Secure your CyberPanel Server – CyberPanel Security Add-on
About CyberPanel
CyberPanel is a well-known Linux server control panel that makes it easy to spin up web hosting servers powered by LiteSpeed and Openlitespeed Web Server. It is a multi-user control panel where you can easily create new websites with individual user access with an email feature. It has both free and pro versions available and the project is open-source.
How to secure CyberPanel server using cPGuard
As a web security suite, cPGuard can protect your CyberPanel server using its modules that operate in various layers. The installation and configuration are simple and driven through cPGuard Standalone configuration options.
To install cPGuard on your CyberPanel server, use the following command
cd /usr/local/src && rm -f cpguard_install.sh && curl -o cpguard_install.sh -L https://downloads.opsshield.com/cpguard/cpguard_install.sh && bash cpguard_install.sh LICENCE-KEY
- LICENCE-KEY – This is the license key that you have purchased and wish to apply to your server. This is mandatory to complete installation and bind your server to the App Portal
After running the above command, the installer script will run and install dependency packages for your Operating System. Once the dependency packages are installed successfully, you need to proceed with the Standalone configuration for CyberPanel.
The Standalone configuration has 2 main sections..the Web Server Configuration and WAF Configuration. You can refer to the following images to configure each section
1. Web Server Configuration
web_server = litespeed OR openlitespeed -> Enter which is applicable on your server
web_server_conf = /usr/local/lsws/conf/httpd.conf -> This is required for Litespeed Only
domain_list = /opt/cpguard/app/scripts/cyberpanel_domain_list.php

2. WAF Configuration
waf_server = litespeed OR openlitespeed -> Enter which is applicable on your server
waf_server_conf = /usr/local/lsws/conf/modsec.conf
waf_server_restart_cmd = /usr/sbin/service lsws restart
waf_audit_log = /usr/local/lsws/logs/auditmodsec.log

Whitelist App Portal IPs in CyberPanel Firewall
After successful installation, you need to allow cPGuard App Portal IPs to connect to the cPGuard agent service, which is listening on TCP port 9098. To do this, you need to go to CyberPanel >> Server >> Security >> Firewall and whitelist the following IP addresses for TCP port 9098 access. Example is given in the below image
137.184.200.210
159.89.87.35
167.99.149.179

Once the firewall whitelisting is completed, you can go to the App Portal and manage your server.