How to Install WHM/cPanel on Rocky Linux

Rocky Linux has become the default community-supported RHEL rebuild since CentOS Linux shifted to CentOS Stream, and it is fully supported as a base OS for WHM/cPanel. This guide walks through installing cPanel on Rocky Linux 9, with the prerequisites, exact commands, licensing notes, and post-install hardening you need for a production-ready server.

Why Rocky Linux for cPanel

cPanel officially supports AlmaLinux, Rocky Linux, CloudLinux, and Ubuntu as base operating systems. Rocky is a 1:1 binary rebuild of RHEL with long support windows (Rocky 9 is supported through May 2032), which makes it a safe, stable choice for hosting platforms. You get the Red Hat ecosystem (RPM, DNF, SELinux, systemd) without the subscription cost, and cPanel's installer handles every dependency automatically.

Prerequisites

• A clean Rocky Linux 9 server (Rocky 8 is also supported until May 2029). Minimum specs: 2 vCPU, 4 GB RAM, 40 GB free root partition. Production recommended: 8 GB RAM, NVMe storage.
• Static public IPv4 with reverse DNS (PTR) matching the hostname.
• A valid cPanel license tied to the server's main IP.
• Root SSH access and a working DNS resolver.
• No pre-existing Apache, MySQL, Exim, or PHP installations. cPanel will refuse to install over them.

Step 1: Initial System Preparation

Log in as root and set a fully qualified hostname. cPanel refuses to install on unqualified or generic hostnames like localhost.

hostnamectl set-hostname srv01.example.com
echo "203.0.113.10 srv01.example.com srv01" >> /etc/hosts
dnf update -y
dnf install -y perl curl wget tar nano bind-utils

Disable firewalld (cPanel ships its own, and CSF will replace it later) and set SELinux to permissive. cPanel does not support SELinux in enforcing mode.

systemctl disable --now firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config

Step 2: Verify Kernel and Network

Rocky 9 ships with a 5.14 kernel suitable for cPanel. Confirm:

uname -r
# Expect: 5.14.0-xxx.elX.x86_64
hostname -f
# Expect: srv01.example.com
ping -c1 cpanel.net

Make sure hostname -f returns the full FQDN and that outbound HTTPS works, otherwise the installer will fail to pull packages.

Step 3: Run the cPanel Installer

The cPanel installer is a single shell script. Run it in a persistent session because the full install can take 45 to 90 minutes.

cd /home && screen -S cpinstall
curl -o latest -L https://securedownloads.cpanel.net/latest
sh latest

The installer bootstraps EA4 (EasyApache 4, the Apache/PHP stack), MariaDB (or MySQL if you set MYSQL_SUPPORT beforehand), Exim, Dovecot, Pure-FTPd, and the WHM/cPanel web interfaces. Watch for any dependency errors and let the script retry as needed.

Step 4: First Login

When the installer finishes, WHM is available at https://srv01.example.com:2087. Log in as root and complete the first-run wizard:

• Accept the cPanel EULA.
• Configure nameservers (ns1.example.com, ns2.example.com).
• Set a contact email and feature showcase preferences.
• Choose the default FTP and mail servers.

If the license is not yet recognised, register your IP in cPanel Manage2 and run:

/usr/local/cpanel/cpkeyclt

Step 5: Post-Install Hardening

A fresh cPanel install needs hardening before production traffic. Minimum baseline:

1. Install ConfigServer Security & Firewall (CSF/LFD):

   cd /usr/src
   wget https://download.configserver.com/csf.tgz
   tar -xzf csf.tgz && cd csf
   sh install.sh
   perl /etc/csf/csftest.pl

2. Enable ModSecurity with the OWASP Core Rule Set from WHM → ModSecurity Vendors.
3. Switch SSH to key-only authentication on a non-default port:

   sed -i 's/^#Port 22/Port 2222/' /etc/ssh/sshd_config
   sed -i 's/^#PermitRootLogin .*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
   sed -i 's/^#PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
   systemctl restart sshd

4. Enable two-factor authentication for root WHM under Security Center.
5. Install Imunify360 for anti-malware and brute-force protection.
6. Enable DKIM and DMARC for every account via WHM Email Deliverability.

Step 6: PHP Versions and Tuning

Use WHM → MultiPHP Manager to enable PHP 7.4 through 8.3, set the default to 8.2, and enable PHP-FPM with sensible pool settings. For high-traffic accounts, bump pm.max_children, enable OPcache with 256 MB, and allocate at least 512 MB of realpath cache.

Step 7: Backups

Configure daily incremental backups in WHM → Backup Configuration and ship them off-server to S3 or a remote SSH target. Never rely on local backups alone. Verify restores monthly by restoring a random account to a staging host.

Step 8: Monitoring and Updates

Add external uptime monitoring, and schedule cPanel's automatic updates via /etc/cpupdate.conf to track the CURRENT tier for test servers and STABLE for production. Reboot on kernel updates during a maintenance window to pick up security fixes.

Rocky vs CloudLinux: When to Switch

Rocky Linux is an excellent choice for single-tenant cPanel servers, VPS control panels, and small reseller setups. For multi-tenant shared hosting with many untrusted customers, CloudLinux adds LVE resource isolation that Rocky cannot provide. You can convert Rocky 9 to CloudLinux in place using the cldeploy script without reinstalling cPanel.

Managed cPanel on HA Infrastructure

If you prefer not to manage the OS yourself, our managed cPanel hosting, dedicated cPanel servers, and cPanel reseller plans all run on high-availability infrastructure with 24/7 support. Contact us to discuss a migration plan.

Published by the MassiveGRID team, specialists in cPanel hosting on Rocky Linux and high-availability infrastructure.