cPanel® Blog

Part 3: How I Built a cPanel Hosting Environment on Amazon AWS

In Part 2 of this series, we discussed selecting and launching a new Amazon Machine Instance (AMI), creating and configuring that instance to serve as a dedicated name server, and worked through configuring a DNS Cluster for use within your subnet.

Today, we will launch and configure a standard Web Server instance using cPanel 11.39 or newer. I will discuss how to join the new instance to our existing DNS Cluster and how to ensure that 1:1 NAT is configured and working properly.

Below is a quick overview of the architecture implemented as well as instance types used for provisioning instances. While I can not link directly to specific AMIs (Amazon Machine Images), selecting your desired operating system and getting cPanel/WHM installed is a straightforward procedure.


  • First, I will discuss the reasons for configuring instances in certain ways as they relate to being on AWS, but this is not a lesson in web server management. Use of best practices falls to you.
  • Second, this model makes no assumption of complete configuration or security. Again, I will just be touching on the subtleties of using the AWS eco-system.

Some instructions below are borrowed from Amazon’s AWS User Guide.

AWS Diagram
A Representation of the Basic Network Architecture

This Lesson Includes

  • Creating and launching a new EC2 Instance (Web Server) within VPC
  • Applying a Security Group to an Instance
  • Configuring cPanel/WHM for a NAT Architecture on AWS
  • Joining a DNS Cluster

Create and Launching the Web Server Instance

Amazon EC2 instances are the fundamental building blocks for your computing needs in AWS. You can think of instances as virtual servers that can run applications and services. Instances are created from an Amazon Machine Image (AMI) and choosing an appropriate instance type. An AMI is a template that contains a software configuration, including an operating system, which defines your operating environment. You can select an AMI provided by AWS, our user community, or on the AWS Marketplace. You can also create and optionally share your own AMIs.  A single AMI can be used to launch one or thousands of instances.

There are thousands of freely (and commercially) available AMIs available to choose from. You can also opt for building your own from the ground up. In my case, I chose a vanilla CentOS 6 AMI and built my name servers from there.

An important aspect to understand about the AWS eco-system is a term called “Regions“. Regions are just that, geographical locations of the datacenters that house your services in AWS. Amazon offers numerous regions all at different price points. I generally build out an infrastructure in a single region and then duplicate the infrastructure to a separate region. I then can use AWS ELB (Elastic Load Balancing) to direct traffic to different regions or for failover. In this tutorial I will be operating in the N. Virginia (East 1-A) region. More on regions can be found here.

While I will walk you through launching your instance, I will skip the installation step for cPanel Services merely for brevity. Let’s begin.

Choose an AMI

  1. Open the Amazon EC2 console at
  2. Click “Launch Instance” in the top menu.
  3. Click the “Classic Wizard” radio and click “Continue“.
  4. Choose one of the four tabs to search for your desired AMI. Keep in mind, AMIs are region specific so when launching a new AMI ensure it is in the same region as your VPC.

Instance Details

AWS Diagram
  1. Select the “Instance Type: T1 Micro“. A T1 Micro Instance is sufficient for testing a basic web server. (More on Instance Types).
  2. Select the “Launch into: EC2-VPC” radio button.
  3. Accept the default subnet since we only have one (unless more were configured, select accordingly).
  4. Click “Continue“.

AWS Diagram

  1. Kernel ID and RAM Disk ID can both be kept as “Use Default“.
  2. While an additional charge will be incurred, it may be advantageous for you to enable CloudWatch Monitoring. I choose to enable it.
  3. Important: Make sure you enable Termination Protection by checking the box labeled “Prevent against accidental termination.” This helps prevent you from deleting an instance or volume store without you first disabling this protection.
  4. Also Important: Ensure “Shutdown Behavior” is set to “Stop” and not “Terminate”. When an instance is terminated, it is deleted from your VPC/EC2 account and is not recoverable.
  5. Now we want to set a Static Private IP for our instance. VPC comes built in with a DHCP server but we really don’t want our instance IPs to be changing. Set an appropriate IP address for your instance. I chose “” based on my subnet range. (Remember our Name Servers were “” & “” respectively)
  6. Click “Continue“.

AWS Diagram

Understanding AWS storage can be somewhat overwhelming but it is really quite simple. AWS uses two primary storage types. “EBS” and “Instance Store“. In all practical instances, you will want to use EBS. The differences are simple really.

