How to run cPanel behind a NAT – Router – Home modem

Download PDF

cPanel is not designed to run behind a NAT, therefore if you decide to go that way you won’t get any help from cPanel support techs, it is not officialy supported. Many people have done it. I personaly do it manualy by changing the IP configuration and DNS Zones, but for those with less Linux/DNS knowledge, here is a great script that helps you run cPanel & WHM behind a NAT (router with internal IP for example 192.168.0.x)

Install

create the script by pasting source from bellow or downloading from link above

as root go to /var/cpanel/scripts and type  vi wwwact_nat.sh (paste the script), then :wq! to save it.

then type chmod 0755 wwwact_nat.sh

and then run with sh wwwact_nat.sh

How to use

Script is very self-explanatory, Run the initial configuration first, then create a domain etc. If any problems, feel free to comment 🙂

Script Source Code

#!/bin/bash
# cpanel – wwwacct_nat.sh Copyright(c) 2008 cPanel, Inc.
# All rights Reserved.
copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
myversion=001
mybuild=STABLE
echo “”
echo “This script is designed to help you run cPanel/WHM behind a NAT/ROUTER”
echo “Based network 192.168.x.xxx take Extra Caution when using this script”
echo “Please view the readme that comes with this script before using it.”
echo “”
echo “+===================================+”
echo “| Dependency Check |”
echo “+===================================+”
rootcheck=$(echo $USER); if [ “$rootcheck” = “root” ]; then
echo “| running as user $rootcheck [ OK ] “
else
echo “| running as user root [FAIL] “
echo “+===================================+”
echo “Script Halted!”
exit
fi
if [ -f /etc/wwwacct.conf ]; then
echo “| cPanel wwwacct.conf [ OK ] “
else
echo “| cPanel wwwacct.conf [FAIL] “
echo “+===================================+”
echo “Script Halted!”
exit
fi
mycurl=”`which /usr/bin/curl 2> /dev/null`”; if [ “$mycurl” != “” ]; then
echo “| $mycurl [ OK ] “
else
echo “| /usr/bin/curl [FAIL] “
fi
mysed=”`which /bin/sed 2> /dev/null`”; if [ “$mysed” != “” ]; then
echo “| $mysed [ OK ] “
else
echo “| /bin/sed [FAIL] “
fi
mywget=”`which /usr/bin/wget 2> /dev/null`”; if [ “$mywget” != “” ]; then
echo “| $mywget [ OK ] “
else
echo “| /usr/bin/wget [FAIL] “
fi
echo “+===================================+”
sleep 2
addr=$(awk ‘/ADDR/ { print $2 }’ /etc/wwwacct.conf)
ethdev=$(awk ‘/ETHDEV/ { print $2 }’ /etc/wwwacct.conf)
lanaddr=$(ifconfig $ethdev | grep ‘inet addr:’| cut -d: -f2 | awk ‘{ print $1}’)
replace $addr $lanaddr — /etc/wwwacct.conf 1> /dev/null
mainip=$(awk ‘{ print $1 }’ /var/cpanel/mainip)
echo “”
echo “+===================================+”
echo “| We Have Detected |”
echo “+===================================+”
echo “| Main/DNS IP: $mainip”
echo “| Shared/NAT IP: $lanaddr”
echo “+===================================+”
while true; do
echo “”
echo “+===================================+”
echo “| cPanel NAT Main Menu |”
echo “+===================================+”
echo “| 1) First Time Setup”
echo “| 2) Update Everything”
echo “| 3) New Account”
echo “| 4) Del Account”
echo “| 5) Sub-Domains *use caution*”
echo “| 6) Check GitHub To Update Script”
echo “| 7) Quit”
echo “+===================================+”
echo “| [ Build: $mybuild Ver: $myversion ] |”
echo “+===================================+”
read case;
echo “”
case $case in
  1)
echo “Detecting WAN IP (using curl)”
echo “Should Be Quick”
wanip=$(curl -s http://www.cpanel.net/myip)
echo $wanip > /var/cpanel/mainip
echo “Main IP Updated To $wanip”
echo “Fixing Proxy Domains For NAT”
replace proxysubdomainsfornewaccounts=1 proxysubdomainsfornewaccounts=0 — /var/cpanel/cpanel.config
/usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings 1> /dev/null;;
  2)
echo “Detecting WAN IP (using curl)”
echo “Should Be Quick”
wanip=$(curl -s http://www.cpanel.net/myip)
echo “”
echo “+===================================+”
echo “| We Have Detected |”
echo “+===================================+”
echo “| Old IP: $mainip”
echo “| New IP: $wanip”
echo “+===================================+”
echo “”
echo “Updating NameServer IPs”
replace $mainip $wanip — /etc/nameserverips
echo “Updating DNS With $wanip”
