Part 2: How I Built a cPanel Hosting Environment on Amazon AWS

In Part 1 of this four part series, we discussed establishing your VPC, creating and configuring your small subnet, and worked through configuring the Security Groups for our two instance types (‘NS_SG‘ and ‘VS_SG‘).

Today, we work on launching a two new instances, running cPanel DNSONLY, into our VPC and configuring these to be the primary and secondary DNS resolvers for our environment. While this series is written with the assumption of using dedicated DNS instances, you could easily use these instructions on dual use instances that both serve as web servers and as name servers.


Below is a quick overview of the architecture implemented as well as instance types used for provisioning instances. While I can not link directly to specific AMIs (Amazon Machine Images), selecting your desired operating system and getting cPanel/WHM installed is a straightforward procedure.


Assumptions

  • First, I will discuss the reasons for configuring instances in certain ways as they relate to being on AWS, but this is not a lesson in DNS basics. You will need to have a working knowledge of DNS best practices.
  • Second, this model makes no assumption of complete configuration or security. Again, I will just be touching on the subtleties of using the AWS eco-system.

Some instructions below are borrowed from Amazon’s AWS User Guide.


AWS Diagram

A Representation of the Basic Network Architecture


This Lesson Includes

  • Creating and launching a new EC2 Instance (Name Server) within VPC
  • Applying a Security Group to an Instance
  • Configuring cPanel DNSONLY for AWS
  • Creating a DNS Cluster

Create and Launching the Name Server Instance

Amazon EC2 instances are the fundamental building blocks for your computing needs in AWS. You can think of instances as virtual servers that can run applications and services. Instances are created from an Amazon Machine Image (AMI) and choosing an appropriate instance type. An AMI is a template that contains a software configuration, including an operating system, which defines your operating environment. You can select an AMI provided by AWS, our user community, or on the AWS Marketplace. You can also create and optionally share your own AMIs.  A single AMI can be used to launch one or thousands of instances

There are thousands of freely (and commercially) available AMIs available to choose from. You can also opt for building your own from the ground up. In my case, I chose a vanilla CentOS 6 AMI and built my name servers from there.

An important aspect to understand about the AWS eco-system is a term called “Regions“. Regions are just that, geographical locations of the datacenters that house your services in AWS. Amazon offers numerous regions all at different price points. I generally build out an infrastructure in a single region and then duplicate the infrastructure to a separate region. I then can use AWS ELB (Elastic Load Balancing) to direct traffic to different regions or for failover. In this tutorial I will be operating in the N. Virginia (East 1-A) region. More on regions can be found here.

While I will walk you through launching your instance, I will skip the installation step for cPanel Services merely for brevity. Let’s begin.

Choose an AMI

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
  2. Click “Launch Instance” in the top menu.
  3. Click the “Classic Wizard” radio and click “Continue“.
  4. Choose one of the four tabs to search for your desired AMI. Keep in mind, AMIs are region specific so when launching a new AMI ensure it is in the same region as your VPC.

Instance Details

AWS Diagram

  1. Select the “Instance Type: T1 Micro“. A T1 Micro Instance is sufficient for a basic name server. (More on Instance Types).
  2. Select the “Launch into: EC2-VPC” radio button.
  3. Accept the default subnet since we only have one (unless more were configured, select accordingly).
  4. Click “Continue“.

AWS Diagram

  1. Kernel ID and RAM Disk ID can both be kept as “Use Default“.
  2. While an additional charge will be incurred, it may be advantageous for you to enable CloudWatch Monitoring. I choose to enable it.
  3. Important: Make sure you enable Termination Protection by checking the box labeled “Prevent against accidental termination.” This helps prevent you from deleting an instance or volume store without you first disabling this protection.
  4. Also Important: Ensure “Shutdown Behavior” is set to “Stop” and not “Terminate”. When an instance is terminated, it is deleted from your VPC/EC2 account and is not recoverable.
  5. Now we want to set a Static Private IP for our instance. VPC comes built in with a DHCP server but we really don’t want our instance IPs to be changing. Set an appropriate IP address for your instance. I chose “10.0.0.10” based on my subnet range.
  6. Click “Continue“.

AWS Diagram

Understanding AWS storage can be somewhat overwhelming but it is really quite simple. AWS uses two primary storage types. “EBS” and “Instance Store“. In all practical instances, you will want to use EBS. The differences are simple really.

EBS Storage is physically separate storage that is backed by Amazon S3 and is independent of your instance. EBS volumes can be attached/detached to Instances much like plugging in a thumb drive. You can also take snapshots of EBS volumes making backups/recovery simple. EBS storage is a safer option because if a region goes offline or fails completely, the likely hood of recovery of your EBS backed volumes are significantly greater than Instance Stores because of the physical location separation. When you terminate (delete) an instance, unless you say otherwise, the EBS volume associated with that instance will still be available. EBS volumes can also be resized and scaled. More on this later.