EBS Storage is physically separate storage that is backed by Amazon S3 and is independent of your instance. EBS volumes can be attached/detached to Instances much like plugging in a thumb drive. You can also take snapshots of EBS volumes making backups/recovery simple. EBS storage is a safer option because if a region goes offline or fails completely, the likely hood of recovery of your EBS backed volumes are significantly greater than Instance Stores because of the physical location separation. When you terminate (delete) an instance, unless you say otherwise, the EBS volume associated with that instance will still be available. EBS volumes can also be resized and scaled. More on this later.

Instance Store is a storage volume type that is tied directly to an instance. Instance stores cannot be managed and cannot have snapshots taken. Instance stores are also not persistent, meaning, if you boot an instance, make changes to the volume (create/delete files, etc) and then stop the instance, the next time you boot the instance, any changes made will not be available. The instance essentially resets to a fresh state every time you boot. Instance stores are useful in an application specific environment where a particular instance has one job to do.

Important: When selecting an AMI, ensure that the Storage Type indicates “EBS-Backed if that is the storage type you want to select.

  1. Accept the defaults of your selected AMI and click “Continue“.

AWS Diagram

Naming convention is entirely up to you, however, I recommend using a standard naming schema throughout your VPC. This makes for easier maintenance and management. I generally set the “Name” key to the hostname of the instance, and create an additional key “Type” and set it to the function of the instance, in this case VS (Virtual/Web Server).

Click “Continue“.

Create KeyPair

AWS Diagram

Public/private key pairs allow you to securely connect to your instance after it launches. For Windows Server instances, a Key Pair is required to set and deliver a secure encrypted password. For Linux server instances, a key pair allows you to SSH into your instance.

Select the previous key pair we created in Part 2 titled “vpc_keypair“.

Click “Continue“.

Configure Firewall

AWS Diagram

  1. Select the “VS_SG” Security Group that we created in Part 1.
  2. Click “Continue“.


AWS Diagram

  1. Review and verify the Instance details.
  2. Click “Launch“.

Allocating and Associate an Elastic IP

Elastic IP addresses are static IP addresses designed for dynamic cloud computing. An Elastic IP address is associated with your account, not a particular instance (but can be associated to an instance), and you control that address until you choose to explicitly release it. Unlike traditional static IP addresses, however, Elastic IP addresses allow you to mask instance or availability zone failures by programmatically remapping your public IP addresses to any instance associated with your account. Rather than waiting on a data technician to reconfigure or replace your host, or waiting for DNS to propagate to all of your customers, Amazon EC2 enables you to engineer around problems with your instance or software by programmatically remapping your Elastic IP address to a replacement instance.


AWS Diagram
  1. Open the Amazon VPC console at
  2. Click “Elastic IPs in the left hand navigation menu.
  3. Click the “Allocate New Address” button in the header menu.
  4. Set “EIP Used In:” to “VPC“. (Elastic IPs allocated outside of a VPC to EC2 cannot see VPC Instances).
  5. Click “Yes Allocate“.


AWS Diagram

  1. Open the Amazon VPC console at
  2. Click “Elastic IPs” in the left hand navigation menu.
  3. Locate your newly allocated IP Address in the list and click the selection box (or right click) associated with the address.
  4. With the address selected, click the “Associate Address” button in the header menu.
  5. Select your new Instance from the “Instance” dropdown and the correct Private IP should be selected by default.
  6. ImportantEnsure that you enable “Allow Reassociation“. This tells the VPC to reassign this EIP to this instance in the event of a reboot or shutdown. If you do not enable this option, you will have to manually re-associate the EIP with the Instance.
  7. Click “Yes, Associate“.

Configuring cPanel/WHM

At this point, you have a brand new Instance with an Elastic IP associated to it. The first thing you want to do is login to your instance via SSH using your newly acquired KeyPair. As I said previously, I won’t be going over the steps for installing cPanel, although they are straightforward.

Pre-configured AMIs will always have a root password set which you will inherently have to change to be able to login to cPanel. This is a quick, yet necessary step to complete before continuing.

SSH into your instance as root and run:


Modify your password and continue.

Initial Setup

  1. Assuming you have installed cPanel/WHM, In a web browser, navigate to:

    Where <elastic-ip> is replaced by the Elastic IP Associated to your new instance.