for domain in `ls /var/named|grep ‘\.db$’`; do
if [ -f “/var/named/$domain” ] ; then
arecord=$(grep -E ‘ftp IN A’ /var/named/$domain|awk ‘{print $4}’)
echo “Updating $domain From $arecord To $wanip”
replace $arecord $wanip — /var/named/$domain 1> /dev/null
fi
done
echo “Updating cPanel IPs”
replace $mainip $wanip — /var/cpanel/mainip
replace $mainip $wanip — /etc/secondary.ip
replace $mainip $wanip — /etc/hosts
replace $mainip $wanip — /etc/mail_reverse_dns
replace $wanip $lanaddr — /var/cpanel/users/*
echo “Fixing Proxy Domains For NAT”
replace proxysubdomainsfornewaccounts=1 proxysubdomainsfornewaccounts=0 — /var/cpanel/cpanel.config
/usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings 1> /dev/null;;
  3)
echo “What is the domain name you would like to setup?”
echo -n “”
read -e domain
echo “”
echo “What username would you like to setup?”
echo -n “”
read -e user
echo “”
echo “What password would you like to setup?”
echo -n “”
read -e pass
echo “”
echo “Preparing DNS Zones For WAN IP”
echo “Detecting Zone Template Backups”
dir=/var/cpanel/zonetemplates/backup
echo “”
if [ -d $dir ]; then
echo “Backups Exist Copying To Main Folder For Setup”
  for mytemplate in `ls /var/cpanel/zonetemplates/*`; do
if [ -f “$mytemplate” ] ; then
rm -f $mytemplate
  fi
done
cp $dir/* /var/cpanel/zonetemplates
else
echo “No Backups Found”
echo “Backing Up”
mkdir $dir
  for mybackup in `ls /var/cpanel/zonetemplates/*`; do
if [ -f “$mybackup” ] ; then
cp $mybackup $dir
  fi
done
fi
echo “”
echo “Setting Up Zone Templates With $mainip”
  for mytemplate in `ls /var/cpanel/zonetemplates/*`; do
if [ -f “$mytemplate” ] ; then
replace %ip% $mainip — $mytemplate
  echo “cpanel IN A $mainip” >> $mytemplate
  echo “whm IN A $mainip” >> $mytemplate
  echo “webmail IN A $mainip” >> $mytemplate
  echo “webdisk IN A $mainip” >> $mytemplate
  fi
done
echo “Done”
echo “”
/scripts/wwwacct $domain $user $pass;;
  4)
/bin/ls -A /var/cpanel/users/
read user
/scripts/killacct –force –killdns $user;;
  5)
echo “What User?”
read user
echo “”
domain=$(awk ‘/DNS/’ /var/cpanel/users/$user | cut -d’=’ -f2)
echo “Not The Full Domain (sub.$domain)”
echo “What Is The Sub Part? (sub)”
read subdomain
folder=/home/$user/public_html/$subdomain
if [ ! -d $folder ] ; then
mkdir $folder; chmod 0755 $folder; chown $user.$user $folder;
fi
echo “”
if [ -f “/var/named/$domain.db” ] ; then
echo “$domain.db Found”
apacheconf=/usr/local/apache/conf/includes
  if [ -f “$apacheconf/$subdomain.$domain.conf” ] ; then
echo “Sorry Already Exists!”
  echo “Remove [YES/NO]?”
  read myremove
    if [ “$myremove” = “YES” ]; then
echo “Removing…”
    rm -f $apacheconf/$subdomain.$domain.conf
    sed -i “/$subdomain IN A/d” /var/named/$domain.db
    sed -i “/$subdomain.$domain.conf/d” $apacheconf/post_virtualhost_global.conf
    echo “Restarting httpd”
    service httpd restart
    echo “Restarting bind”
    rndc flush; rndc reload;
    echo “Done”
    else
echo “Returning To Menu”
    fi
else
echo “<virtualhost $lanaddr:80>” > $apacheconf/$subdomain.$domain.conf
  echo ” ServerName $subdomain.$domain” >> $apacheconf/$subdomain.$domain.conf
  echo ” DocumentRoot $folder” >> $apacheconf/$subdomain.$domain.conf
  echo ” ServerAdmin webmaster@$domain” >> $apacheconf/$subdomain.$domain.conf
  echo ” UseCanonicalName Off” >> $apacheconf/$subdomain.$domain.conf
  echo “</virtualhost>” >> $apacheconf/$subdomain.$domain.conf
  echo “Restarting httpd”
  echo “Include conf/includes/$subdomain.$domain.conf” >> $apacheconf/post_virtualhost_global.conf
  service httpd restart
  echo “Restarting bind”
  echo $subdomain IN A $mainip >> /var/named/$domain.db
  rndc flush; rndc reload;
  echo “”
  echo “Files Are In $folder”
  fi
else
echo “$domain.db Not Found”
echo “Halted Returning To Menu”
fi;;
  6)
echo “Downloading Update Script…”
echo “Please Wait”
wget -q -O /scripts/wwwacct_nat_update.sh https://raw.github.com/cpanelscripts/wwwacct_nat/master/wwwacct_nat_update.sh
echo “”
chmod 0755 wwwacct_nat_update.sh && /scripts/wwwacct_nat_update.sh && exit;;
  7)
echo “Thanks For Using This Script”
echo “Quitting”
exit;;
  *)
echo “$case is an invaild option. Please select option between 1-6 only”;
sleep 3
clear
esac
done