Instance Store is a storage volume type that is tied directly to an instance. Instance stores cannot be managed and cannot have snapshots taken. Instance stores are also not persistent, meaning, if you boot an instance, make changes to the volume (create/delete files, etc) and then stop the instance, the next time you boot the instance, any changes made will not be available. The instance essentially resets to a fresh state every time you boot. Instance stores are useful in an application specific environment where a particular instance has one job to do.

Important: When selecting an AMI, ensure that the Storage Type indicates “EBS-Backed if that is the storage type you want to select.

  1. Accept the defaults of your selected AMI and click “Continue“.

AWS Diagram

Naming convention is entirely up to you, however, I recommend using a standard naming schema throughout your VPC. This makes for easier maintenance and management. I generally set the “Name” key to the hostname of the instance, and create an additional key “Type” and set it to the function of the instance, in this case NS (Name Server).

Click “Continue“.

Create KeyPair

AWS Diagram

Public/private key pairs allow you to securely connect to your instance after it launches. For Windows Server instances, a Key Pair is required to set and deliver a secure encrypted password. For Linux server instances, a key pair allows you to SSH into your instance.

To create a key pair, enter a name and click “Create & Download Your Key Pair”. You will be prompted to save the private key to your computer. Note: You only need to generate a key pair once – not each time you want to deploy an Amazon EC2 instance.

Click “Continue“.

Configure Firewall

AWS Diagram

  1. Select the “NS_SG” Security Group that we created in Part 1.
  2. Click “Continue“.

Review

AWS Diagram

  1. Review and verify the Instance details.
  2. Click “Launch“.

Allocating and Associate an Elastic IP

Elastic IP addresses are static IP addresses designed for dynamic cloud computing. An Elastic IP address is associated with your account, not a particular instance (but can be associated to an instance), and you control that address until you choose to explicitly release it. Unlike traditional static IP addresses, however, Elastic IP addresses allow you to mask instance or availability zone failures by programmatically remapping your public IP addresses to any instance associated with your account. Rather than waiting on a data technician to reconfigure or replace your host, or waiting for DNS to propagate to all of your customers, Amazon EC2 enables you to engineer around problems with your instance or software by programmatically remapping your Elastic IP address to a replacement instance.

Allocating

AWS Diagram

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. Click “Elastic IPs in the left hand navigation menu.
  3. Click the “Allocate New Address” button in the header menu.
  4. Set “EIP Used In:” to “VPC“. (Elastic IPs allocated outside of a VPC to EC2 cannot see VPC Instances).
  5. Click “Yes Allocate“.

Associating

AWS Diagram

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. Click “Elastic IPs” in the left hand navigation menu.
  3. Locate your newly allocated IP Address in the list and click the selection box (or right click) associated with the address.
  4. With the address selected, click the “Associate Address” button in the header menu.
  5. Select your new Instance from the “Instance” dropdown and the correct Private IP should be selected by default.
  6. ImportantEnsure that you enable “Allow Reassociation“. This tells the VPC to reassign this EIP to this instance in the event of a reboot or shutdown. If you do not enable this option, you will have to manually re-associate the EIP with the Instance.
  7. Click “Yes, Associate“.

Configuring cPanel DNSONLY

At this point, you have a brand new Instance with an Elastic IP associated to it. The first thing you want to do is login to your instance via SSH using your newly acquired KeyPair. As I said previously, I won’t be going over the steps for installing cPanel, although they are straightforward.

Pre-configured AMIs will always have a root password set which you will inherently have to change to be able to login to cPanel. This is a quick, yet necessary step to complete before continuing.

SSH into your instance as root and run:

passwd

Modify your password and continue.

Initial Setup

  1. Assuming you have installed cPanel DNSONLY, In a web browser, navigate to:
    https://<elastic-ip>:2087

    Where <elastic-ip> is replaced by the Elastic IP Associated to your new instance.

  2. You will be prompted for login credentials. Username will be ‘root’ and the password will be your new modified password.
  3. ‘Read’ and Agree to the Terms and Conditions and continue to Step 2.
  4. Enter your Contact Information.
  5. Enter the hostname of this instance. In my case, I chose “ns1.example.com“.
  6. Enter your primary and secondary resolvers. I choose to use Google’s Resolvers located at “8.8.8.8” and 8.8.4.4” respectively.
  7. Ensure Main Network Device is set appropriately. It will most often be eth0.
  8. Save and Go To Step 3.