  2. You will be prompted for login credentials. Username will be ‘root’ and the password will be your new modified password.
  3. ‘Read’ and Agree to the Terms and Conditions and continue to Step 2.
  4. Enter your Contact Information.
  5. Enter the hostname of this instance. In my case, I chose ““.
  6. Enter your primary and secondary resolvers. I choose to use Google’s Resolvers located at “” and” respectively.
  7. Ensure Main Network Device is set appropriately. It will most often be eth0.
  8. Save and Go To Step 3.

AWS Diagram

Ensuring Proper NAT Detection

Officially, cPanel’s NAT feature should only be used on fresh installs of cPanel/WHM. The automatic detection of the NAT architecture will not occur properly on an upgraded system, however, we can force 11.39+ to manually check for a NAT instance. I will first go over the expected results of a “fresh-install” and then I will review how you can enable NAT on an updated instance. Note: To the best of my knowledge, cPanel prefers you do a fresh install when using NAT so please proceed at your own risk.

  1. In Step 3, we won’t be adding an additional IP. You will see your current IP address in the “Current IP Addresses” block. In my experience, I’ve seen the internal/local IP for the instance here, you may see the external IP address instead. We will verify in the next few steps.
  2. Click “Go to Step 4

You should now be directed to the DNS configuration. Since we are implementing a clustering environment, we will not need to run local DNS services.

  1. Select “Disabled” in the “Nameserver Configuration” block.
  2. Configure your Primary and Secondary name servers with the hostnames of the two instances we configured in Part 2. In my case, “” and“.
  3. Keep all other values at their default settings.
  4. Click “Save & Go to Step 5.

Mail server configuration is completely up to you and should be configured on your own environment’s needs.

  1. Configure your Mail settings.
  2. Click “Save & Go to Step 6 .

Depending on the type of instance shared/dedicated you may wish to enable/disable file system quotas.

  1. Configure your File System Quota settings.
  2. Click “Finish Setup Wizard.

Verifying NAT

We will now go through a few steps in verifying your cPanel is properly detecting your NAT and properly mapping it to the external/public IP address.

  1. In the left hand menu, under Server Configuration, click “Basic cPanel & WHM Setup“.
  2. In the Basic Config section, ensure the field described as “The IP address that will be used for setting up shared IP virtual hosts” is displaying your external/public IP address. If something other than your external/public IP is displayed, read below.
AWS Diagram

I’ve encountered a few scenarios where either a random local IP (mainly inherited from a cloned instance) will be displayed in this IP field. If the IP shown IS NOT your external/public IP and IS NOT the correct internal/local IP:

  1. Enter the correct Internal/Local IP.
  2. Click “Save Changes”.

Now that our Main/Shared IP is set correctly, let’s verify the current IP mapping.

  1. In the left hand menu, under IP Functions, click “Show or Delete Current IP Addresses“.
  2. If cPanel has properly detected the NAT, you will see a “NAT Mode” heading with a box below displaying the Local IP and the Public IP that it is being mapped to.  Click the “Validate” button to ensure that the mapping is functioning properly.
AWS Diagram

Forcing NAT Detection

In some cases, NAT Mode will not be automatically enabled or detected. If the steps above produced Local IPs instead of Public IPs, you will probably need to force cPanel to detect your NAT. This can be done in a few simple steps. As I said before, please follow these steps at your own risk as cPanel does not officially support an installation that has been “upgraded” to NAT.

SSH into your instance as root and run:


If your NAT was detected you should receive an output similar to the one below.

AWS Diagram

Assuming NAT was manually forced and detected properly, repeat the steps in “Verify NAT” above to ensure cPanel has detected and mapped your IP properly.

DNS Clustering

DNS cluster is a group of nameservers that share records. A DNS cluster allows you to physically separate your nameservers so that if a web server loses its connection, you still have DNS functionality. This will allow visitors to reach websites on your server more quickly after the web server comes back online.

Since we have already enabled our Clustering Servers ( & I will go through the steps required to join our server to the cluster.

  1. In a web browser, navigate to:

    Where <your-nameserver> is replaced by the hostname to your first nameserver instance.

  2. You will be prompted for login credentials. Username will be ‘root’ and the password will be the password you set.
  3. In the left hand menu, under Cluster/Remote Access, click “Setup Remote Access Key“.
  4. You will be given a long string designated as “Access key for user ‘root’.” Copy this key to your clipboard or a temporary text document. Note: An access key is essentially login certificate that gives anyone with access to the key complete control over cPanel/WHM. Never share this key with anyone and never save it anywhere. The key can always be accessed from within WHM.
  5. Next, in a new tab, navigate to

    Where <your-webserver> is new instance created to act as the web server. In my case ““.