FROM SPICEWORKS:

This KB was written to provide some insight into a problem many people face when running their own sites/servers: running cPanel behind NAT.

We’ve been over at the cPanel forums and have read the many posts about how “cPanel does not support NAT configurations in any way.” This may be true. But what they’re saying is that cPanel, the company, does not support NAT – meaning they do not provide technical support/assistance with your NAT setup. Some posts go as far as saying a NAT’d cPanel server won’t work. Well… it does. Here’s what we did to get it working (CentOS 6, 64-Bit):

What’s really odd about this whole thing? The solution came from cPanel and was published in the Forums.

1.

Download the cPanel script from gitHub

This script is designed to help you run cPanel/WHM behind a NAT/ROUTER Based network 192.168.x.xxx take Extra Caution when using this script. You may also want to view the readme.md file under gitHub.

https://github.com/cpanelscripts/wwwacct_nat

Builds
EDGE = Most Recent But May Contain Errors (Do Not Use On A LIVE Server)
STABLE = Tested By The Dev Team And Seems To Work OK
RELEASE = 99% Tested And Safe For LIVE Servers

2.

Install the Script

Login to your cPanel server via SSH

cd to /scripts

create the file wwwacct_nat.sh

edit the file and copy the contents of the script you downloaded

OR you can also FTP the script to this location.

 

3.

Set permissions of the script

Do not forget to set the permissions on the script so it can execute.

root@perseus [/scripts]# chmod 755 wwwacct_nat.sh

4.

First Run

When you first run the script, it will attempt to ascertain the external and internal IP’s. You will need to confirm the IP’s are correct. If they are not, you need to set your Shared IP in the Basic Setup of cPanel and re-run the script.

+===================================+
| Dependency Check |
+===================================+
| running as user root [ OK ]
| cPanel wwwacct.conf [ OK ]
| /usr/bin/curl [ OK ]
| /bin/sed [ OK ]
| /usr/bin/wget [ OK ]
+===================================+

+===================================+
| We Have Detected |
+===================================+
| Main/DNS IP: 169.161.136.110
| Shared/NAT IP: 192.168.1.104
+===================================+

5.

First Time Setup

Now you will need to run the First Time Setup under Option 1). This will make adjustments to your Zone Files as needed.

+===================================+
| cPanel NAT Main Menu |
+===================================+
| 1) First Time Setup
| 2) Update Everything
| 3) New Account
| 4) Del Account
| 5) Sub-Domains *use caution*
| 6) Check GitHub To Update Script
| 7) Quit
+===================================+
| [ Build: STABLE Ver: 001 ] |
+===================================+

6.

Adding a New Account

Since you are running behind NAT, you will not be able to use the WHM Admin UI to add or remove accounts. This should now all be done via the new script.

Using Option 3) we will add a new account.

What is the domain name you would like to setup?
spicecentral.net

What username would you like to setup?
spice

What password would you like to setup?
johnwayne1234

Preparing DNS Zones For WAN IP
Detecting Zone Template Backups

Backups Exist Copying To Main Folder For Setup

Setting Up Zone Templates With 169.161.136.110
/var/cpanel/zonetemplates/root_standardvirtualftp converted
Done

+===================================+
| New Account Info |
+===================================+
| Domain: spicecentral.net
| UserName: spice
| PassWord: johnwayne1234
+===================================+

This ok? y
Checking input data……Done
WWWAcct 12.5.0 (c) 2013 cPanel, Inc…….Done
Running pre creation script (/usr/local/cpanel/scripts/prewwwacct)……Done
Adding User……Done
Copying skel files from /root/cpanel3-skel/ to /home/spice/……Done
Adding Entries to httpd.conf……Done
Setting up Mail & Local Domains……Done
Configuring DNS……Done
Restarting apache……Done
Updating Authentication Databases……Done
Verifying MX Records and Setting up Databases……Done
Sending Account Information……Done
Running post creation scripts (/usr/local/cpanel/scripts/legacypostwwwacct, /usr/local/cpanel/scripts/postwwwacct, /usr/local/cpanel/scripts/postwwwacctuser)……Done
Setting up Domain Pointers……Done
Setting Reseller Privs……Done
Account Creation Complete!!!……Done
Account Creation Ok
System has 1 free ip.