AWS Diagram

11.36 Temporary Workaround

At the time of writing this, cPanel DNSONLY Stable Release is at 11.36, meaning it does not yet officially support a NAT, however I can say with confidence that by the time WHM 11.40 is released DNSONLY will be on par with NAT support.

The following instructions are unique to 11.36 and DNSONLY because it does not yet officially support NAT, these should be considered a temporary work-around until 11.40 arrives at which I will update the instructions.

  1. In Step 3, add a new IP address by entering in the Elastic IP of the instance you are working with. Subnet should remain default. 
  2. Click “Add IP(s)“.
  3. Click “Finish

You should now be directed to the DNSONLY Dashboard. Again, due to this being a non-NAT build, we need to workaround for the time being. We need to modify the Main IP within cPanel from our Private IP to our Elastic IP.

  1. In the left hand menu, click “Basic cPanel & WHM Setup“.
  2. Locate the first field under “Basic Config” that contains what probably looks like a random 10.x.x.x IP. Replace the existing IP with your Elastic IP.
  3. Click “Save Changes“.

DNS Clustering

DNS cluster is a group of nameservers that share records. A DNS cluster allows you to physically separate your nameservers so that if a web server loses its connection, you still have DNS functionality. This will allow visitors to reach websites on your server more quickly after the web server comes back online.

  1. In the left hand menu, under Cluster/Remote Access, click “Configure Cluster“.
  2. In the Modify Cluster Status box, select “Enable DNS Clustering”.
  3. Click “Change”.
  4. Click “Return to Cluster Status”.

Conclusion

At this point you have a single nameserver, ns1.example.com,  configured and with DNS Clustering enabled. This server is ready to Pair/Synchronize with WHM/cPanel client servers.

You do, however, need to repeat these steps for a secondary nameserver, presumably ns2.example.com.

While this is a very basic setup, all of the possibilities of this infrastructure within AWS are too numerous and out of scope for this tutorial. I am more than happy to field questions and comments below if you have a more challenging project.

This entry was posted in Tips & Tricks and tagged , , , , , , . Bookmark the permalink.
  • Jim Hankins

    I would suggest a correction on your description of use of elastic load balancers. They are an in region tool for load balancing against assets either in the same availability zone AZ or better across AZ’s. To add cross region availability, you’re looking at Route 53. More would have to be done on the database layer as well if your intent was to do something like this.

  • technicaltitch

    Great article thanks. Slowly AWS is swallowing up more and more of the world’s processing..

    Could you give a very approximate idea of pricing? I’m the typical CPanel small business with a few simple, low traffic MySql/PHP websites to host somewhere and tens of email addresses to forward. I don’t know how many white papers and articles I’ve read but I still have no idea whether migrating my simple web apps to AWS will cost. The Amazon docs tell me hosting a few files will cost < $5 a month, but hosting a web app will cost $140 a month – really need a little more detail. I've wanted to switch to AWS for years but I find the pricing totally unintelligible, even for instances I already run.

  • James Venn

    Really fantastic Article. Thanks for going to the trouble to write all this out in such detail.

  • G Jason Bergenske

    Which server instance do you use for the Cpanel DNSONLY? Do you use just the micro for that?

    • Mike

      micro should be fine to handle a couple of 100 records. Amazon will let you load balance so you can setup a few in different regions and distribute the load.

  • Kunle Fadiora

    I set up windows azure linux vm(OpenLogic CentOS with ip VIP 1.2.3.4). I have successfully installed WHM/cPanel on it. I created an account(example.com), I now registered nameserver: (ns1.example.com —> 1.2.3.4). I opened the DNS port.
    Anytime I ping ns1.example.com it replies with 1.2.3.4
    But when I ping example.com it doesn’t even answer.

    I discovered also that if I created A records on example.com –> 1.2.3.4, it works but that’s not the only domain/website I want on the VM.

    Do I need to set-up a DNS Server for this?

    • Mike

      I have also tested the azure platform. It eventually wont be what you want for a couple of reasons. To answer your question – You have your primary domain name – http://www.example.com. In that domains DNS manager (usually the place where you purchased your domain) you need to create two records ns1.example.com and ns2.example.com. Each record will have an IP address that corresponds to a separate VM running cpannel-dns. If you ping either name server you will then get the address for the VM assuming you opened the ports. Now this tutorial is advising that you have a third VM and that is where your webserver sits, presumable to hosts http://www.example.com. http://www.example.com will need the IP address updated in its DNS manager to point to your webserver. With azure you are going to run into the problem where by two VM’s cant have the same two ports open which makes redundancy difficult. There are quite a few workarounds, but they make it more difficult to manage as things grow.