  6. You will be prompted for login credentials. Username will be ‘root’ and the password will be the password you set.
  7. In the left hand menu, under Cluster/Remote Access, click Configure Cluster“.
  8. In the “Remote cPanel & WHM DNS host:” field, enter the hostname of the nameserver you just copied the access key from. In my case, ““.
  9. In the “Remote server username:” field, enter “root“.
  10. In the “Remote server access hash:” field, paste in the Access Key you previously copied from the nameserver.
  11. Ensure that “Setup Reverse Trust Relationship” is checked.
  12. Debug mode can remain disabled.
  13. Set “DNS Role:” to “Synchronize Changes“. This setting is specific to the server type, but generally will be set to Synchronize Changes.
  14. Click “Submit“.
AWS Diagram

The server will now make an attempt to establish the Trust Relationship with the cluster. If the connection succeeds you will see a verification message “The Trust Relationship has been established… and “The new role for <ip> is sync“.

Click the “Return to Cluster Status” link.

Verify DNS Clustering

On the Configure Cluster page of your virtual server, in my case ““, ensure that you see the established relationship with your nameserver.

AWS Diagram

Refresh the Configure Cluster page of your nameserver, in my case ““, ensure that you see the established relationship with your virtual server. On the nameserver side, you will see a DNS role of your virtual server set as “Standalone”, this is intentional and expected.

AWS Diagram

Note: In some instances, I’ve experienced situations where the virtual server will indicate that it had succesfully established a reverse trust relationship with the nameserver, but upon verifying the cluster on the nameserver, I either did not even see the virtual server displayed in the cluster or I received authentication errors. The solution is to follow the steps above for creating the Access Key and adding a server to the cluster but do it on the nameserver as well. You shouldn’t run into this issue but if you do, post in the comments and I am happy to help sort it out.

Additional Note: Depending on how your firewall rules are setup, DNS clustering could fail if the proper ports are not opened.  To ensure you are opening the proper ports, have a look at Getting the Most Out of Your System’s Firewall, which details cPanel’s commonly used ports.


At this point you have a single virtual server,,  configured for NAT and with DNS Clustering enabled. We have joined the instance to one of the nameservers in our DNS Cluster.

You do, however, need to repeat the DNS Clustering steps for the secondary nameserver, presumably

You can continue configuring your server how you would normally for your own environment. cPanel/WHMs NAT implementation is pretty transparent to the user. You rarely need to take into consideration the fact that you are behind a NAT architecture. cPanel simply translates your Local IP to your Public IP wherever it is required. Seamless. The NAT Team at cPanel worked very hard to ensure that everything just works.

While this is a very basic setup, all of the possibilities of this infrastructure within AWS are too numerous and out of scope for this tutorial. I am more than happy to field questions and comments below if you have a more challenging project.


Already using Amazon Web Services? Check out the cPanel & WHM listing in the AWS Marketplace and start building your own cPanel hosting environment.

  • Andre Siqueira


    First, sorry for my english, I hope you understand.

    I am testing a WHM/Cpanel installation on an Amazon EC2 instance for a WordPress Multisite network.

    The entire install seemed to go well with activated NAT mode, and Elastic IP associated with the public IP … The DNS configuration looks correct …

    What I have:

    Public IP:
    Private IP: 172.31.xx.xx

    The WordPress is installed in /home/example/public_html

    In WHM created a package and a user to the Default domain and installed WP for this new user.

    In the browser when I type or any subdomain, works perfectly. But when I type the public IP, opens the error message in cgi-sys/defaultwebpage.cgi

    But I need to enter the IP open the site normally, so that the mapping wp multisite function properly.