Dns Zone check is enabled.
+===================================+
| New Account Info |
+===================================+
| Domain: spicecentral.net
| Ip: 192.168.1.104 (n)
| HasCgi: y
| UserName: spice
| PassWord: johnwayne1234
| CpanelMod: x3
| HomeRoot: /home
| Quota: 0 Meg
| NameServer1: ns10.kit-llc.net
| NameServer2: ns11.kit-llc.net
| NameServer3:
| NameServer4:
| Contact Email:
| Package: default
| Feature List: default
| Language: en
+===================================+
Adding Shell Access (y)
Successlocaldomains…valiases …vdomainaliases…vfilters…Bind reconfiguring on perseus using rndc
Zone spicecentral.net has been successfully added
Password for spice has been changed
Updating ftp passwords for spice
Ftp password files updated.
Ftp vhost passwords synced
Reconfiguring Mail Routing:
LOCAL MAIL EXCHANGER: This server will serve as a primary mail exchanger for spicecentral.net’s mail.:
This configuration has been manually selected.

Bind reloading on perseus using rndc zone: [spicecentral.net]
System has 1 free ip.
wwwacct creation finished
Account Creation Ok

7.

Check your new Zone File

Login to your WHM UI and go to DNS Functions -> Edit DNS Zone

Select the newly created domain and click EDIT.

Now verify the Public IP address is present in the Zone File and not the NAT’d IP.

Change any IP addresses that may not be correct in the Zone File. If there are corrections to make, then you will need to manually adjust your Zone File Template for the standardvirtualftp Zone Template.

8.

Deleting an Account

Remember, you shouldn’t delete an account through your WHM UI if you are using this script.

We will use Option 4) to delete the account we just created.

you will be promoted for the user you wish to delete from the system. You must type in the user name you want to delete.

+===================================+
| cPanel NAT Main Menu |
+===================================+
| 1) First Time Setup
| 2) Update Everything
| 3) New Account
| 4) Del Account
| 5) Sub-Domains *use caution*
| 6) Check GitHub To Update Script
| 7) Quit
+===================================+
| [ Build: STABLE Ver: 001 ] |
+===================================+
4

forsythp insspec jimks kitcom kitllc kitpro secc spice triplej
spice
Running pre removal script (/usr/local/cpanel/scripts/prekillacct)……Done
Collecting Domain Name and IP……Done
Locking account and setting shell to nologin……Done
Killing all processes owned by user……Done
Removing Sessions………Done
Removing Suspended Info………Done
Cleaning Virtfs………Done
Removing Web Logs……Done
Removing Bandwidth Files……Done
Removing Email Sending Limits Cache……Done
Removing DKIM keys……Done
Removing Crontab……Done
Removing Virtual Hosts……Done
Removing user’s web content directory symlinks……Done
Removing MySQL databases and users……Done
Removing PostgreSQL databases and users……Done
Removing User & Group……….Done
Removing DNS Entries……Done
Removing Email Setup……Done
Removing mailman lists……Done
Updating Databases……Done
Removing bandwidth limits……Done
Removing Counter Data……Done
Adding IP back to the IP address pool……Done
Removing user’s cPanel Databases & Updating……Done
Reloading Services…proftpd: no process killed
…Done
Removing SSL keys, certificates, and signing requests……Done
Removing mail and service configs……Done
Removing Logaholic Webstats……Done
Sending Contacts……Done
Updating internal databases……Done
Running post removal scripts (/usr/local/cpanel/scripts/legacypostkillacct, /usr/local/cpanel/scripts/postkillacct)……Done
Account Removal Complete!!!……Done
info [killacct] User spice removed
User: spice
Domain: spicecentral.net
Locking password for user spice.
passwd: Success
Deleted domain: spicecentral.net
Successspicecentral.net => deleted from perseus.
Removing /etc/valiases/spicecentral.net
System has 1 free ip.

Id: TQ:TaskQueue:63
Updating ftp passwords for spice
Purging ftp user spice
Ftp password files updated.
Ftp vhost passwords synced
spice account removed

Conclusion

There may be some final tweaking, but these steps got our server up and running behind a NAT Firewall running DNS, Email, HTTP, SSH, FTP, WHM, cPanel. We wouldn’t recommend this configuration for a server you plan on using as an auto-provisioned hosting server for clients. Perhaps with a little more tweaking of scripts, etc. you can get it perfected.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply