Control Web Panel (CWP) is a free server administration tool for Enterprise Linux-based distributions. A mature cPanel replacement, formerly known as CentOS Web Panel, CWP has the ability to manage everything you’d need within a cloud server:
- SQL databases
- Raw system files
- Web server configuration
There’s also CWPpro, a premium version with additional features. However, all of those features can easily be replicated with native or third party software.
- Install Control Web Panel (CWP)
- Getting Started with Control Web Panel
Install Control Web Panel (CWP)
CWP is available for CentOS, Rocky, Oracle, and AlmaLinux distributions. Log into SSH as root.
- Install EPEL:
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- Update YUM:
yum -y updateThis may take a few minutes.
- Restart your server to apply updates:
- Login again and navigate to your “/local” directory instead of using your user directory to download CWP:
- Download the latest CWP package:
- Install CWP:
sh cwp-el8-latestThis will take a few minutes as it compiles Apache and PHP from source code. Once the installation completes you’ll see your login credentials and URLs: http://YourServerIP:2030 (no valid SSL certificate) or https://18.104.22.168:2031 (with SSL). The MailServer info will state the self-signed SSL cert file location. You’ll need to save the root MySQL password in a password manager.
- Restart the system:
Log into Control Web Panel
Log into Control Web Panel (CWP): https://YourServerIP:2031 or https://YourHostname.com:2031. Login as the root user. If the root user doesn’t have a password already, create one with the “passwd” command.
At the top you’ll see recommendations to set up email notifications and change your SSH port number.
Getting Started with Control Web Panel
On the bottom right you may see security tips to set up ModSecurity and ConfigServer Security & Firewall (CSF) + Login Failure Daemon (LFD). Below we’ll cover how to configure them.
ModSecurity Web Application Firewall (WAF)
Select the “here” link in the ModSecurity pop-up to protect your data from application layer cyber attacks including code injection.
On the next page select “Install Mod Security Now.” Close the installation log after the process is complete.
You’ll now have options for processing ModSecurity rules and logs. The default settings are sufficient (process rules and log noteworthy events). Select “Save configurations” at the top after any changes. On the right, select “Test ModSec” to attempt accessing the database with PHP. The new page should display a “Forbidden” error. Remove “https://” and try again if you don’t have a valid SSL installed at this point. If you prefer to test your server from the terminal you can use “curl.” It should still return a 403 error.
curl http://22.214.171.124/index.php?SELECT * FROM mysql.users
ConfigServer Security & Firewall (CSF)
Select the “here” link under “Firewall – SECURITY ISSUE” to install host-based CSF and close unused ports.
At the top you’ll see a notification reading “Firewall is Disabled.” Underneath it, select “Enable Firewall.” CSF will automatically open the most commonly used ports. You may need to refresh the page after a minute to see the completion message: “csf and lfd are not disabled!”
Select “Back” at the top of the page to modify the firewall:
- Temporarily allow and deny IP addresses
- Whitelist and blacklist IPs
- Open TCP / UDP ports (right side of the page)
Before you change your SSH port from 22, ensure you open the new TCP port in CSF.
When you configure ports, you’ll be editing the raw “/etc/csf/csf.conf” file. Edit port numbers in the following sections:
# Allow incoming TCP ports
# Allow outgoing TCP ports
# Allow incoming UDP ports
Use Ctrl + F to find each section faster.
After saving your changes at the bottom, select “CSF Firewall” in the sidebar to access the settings again.
You can quickly access the Firewall manager from the dashboard.
If you don’t need cPanel, don't pay for it. Only pay for what you need with our Cloud VPS solutions.
CentOS, Debian, or Ubuntu No bloatware SSH Key management made easy