    Configuration file:



    format: combined
    target: /usr/local/apache/domlogs/

    format: “”%{%s}t %I .\n%{%s}t %O .””
    target: /usr/local/apache/domlogs/
    documentroot: /home/example/public_html
    group: example
    hascgi: 1
    homedir: /home/example/public_html

    path: /home/example/public_html/cgi-bin/
    url: /cgi_bin/
    directoryhomeexamplepublichtml: {}


    format: “”%{%s}t %I .\n%{%s}t %O .””
    target: /usr/local/apache/domlogs/
    directoryhomeexamplepublichtml: {}

    group: example
    ifmoduleruidmodule: {}

    ip: 172.31.xx.xx
    owner: root
    phpopenbasedirprotect: 1
    port: 80

    path: /home/example/public_html/cgi-bin
    url: /cgi-bin/

    path: /home/example/public_html/cgi-bin/
    url: /cgi-bin/
    usecanonicalname: ‘Off’
    user: example
    userdirprotect: ”



    ServerName 172.31.xx.xx
    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin someuser

    suPHP_UserGroup nobody nobody

    # Default vhost for unbound IPs

    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin someuser

    suPHP_UserGroup nobody nobody

    DocumentRoot /home/example/public_html
    UseCanonicalName Off


    How can I do to open the site when you type the IP?

  • great documentation with clear explanations, may be useful for the obat keputihan gatal crystal X and we all.

  • Michael Berntsen

    Hi. Got everything up and running, execpt MySQL. Used AMI cloudlinux + cpanel. Cpanel found MySQL RPM in unmannaged state. Anyone encountered this before and have a solution?

    • Chris

      I could be wrong, but I’ve read somewhere that the cloudlinux + panel AMI runes Madia DB by default and not MySQL….this “may” have something to do with it

  • peconi


  • Daniel

    Hi all, i have set all the steps And i was able to acces cpanel,,, however it doesnt seems that the common cpanl i used to see i my current paid system.
    I wondering the difference is that folowing the instructions i have installed the dnsonly version and it has nnot most of the options of the full version. do i missing something? Is something pending to me to do?
    Any help will be great

  • nagendra chowdhary

    am using free amazon hosting for the first year. its up and running no any issues with amazon.
    Regards – marketplace scripts

  • José Morettoni

    Hy George,

    I have a problem with the Configure Cluster step.

    1- I copy remote access key from NS1 cpanel instance .

    2 – And Go to vs1 cpanel and configure cluster.
    – remote cPanel & WHM HOST :
    – remote server username : root
    – remote server access hash : past the code copy in cpanel ns1 instance.
    – Setup reverse trust relationship : checked
    – Sync Changes Selected

    But when I click submit , cpanel return this message :

    There was an error while processing your request: Cpanel::PublicAPI returned [Could not connect to XX.XX.XXX.XX:2087: Connection refused] .

    And the IP XX.XX.XXX.XX show in error doesn’t NS1 ELASTIC IP.

    You can help with this ?

    • Hi Jose, are you using a licenced Full cPanel version ?? or just using dnsonly with another host manager?


  • thank you . nice article 🙂
    can you tell me where are you from ?:)
    آپلود عکس

  • Veena

    Any of you know how Amazon handles the abuse/phishing complaints
    directed at the Elastic IPs on our EC2 instances? Do they shutdown the
    instances or give enough time to resolve issues?

    Thank you.

  • Charles Milliband

    This is the best AWS/EC2 cPanel/WHM documentation online…

    Good job George,

    We look forward to hear from you about Part IV!

  • karlmonson

    Hey George did part 4 ever get completed? I’m really looking forward to it!

  • Raquel Costa

    Did you install WHM&Cpanel on all 3 EC2 instances? (NS1, NS2, and VPS)
    Please respond! 🙂 thank you

  • @georgebohnisch:disqus Thank you very much for the detailed documentation..looking forward to seeing part 4

  • Allen Hubble

    Really hoping to see Part 4 soon.

    • Jayden Lawson


  • Good post!

  • Black Tree IT Ltd.

    Hi George,

    Great documentation!

    Could you please let us know when you will release the 4th series.

    Thank you!

  • lucasrolff

    When will part 4 be available?

    Also how does cpanel scale on AWS. The reason I’m asking is, that currently we use dedicated servers for our infrastructure to host cpanel on, but we have a lot of ‘spare’ hardware, so if we can scale cpanel using AWS it would be more cost efficient. But can you cluster the actual nodes in AWS to make your own ‘cloud’ of a bunch of lets say m1.small instances (Just an example).

    I would really like to know more about this, because it would in the end, increase the redundancy for the setup, and make people sleep better at night, if you don’t rely on a specific server, but on a big setup instead.

    • Mike

      Cloud on cloud would probably get complicated. The principle behind the cloud is that parts of what you are hosting can be in different parts of a data center. Installing a cloud on a cloud could make things slightly more complicated to fix if something went wrong.

      • lucasrolff

        What I mean is, you buy 2 m1.small instances, and cluster them, because there will be at a point, where you can’t get bigger instances.

