Jump to: navigation, search

Liquid web dedicated servers.gif

How to Configure cPanel 54 to use PHP 7 and PHP-FPM


Cpanel php7 php-fpm its happening.gif

Hoooorraaaay! Step 0 - Celebrate

Alright, now that we are done celebrating it's time to actually get this working.

As of December 2016, you can now install and enable PHP 7 and FPM using WHM's Easy Apache 4 UI. If you prefer to use cli / ssh, I've got you covered!

To utilize PHP 7 and PHP-FPM on cPanel 11.54 (54), you need to ensure that WHM is updated to the latest version, at this time that is WHM 54. Once you've updated WHM to version 54 you need to enable Easy Apache 4. Please note that EA4 is still in beta (as of March 1, 2016) and not yet considered to be "stable", but honestly, "stable" is boring and slow, I don't deal with any of that nonsense. To switch from EasyApache 3 to Easy Apache 4, run this command from the command line:

/scripts/migrate_ea3_to_ea4 --run

After you've converted the server to Easy Apache 4 you can use WHM's UI to run / configure the server, or you can use YUM to install the glorious PHP 7 packages that cPanel was kind enough to create for us. I ran an "rpm -qa | grep -i httpd" to get an idea of what I installed (because I sometimes don't note what I'm doing) Below is copypasta of what I have installed, some of this might already be installed on your own server, but who cares, it's a server, it will figure it out :) FYI, we are going to use Apache Event for this guide because it's better than prefork and worker and everyone else talks about Nginx, so yea.

yum install ea-apache24-mod_deflate ea-apache24-mod_ssl ea-apache24-mod_proxy ea-apache24-mod_mpm_event ea-apache24-tools ea-apache24-mod_proxy_http ea-apache24-mod_expires ea-apache24-mod_socache_memcache ea-apache24-mod_proxy_fcgi ea-apache24 ea-apache24-mod_suphp ea-apache24-mod_cgid ea-apache24-config-runtime ea-apache24-mod_suexec

Same thing with PHP, get them PHP 7 packages installed! You want to make sure you install PHP OPcache and FPM to get the best performance.

yum install ea-php70-php-curl ea-php70 ea-php70-runtime ea-php70-php-mbstring ea-php70-php-mcrypt ea-php70-php-cli ea-php70-php-zip ea-php70-php-odbc ea-php70-php-pdo ea-php70-php-opcache ea-php-cli ea-php70-php-common ea-php70-php-mysqlnd ea-php70-php-soap ea-php70-php-fpm ea-php70-php-gd ea-php70-php-iconv

Now it's time to make a few new directories under the cPanel account's /home/ directory, make sure to update permissions if you are doing this as root, both directories need to be owned by the cPanel user, not by root. Take note of these locations, we will be modifying some conf files later on.

mkdir -p /home/$cpanel_user/run/
mkdir -p /home/$cpanel_user/session/
chown $cpanel_user. /home/$cpanel_user/run/
chown $cpanel_user. /home/$cpanel_user/session/

Copy the default PHP-FPM configuration file, rename it after the cpanel user. After you have copied this file we will be making a few modifications to it.

cp /opt/cpanel/ea-php70/root/etc/php-fpm.d/www.conf.example /opt/cpanel/ea-php70/root/etc/php-fpm.d/$cpanel_user.conf

vim /opt/cpanel/ea-php70/root/etc/php-fpm.d/$cpanel_user.conf

Step 1: Change "[www]" to "[$cpanel_user]".


Step number two or three, or whatever the f**k number we're on..: Change "listen = /home/$cpanel_user/run/php56-fpm.sock". Since we are using PHP 7 we need to update the location of the listen .sock file, simply replace "$cpanel_user" with the cPanel user name, and replace "php56-fpm.sock" with "php70-fpm.sock" because we aren't using that old, slow PHP, we are using the new hottness!

listen = /home/$cpanel_user/run/php70-fpm.sock

Step 3: Change listen.owner = $cpanel_user to the cPAnel user, leave the alone, it should be set to nobody.

listen.owner = $cpanel_user = nobody

Step 4: Change user = $cpanel_user AND group = $cpanel_user to the cPAnel user.

user = $cpanel_user
group = $cpanel_user

Step 5: Change error log locations, and session file locations. If you don't update these locations PHP-FPM may complain about read / write permissions if your site / CMS uses sessions. The actual location of these directories doesn't matter too much, I chose to place them under the user's home directory, but really the session save path can be anywhere, just make sure the directory has permissions set for the cPanel user.

php_admin_value[error_log] = /home/$cpanel_user/logs/ea-php70-php-fpm.log

php_value[session.save_handler] = files
php_value[session.save_path]    = /home/$cpanel_user/session/
php_value[soap.wsdl_cache_dir]  = /home/$cpanel_user/session/

Step 6: Start up PHP-FPM, it won't work just right yet, but who cares, start it up anyway!

/bin/systemctl start ea-php70-php-fpm.service

Step 7: Create new includes directories for each cPanel user you plan on using PHP-FPM.

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/$cpanel_user/$
mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/$cpanel_user/$

Step 8: Create a new configuration files for each cPanel user

vim /etc/apache2/conf.d/userdata/std/2_4/cpanel_user/$

Add this to the newly created fpm.conf file, modify $cpanel_user

<IfModule proxy_fcgi_module>
     ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/home/$cpanel_user/run/php70-fpm.sock|fcgi://localhost/home/$cpanel_user/public_html"
     DirectoryIndex index.php

Copy this configuration file over to the ssl directory

cp /etc/apache2/conf.d/userdata/std/2_4/$cpanel_user/$ /etc/apache2/conf.d/userdata/ssl/2_4/$cpanel_user/$

Step 9: Restart services and run some cPanel scripts, because restarting services sometimes is a good thing.

/bin/systemctl restart ea-php70-php-fpm.service

Step 10: Create PHPINFO and verify that you are using PHP-FPM.

vim /home/$cpanel_user/public_html/phpinfo.php


// Show all information, defaults to INFO_ALL


Step 11: Enjoy PHP 7! If something doesn't work right, maybe PHP 7 is not for you, but odds are, it is, and your website now runs faster. Good job, take a break, you deserve it. Unless you done goofed, in which case, enjoy the image below.

Step 12: ensure that PHP-FPM is set to start on reboot!!!!

/bin/systemctl enable ea-php70-php-fpm.service

Upgrade cpanel 54.jpg

cPanel Tweak Settings Guide

You can find more information on how to tweak the "tweak settings" section in cpanel by visiting my tweak settings guide

Configure and Optimize SpamAssassin for a cPanel Account

Enable SpamAssassin in cPanel

Login to your cPanel account and look under mail then spamassasin in cPanel.

  • Have SpamAssassin send spam to a folder, or spam account instead of deleting messages. Until you have tested the scores out and make sure that good email actually gets through you should setup a temp email address, or a folder and have SpamAssassin send any "spam" there so you can later look through the folder or account to make sure you aren't deleting good emails.

My Enabled SpamAssassin Configuration looks like this:

CPanel General SpamAssassin Config.png

SpamAssassin Score Configuration

  • The lower the score the more aggressive Spam Assassin is with marking potential spam
1 -- Very Agressive
10 -- More Permissive
  • A2 recommends setting required_score to 3
  • In the score text boxes, you can assign scores to specific tests that SpamAssassin uses to examine incoming messages. A2 Hosting recommends using the following test scores:
URIBL_DBL_SPAM 10.0 10.0 10.0 10.0
URIBL_WS_SURBL 10.0 10.0 10.0 10.0
URIBL_BLACK 10.0 10.0 10.0 10.0
T_DKIM_INVALID 2.0 2.0 2.0 2.0
RDNS_NONE 1.8 1.8 1.8 1.8
DCC_CHECK 5.0 5.0 5.0 5.0
  • URIBL_* is checking blacklists such as Spamhause
  • RDNS_NONE is checking if the sending IP address has RDNS in place
  • DCC_CHECK checks the DCC checksum database to detect bulk mail

The final configuration should look like this:

CPanel SpamAssassin Config.png

Default cPanel SpamAssassin Scores

cPanel DEFAULTs to the following:

URIBL_DBL_SPAM 0 1.7 0 1.7
URIBL_WS_SURBL 0 1.659 0 1.608
URIBL_BLACK 0 1.775 0 1.725
RDNS_NONE 0 1.1 0 0.7
DCC_CHECK 0 1.1 0 1.1

Create User Level Filter for SpamAssassin Flagged Email

Once you have enabled and configured SpamAssassin you will want to create another email account, or a new folder that will automatically receive any email that is flagged by SpamAssassin. Once you have done this you will want to create a filter that looks like below. This will make sure that email is not lost.

Enable SpamAssassin bayes autolearn on cPanel

To enable bayes autolearn for a specific cPanel user you can edit the user's .spamassassin user_prefs file to include this option.

vim /home/$cpanel_user/.spamassassin/user_prefs

##Add These Two Lines

use_bayes 1
bayes_auto_learn 1

Save the file and then restart exim to have the new settings take effect.

service exim restart

cPanel User Filter Send Spam to Another Address

If you prefer to just send all email that is flagged as spam to a single address configure the filter to look like the image below. You could also set a Global Filter for all email accounts, this would make it easier to manage and if a single user is missing an email you can then login to the main spam account and look for the message there.

CPanel Email Filter For SpamAssassin.png

cPanel User Filter Send Spam to a Folder

If you only want to manage spam for a single email address, this is the best method to use. Create a new folder called "SPAM" then create a user level filter that sends any email marked as spam to that folder.

CPanel Email Filter Folder For SpamAssassin.png

Update SpamAssassin to avoid being blocked

If you are using as a blacklist with spamassassin you need to update a file which contains tlds, apparently the old file is causing issues with DNS lookups, so the RBL ends up blocking IPs even if there was not intent to spam. To get around this issue you need to replace a file on your server.

Grab the updated from svn, copy the original file in case something bad happens, then replace it with the new file and restart exim, which will restart spamd. This should resolve the issue.

cp /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Mail/SpamAssassin/Util/ /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Mail/SpamAssassin/Util/
mv /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Mail/SpamAssassin/Util/
service exim restart

How to use PHP-FPM and Apache Event on a cPanel Server

Before you attempt to install PHP-FPM on a cpanel server, you will want to run EasyApache and make sure you un-select all Apache MPMs other than Event and ITK (If you have many vhosts and want better security). Make sure you select mod_fastcgi (FCGI) as well.


Once EA has finished you can download the script below and install PHP-FPM. You will want to backup httpd.conf before you run this in case anything gets messed up. I found that I needed to start php-fpm after the script finished, if you don't make sure it's started then your sites will more than likely be down until you do this.

chmod a+x
./ install
/etc/init.d/php-fpm start

I found that by switching to PHP-FPM and Apache Event I was able to shave off around 1 second from my main page loading time. Previously I was at around 4 seconds, now I am around 3 seconds, so there is a large performance with PHP-FPM

You can view and configure each pool by modifying the per domain config files located here:


If you prefer to just use one global config file you can modify it here

vim /usr/local/etc/php-fpm.conf

If you want to use memcached you need to add the extension location in the main php-fpm.conf file. NOTE even if you have memcached listed as a php module (php -m) you must enable this specifically for php-fpm.

vim /usr/local/etc/php-fpm.conf
##Add this line to enable memcache usage
php_admin_value[extension] =

Then you need to restart php-fpm

service php-fpm restart

Git not working on cPanel

If you try to use git on a cpanel server and are unable to connect you will need to allow port 9418 in the firewall. If you use ConfigServer Security & Firewall you can edit this in WHM > Plugins > ConfigServer Security & Firewall. Then go to "Firewall Configuration" and allow port 9418.[0:]: errno=Connection timed out
fatal: unable to connect a socket (Connection timed out)

How to Replace cPanel MySQL with Official MySQL

Stop MySQL and copy MySQL data and my.cnf to a temporary location.

service mysql stop
cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old 

Run these scripts to remove any cPanel updates and MySQL related items

/scripts/update_local_rpm_versions --edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL55 uninstalled 
/scripts/update_local_rpm_versions --edit target_settings.MySQL56 uninstalled
/scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55,MySQL56 

Edit /etc/yum.conf and remove "mysql*" and "php*" from the excludes line. Save the file

vim /etc/yum.conf


Grab the latest official MySQL repo, install it, then install mysql 5.6-server. If you have a custom my.cnf be sure to copy it back over before you start up the new MySQL version.

rpm -iv mysql-community-release-el6-5.noarch.rpm
yum install mysql-server.x86_64
rm /etc/my.cnf
cp /etc/my.cnf-old /etc/my.cnf
service mysqld start
service mysqld restart

How to Enable Zend opcache on cPanel

If you have a cPanel server and already have PHP version 5.5 installed all you need to do is modify the main php.ini file and add in the lines below. Using Opcache can significantly improve PHP performance which means your website will run faster. If you have a large website I would suggest raising the opcache.memory_consumption value to something higher than 64 (mb).

