP with cPanel Manage2.

Step 5: Enable CloudLinux Integration

CloudLinux ships a cPanel plugin that exposes LVE limits directly inside WHM. Install and register it:

/usr/bin/cagefsctl --init
/usr/bin/cagefsctl --enable-all
yum install lvemanager --enablerepo=cloudlinux-updates-testing -y
/scripts/check_cagefs_ea4_conf
/usr/share/cloudlinux/hooks/post_modify_accounts.py --all

CageFS isolates each user in their own virtualised filesystem, which prevents information leakage between accounts. LVE limits constrain per-user CPU, memory, entry processes, and I/O. Configure sensible defaults in WHM → CloudLinux LVE Manager.

Step 6: PHP Selector and MySQL Governor

Enable PHP Selector so customers can choose PHP 7.4 through 8.3 on a per-account basis, and MySQL Governor to throttle abusive database queries.

yum install alt-php-all -y
yum install governor-mysql -y
/usr/share/lve/dbgovernor/mysqlgovernor.py --install

Step 7: Security Hardening

A fresh WHM install is functional but not hardened. Do the following before any customer data lands on the host:

• Install ConfigServer Security & Firewall (CSF/LFD) and replace the cPanel-default firewall rules.
• Enable ModSecurity in WHM → ModSecurity Vendors with the OWASP CRS ruleset.
• Set SSH to key-only, disable root password login, and change the port.
• Enable two-factor authentication for WHM root in Security Center.
• Install ImunifyAV or Imunify360 for anti-malware scanning.
• Tune Exim and Dovecot to reject on SPF fail and enable DKIM/DMARC for every new account.
• Schedule nightly backups to an off-server destination (S3, remote SSH).

Step 8: Backups and Monitoring

Use WHM's Backup Configuration to enable daily incremental backups with weekly and monthly retention, and send them to a remote destination. For external monitoring, pair the server with Uptime Kuma or Grafana Alloy shipping metrics to an external Prometheus. On production servers, pair cPanel with our disaster recovery services for regional failover.

Managed Alternatives

If you would rather not manage the OS, kernel, and security updates yourself, consider our managed cPanel hosting, dedicated cPanel servers, or cPanel reseller plans. All run on HA infrastructure with 24/7 support. Contact us for a migration from another host.

Published by the MassiveGRID team, specialists in cPanel and CloudLinux hosting on high-availability infrastructure.