        As far as I can see, the biggest insance currently is cc2.8xlarge which has 32 cores, 88 ECU and 60.5 GiB memory..
        If you want the double, thats not possible.

        So my question was, if you can take 2x cc2.8xlarge, and cluster them together as one machine, to get 121GiB memory, 176 ECU and 64 cores.

        But seems like the part 4 won’t arrive anytime soon 😛 so we’ll be left in no-where

        • Mike

          I see what you mean. Instead of clustering, another approach might be to specialize your servers. Webservers if configured correctly don’t really need to be that large. Database servers will likely require more resources. You can plan out how many site your would like to host on a single server and start out with an appropriate size at that point. Maybe also host databases on an additional server. So ideally you have two micro nameservers, one webserver, one database server. Once you get them all working together. You can decide the next course. Maybe you replicate this exact setup on the west coast. Then load balance the two, that way you get reliability and traffic control. Or you can create/or grow the servers as needed. With AWS you have an infinite number of options. I will say that you should definitely consider the replication route as AWS instances are known to shut down without warning.

  • Lee

    Part 4 seems like it’s non-existent?

  • Dave D

    How much does it cost to get all these?

    I’d like to know more about how to scale this up.
    sounds very challenging

    • harishchouhan

      +1 me too.

  • Gavin Hamill

    This seems like a really dangerous idea!

    The ‘prime directive’ of designing on AWS is ‘design for failure’ because EC2 instances will die, it’s utterly expected and normal.

    By stacking cPanel onto AWS without doing anything in the realm of replication, then you *will* have a bad time and poor customer experience!

    • Mike

      The author advised replicating infrastructure to a different region. AWS can then can be configured to failover if an instance dies. You could do this in multiple regions ensuring near 100% availability.

  • Ogecan

    We created 30 GB EBS volume from Amazon AWS panel. We need high capacity and flexibility. However cPanel shows only 7.9 GB as /dev/xvde. How can we scale it? What’s the problem? We followed all of the steps.

    • Mike

      Google expanding EBS volume. Its actually pretty straight forward. Power down VM. Detach EBS. Snapshot it. Make a bigger EBS Volume. Restore EBS snapshot to larger volume. Re-attach to VM. Power up VM. In some cases after checking disk size, it may show the old space. You have to SSH into the VM and expand the filesystem to make the new space usable.

  • tylercollier

    Can you tell us if you’re waiting for 11.39 to be considered stable before you post part 4? In the previous articles you said what was coming in the next article, but I can’t tell what’s missing thus far and should be expected in part 4.

  • Lance Redgrave

    Keen to see part 4 too

  • luisfalcon

    Hello, I tried installing a copy of cpanel on a ec2 instance… no vpc, it works fine so far for the most part, but i can’t get ftp to work, it connects, logs in but nothing more, it won’t do anything else until timeout. Do you have the same problem?

    I have everything open in the security group. Oh, and sftp works just fine…

    • Mike

      In his article he described needing a VPC for setting up the server. For FTP there are passive ports that must be opened I think 20000-50000 something crazy like that. Each time an FTP client connects, they start connection on like 21, but then a second connection opens randomly in one of the other ranges. In your ec2 verify firewall rules either in aws control panel or iptables or equivalent on VM.

  • Lee

    Hi George, just wondering when part4 will be posted?

  • Glen Barnhardt

    Hi George, This series is perfect. I have been running hosting for many sites on AWS for quite some time. It’s very tedious to do everything from the command prompt.

    In my setup I did not see any place where the dnsonly version could be upgaded to 11.39+. Are these to stay at the current build or am I missing something?

    I upgaded the VPS to but it says that it should be a fresh install. I didn’t see anyway to download the EDGE version for a fresh install.

    Last question. Which license is required for this VPS or Dedicated? I’m asumming VPS because they are Virtual Servers.

    Thanks again for the great tutorial,
    Glen Barnhardt

    • Mike

      VPS license only for the webserver not the dns servers. The DNS servers do not require a license. In Cpanel-DNS control panel, left side, upgrade to latest version.

  • Darth Dan

    Loving these articles. I may have missed it, but how much does something like this cost?

    • Darth Dan,

      I never imply the costs simply because everyone’s costs can vary greatly depending on so many factors. I can tell you in my case I saved somewhere between 40%-50% over my costs of owning hardware outright.

