Tag cpanel

PHP-FPM Settings for Better Optimization

Tags: , ,

Edit Default PHP-FPM Settings

If you have many cPanel accounts, you may prefer to change the default settings for newly created cPanel accounts.

As root, SSH into your server or launch WHM terminal.
Create a system_pool_defaults.yaml file in the /var/cpanel/ApachePHPFPM directory. To do this using nano, type the following:
nano /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

Add the following to the new file:

php_value_error_reporting: ‘E_ALL’
pm_max_children: 500
pm_max_requests: 2000
pm_min_spare_servers: 1
pm_max_spare_servers: 25
pm_process_idle_timeout: 150
php_value_disable_functions: 0
pm_max_children: Max number of child processes
pm_max_requests: Number of requests a child process executes before respawning.
pm_min_spare_servers: Minimum idle server processes
pm_max_spare_servers: Maximum idle server processes
pm_process_idle_timeout: Time until an idle process is killed in s(econds), m(inutes), m(inutes), h(ours), or d(ays).
php_value_disable_functions: Functions to disable. This doesn’t overwrite php.ini settings.

Save and exit the file. Using nano, press Control and x for the save prompt before exiting. Press y, then Enter ⤶ to save the file.

Rebuild PHP-FPM using the following command:
/scripts/php_fpm_config –rebuild

Restart PHP-FPM using the following command:
/scripts/restartsrv_apache_php_fpm

Disable 2 factor authentication via ssh on a cPanel

Tags: , , ,

To disable it via command line, ssh to the server and run this command:

whmapi1 twofactorauth_disable_policy

This turns two-factor auth off. However, it does not delete the current two-factor setups. So before you turn two-factor back on, you need to disable the two-factor code from your account

Log into WHM
Click on Two-Factor Authentication
Click on “Manage My Account”
Click on Remove Two-factor Authentication
This will remove the current two-factor code from the root user, allowing you to setup a new one.

Restoring visitors IP with mod_remoteip

Tags: , , ,

Using EasyApache, install Apache Mod_RemoteIP ( ea-apache24-mod_remoteip ).

Edit the conf file : nano /etc/apache2/conf.modules.d/370_mod_remoteip.conf

RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 104.16.0.0/13
RemoteIPTrustedProxy 104.24.0.0/14
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

Once that has been done, you’ll need to go to WHM :
Home » Service Configuration » Apache Configuration » Global Configuration

And modify both of the LogFormat (combined, and common) by replace the “h” with an “a”.

%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”

This format captures the header with the %h field which is the proxy address in our example. Because we want the originating client IP address instead of the remote IP being logged, we replace this with an %a.

“%a %l %u %t \”%r\” %>s %O \”%{Referer}i\ \”%{User-Agent}i\”

Save and restart Apache and that should handle this.

MariaDB/mySQL Increase limits

Tags: , , , , ,

The default open files limit is 1024. This is fine for a few websites, but if you are hosting many websites this should be increased.

1. Login as root via SSH

2. Type : pico /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf

3. Change the lines to:
LimitNOFILE=100000
LimitMEMLOCK=100000

4. Execute :
systemctl daemon-reload
systemctl restart mysql

5. Type: pico /etc/security/limits.conf

Add/Modify the lines so they read:

* soft nofile 1024000
* hard nofile 1024000
* soft nproc 10240
* hard nproc 10240

Save: CTRL O

Quit: CTRL X

6. Type: pico /etc/security/limits.d/90-nproc.conf

Add/Modify the lines so they read:

* soft nofile 1024000
* hard nofile 1024000
* soft nproc 10240
* hard nproc 10240
root soft nproc unlimited

Save: CTRL O

Quit: CTRL X

7. Type: ulimit -Hn 1024000

8. Type: pico /etc/my.cnf

Insert the following:

open_files_limit = 1024000

If you have sections [mysqld] and [mysqld_safe] put the line under both headings.

Save: CTRL O

Quit: CTRL X

9. Type: service mysql restart