The first step is to make sure you are using PHP 5.5. To check this run:

php -v

If you are not running PHP 5.5 then you will want to run EasyApache and upgrade PHP to 5.5.


Once you are running PHP 5.5 you will want to enable opcache by adding the lines below to your php.ini

vim /usr/local/lib/php.ini

##Add these lines to the bottom of the file


Restart Apache

service httpd restart

At this point you should see that the zend and php modules for opcache are both loaded.

php -m | grep OP

Zend OPcache
Zend OPcache

How to configure tomcat and apache on cpanel

Config files and other files that include other files


  • In this file, there needs to be a few things. First and foremost, we need to load the jk_module(1)
  • Then, we need to include a few configuration files, the first is the jk.conf(2)
  • Last, we need to make sure that vhost includes are included(3)

(1)LoadModule jk_module modules/

(2)Include "/usr/local/apache/conf/jk.conf"

VirtualHost section for
(3)Include "/usr/local/apache/conf/userdata/std/2/$user/*.conf"
  • This file is pretty straight forward, it's called by httpd.conf
  • The most important directive here is the JkWorkersFile(1) This is covered later on.

(1)JkWorkersFile /usr/local/jakarta/tomcat/conf/
JkLogFile /usr/local/apache/logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
  • This file should be added automatically on a cPanel server.
  • It's important to note that the value "ajp13" can be named anything. It's just the name of

the worker.(1)

  • This needs to match the worker names in
<IfModule mod_jk.c>
  JkMount /*.jsp (1)ajp13
  JkMount /*.do ajp13
  JkMount /servlet/* ajp13
  JkMount /servlets/* ajp13


  • This file defines the name of the workers
  • By default, there are two named (1)jk-status and (2)jk-manager
# Define two status worker:
# - jk-status for read-only use
# - jk-manager for read/write use


# We define a load balancer worker
# with name "balancer"

Java + Tomcat

Regular install:

yum install java-1.6.0-openjdk.x86_64
yum install tomcat5

Stripped down server install:

yum install tomcat5
yum install java-1.6.0-openjdk.x86_64
yum install tomcat5-webapps.x86_64
yum install httpd-devel.x86_64
tar -zxvf tomcat-connectors-1.2.32-src.tar.gz
cd tomcat-connectors-1.2.32-src
cd native/
./configure --with-apxs=/usr/sbin/apxs
make install
vim /etc/httpd/conf/httpd.conf
add LoadModule jk_module modules/
httpd -M or /etc/init.d/httpd -l


How to enable DKIM for a cpanel account

  • DomainKeys Identified Mail (DKIM) defines a mechanism by which email messages can be cryptographically signed, permitting a signing domain to claim responsibility for the introduction of a message into the mail stream. Message recipients can verify the signature by querying the signer's domain directly to retrieve the appropriate public key, and thereby confirm that the message was attested to by a party in possession of the private key for the signing domain.
  • To verify that everything is setup correctly you can send an email from an email account on that domain to [email protected] No need to have a subject or body. This service will then reply with a message stating the verification of DKIM, DomainKeys, SPF, SpamAssassin, and Sender-ID. Great tool to test all kinds of email verification systems.