  • Christopher Errey

    Hey George,

    I have almost completed this, however I am stuck at the NAT section. My “Show or Delete Current IP Addresses”, does not look like yours. It only shows my local ip address.

    I cannot find the /scripts/build_cpnat as mentioned. Where is the file? Is there something else I can do to enable NAT mode.

    • Christopher,

      What version of cPanel are you running? Currently 11.39 is pushed on EDGE so unless you’ve updated to EDGE you won’t see it.

      • Guest

        Currently I am using EDGE, I resolved it by installing a fresh version of cPanel Edge. Just waiting for my glue records to resolve.

      • Christopher Errey

        Having issues with the clustering for sub domains. My main domain works fine, however my subdomains setup through cPanel do not resolve. I have looked at the zones and the correct “A Record” is there on the VPS.
        I had to add remote keys on my name servers for my VPS server.
        I have my name servers => VPS set on standalone.
        I have my VPS => NS set on synchronise. Though my VPS is set to Edge, the DNS-Only are not? Could DNS-Only being stock standard latest be the problem?
        Should my VPS have DNS clustering enabled? Can you suggest any fixes for this scenario to get sub domains to work?

        • If you are using the Nameservers as your primary DNS then yes you absolutely need to have clustering enabled on the VPS otherwise you are not propagating your updated records to the Nameservers.

  • Kostya Shevchenko

    Hello George,

    It is usually recommended to keep nameservers as far apart as possible (both network-wise and geographically). With your setup both nameservers are sitting in the same subnet, at the same datacenter and quite possibly on the same physical machine. Wouldn’t it be reasonable to set up NSes in different regions? (this raises another question – maybe dumb – what’s the benefit of keeping the lot as a VPC when all instances get their own public IPs and only communicate using those?)

    And most importantly – is there any possibility of attaching Amazon Route 53 to WHM instead of using dnsonlys cluster?

    • Kostya,

      It is a reasonable option to separate Nameservers by region. If not both then at least have NS1 in the same subnet and have NS2 in a different region. Alternately you could have NS1/NS2 together and NS3/NS4 in another region. I simply set these up in the same region in the tutorial for simplicity and brevity. Like I said at the beginning, these are nowhere near setup complete and are just given as procedural instructions for setting up DNSONLY/WHM/cPanel on AWS and not a complete scenario.

      Unfortunately WHM does not support Route 53 natively (that would be a fantastic feature, try requesting it at, but there is nothing that says you can’t write the functionality yourself.

      The advantages of using the VPC is for a few reasons:
      – EC2 only allows 5 Elastic IPs for a single instance and I believe 10 total. VPC does not have a limit (once you have the limit removed by request)
      – EC2 blocks many SMTP connections which can cause issues, VPC does not when you request the limits lifted.
      – If you have a reason to run database servers or application servers that you want to reference with the private IPs you can have that with VPC, you cannot with EC2
      – It creates a logical separation and grouping for your instances and allows you the ability to easily run monitoring like Nagios using private IPs assuming you don’t want your Nagios server to have a public IP
      – VPN capablities.

      I hope this helps and thanks so much for your comment!

  • Lee

    Good documentation. If you are scaling instances on mass though its a bit tedious. Isn’t there an easier way to do all of this using a chef recipie or puppet definition? It might be worth while explaining where all the config for this lives and how to use environment variables so that you only have to do this once.

    • Lee,

      Great question. In Part 4 I will cover creating your own AMIs based on a template system so that when you need to create a new cPanel instance, its as simple as two clicks and you have a fresh cPanel install in less than 2 minutes.

      Stay Tuned.

      • Lee

        AMIs in my opinion need to be bare bones because revision controllability is poor. One should always perform post OS tasks outside the scope of a templated model otherwise you will find yourself constantly launching new intances or backporting changes to your templates, ending up in a maintenance nightmare. Check out chef or puppet to perform these kinds of tasks.

      • Will horizontal scalling be possible ?
        will I be able to use multiple instances of EC2 to act as one large server.
        or will I be able to put my mysql in another server ? (If so will I need separate licences for each cpanel ?)

  • amnaasad

    dear when will you post the next part

  • This is Awesome! Giving it a try 🙂

    Really good documentation! friggin awesome!

    Does anyone know of a service that sets this all up for a fee? I would like to migrate about 3000 domains to this ASAP as the cost for dedicated servers for exceeds the cost of running a hosting business on AWS/EC2.