      • Kunle Fadiora

        I found a fix. Apparently not even a fix. the dns needs to be opened twice as UDP and TCP. One can change the name of the dns as DNS and probably DNS-1 one with UDP and TCP opened respectively

        • Mike

          Wow you know I was looking at that and I thought to myself you know I wonder if that would work. Ok here is the next one for you – IP addresses. With AWS, the elastic (public) IP address is fixed until you don’t need it. If a VM is shut down in order to scale up or make changes, the IP stays the same. With azure, once you turn off an instance, the public IP address changes. Not a big deal if you structure your project to resolve using the example.cloudapp.net address, but if you are needing IP’s. AWS has this one in the bag.

  • tnet

    What are the advantages of setting of the separate instance to use as a nameserver vs just just using Route 53 for dns?

    • http://georgebohnisch.com/ George Böhnisch

      WHM does not natively support Route 53 so DNS updates would have to be done manually.

  • Francis Fueconcillo

    got this error when installing DNSONLY, hostname returns ip-10-0-0-10 and i cant seem to change it in /etc/hostname, /etc/hosts, /etc/sysconfig/network-scripts/ifcfg-eth0, and /etc/sysconfig/network.. any help?

    2013-08-03 12:49:09 462 ( INFO): centos 6 (Linux) detected!
    hostname: Unknown host
    2013-08-03 12:49:09 490 ( INFO): Validating that ” is a FQDN
    2013-08-03 12:49:09 496 (ERROR):
    2013-08-03 12:49:09 497 (ERROR): ********************* ERROR *********************
    2013-08-03 12:49:09 498 (ERROR):
    2013-08-03 12:49:09 499 (ERROR): Your hostname () is not set properly. Please
    2013-08-03 12:49:09 500 (ERROR): change your hostname to a fully qualified domain name,
    2013-08-03 12:49:09 501 (ERROR): and re-run this installer.

    • Francis Fueconcillo

      nvm.. I figured it out :) i like this guide!

  • P.K. Hunter

    This is very useful, but the DNSONLY thing is NOT the most frequently used configuration. The article also lost me at the part where the installation of Cpanel is completely skipped! Makes this severely limited in its instruction.

    Secondly, the NS server which we first configure here has Cpanel installed? Isn’t that just for the name servers, while the web server instance will have the overall WHM/Cpanel installed instead? What am I missing? Why did we create two instances: NS_SG and VS_SG?

    Right now I use a dedicated server from SoftLayer. I want to install on EC2 basically something like that dedicated server, including all the services, EasyApache, PostgreSQL, BIND, email system (QMail?), ConfigServer firewall, etc etc.

    On this dedicated server (WHM) are several domains setup as “Accounts”. Each domain basically shares the same two NS1 and NS2 name servers with just two IP addresses respectively.

    What I need to do is replicate my entire dedicated server setup — the most common implementation of it, that is — with all the default WHM settings, to EC2?

    Could someone share the instructions for installing this? Thanks!

    • http://georgebohnisch.com/ George Böhnisch

      P.K.,

      I skipped the installation of cPanel on purpose because there are no special circumstances for the installation process over a non-EC2 implementation.

      To learn how to install cPanel/WHM/DNSONLY have a look here ( http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/InstallingCpanel ).

      DNSONLY is essentially a scaled-down WHM installation. It shares many of the same libraries as a full installation but does not have all the features of WHM, only DNS.

      Running BIND on the same instance used as the web server isn’t a best case scenario but can be done by assigning mutliple elastic IPs to an instance and then adding the additional IP within WHM.

      The reason we created two security groups, NS_SG and VS_SG, is because we want different levels of security for each of the two types of instances. Firewall rules for Name Servers will not necessarily be the same as firewall rules for Virtual/Web Servers, so we create two groups to allow individual customization of each.

      If you need help configuring/optimizing a new cPanel/WHM installation have a look at http://forums.cpanel.net or a quick Google search should pull up some useful articles for you. That information is just out of the scope of these tutorials.

      • PK Hunter

        I must be misunderstanding something. What does “DNSONLY” do? Not much, if all it runs is DNS. Right?

        And yet the subject of this tutorial series says “How I build a CPanel hosting environment on EC2″?

        Which is it? Is it a full hosting environment or not? If it is, then I need to know how to install WHM and Cpanel.

        And maybe you’re much better at googling than I am, but there isn’t one tutorial that shows from step 1 to step whatever how precisely to install an entire working WHM type setup with multiple domains (“accounts”) on the EC2 platform. Would love it if you could point me to any.

        Thanks!

  • http://georgebohnisch.com/ George Böhnisch