To install on a cPanel server:

/usr/local/cpanel/bin/dkim_keys_install <username>


for i in `ls /var/cpanel/users`; do /usr/local/cpanel/bin/dkim_keys_install $i; done
  • Add the Policy Record
_domainkey     IN     TXT     "t=y; o=~; n=Interim Sending Domain Policy; [email protected]"

General Permission guidelines

Below are some baseline permissions that should be used with Exim and Dovecot:

/home/user/etc/ file should have:






700 user:user cur/
751 user:user
700 user:user anything else

Email accounts not showing up in cPanel

Check /home/user/etc Make sure the passwd file and shadow file have proper permissions also make sure they are located in



Unable to connect to database Generally, the best thing to do is to drop the database, then re-install roundcube, which automatically re-creates the db.

cd /home/temp 
mysqldump roundcube > roundcube.sql 
mysql -e "drop database roundcube;" 
/usr/local/cpanel/bin/update-roundcube --force


Can't find file: 'horde_sessionhandler.MYI'

/etc/init.d/mysqld stop
rm /var/lib/mysql/horde/horde_sessionhandler.frm
/etc/init.d/mysqld start

>CREATE TABLE horde_sessionhandler (session_id VARCHAR(32) NOT NULL, session_lastmodified INT NOT NULL, session_data LONGBLOB, PRIMARY KEY 
(session_id)) ENGINE = InnoDB;

>GRANT SELECT, INSERT, UPDATE, DELETE ON horde_sessionhandler TO [email protected];


Find top sending IPs in exim logs:

grep "SMTP connection from" /var/log/exim_mainlog |grep "connection count" |awk '{print $7}' |cut -d ":" -f 1 |cut -d "[" -f 2 |cut -d "]" -f 1 |sort -n |uniq -c | sort -n

Find authenticated users who may be spamming:

find /var/spool/exim/input/ -name '*-H' | xargs grep 'auth_id'

Spam comming from scripts:

grep cwd=\/home\/ /var/log/exim_mainlog| cut -d' ' -f4 | sort | uniq -c | sort -n

Removing all queued messages at once in a safe way:

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | sh

Or you can do the same from the mail queue manager in WHM.

APF SMTP tweak enables mail to be sent only from the mail or mailman GID, and blocks all outbound SMTP, except through the sendmail binary. Add this bold line of code to /etc/init.d/apf , right underneath the start) case:

/usr/local/sbin/apf --start >> /dev/null 2>&1
'''/scripts/smtpmailgidonly on'''

cPanel: Optimize Website (compression)

You can enable compression for all content on your website by logging into your cPanel account and clicking on the "Optimize Website" button that is located near the bottom of the main cPanel page. The image below shows the Optimize section, which lets you disable compression, enable compression for ALL file types, or enable compression for specified MIME types like html, xml, or other text files. I chose to enable compression for everything just to see what would happen.

How to enable website compression cpanel optimize.png

I installed WordPress and created a few posts with 1MB gif and jpeg images. I used GTmetrix and WebPageTest before and after enabling compression. I did notice a slight reduction in page size after I enable compression. I also received an A for PageSpeed and YSlow gzip compression after I enabled it in cPanel.

By default cPanel will create a .htaccess in /home/$your_user/

Once you enable compression for everything in cPanel the .htaccess file will look like this:

cat /home/$your_user/.htaccess

<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    <IfModule mod_setenvif.c>
        # Netscape 4.x has some problems...
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        # Netscape 4.06-4.08 have some more problems
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        # MSIE masquerades as Netscape, but it is fine
        # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
        # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
        # the above regex won't work. You can use the following
        # workaround to get the desired effect:
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
        # Don't compress images
        SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
    <IfModule mod_headers.c>
        # Make sure proxies don't deliver the wrong content
        Header append Vary User-Agent env=!dont-vary

I highly suggest enabling compression for everything, if possible. It does certainly help to reduce website load time, as well as reducing the amount of bandwidth your server uses. Now that compression is enabled, you are one step closer to an optimize website! Make sure that you are enforcing Browser Caching for your website as well!

Unable to Disable MySQL 5.6 Strict Mode

The fix for cPanel MySQL 5.6 strict mode issues can be found here.

Replace MySQL 5.6 with MariaDB 10.1 on cPanel

  • As of March 2015 and WHM 11.48, MariaDB is now officially built into WHM and fully supported. The installation steps below are no longer needed, but I'm keeping them around in case you are unable to upgrade WHM.


  • I've confirmed that this works without issue on WHM 11.44.1. I was able to run a forced upcp and easyapache, update WHM versions, update PHP versions, all without breaking anything in WHM, MariaDB remained online the whole time. Keep in mind that by doing this you are basically giving up any support from cPanel as they state that doing this is not supported. I am not sure if this would break or cause any issues for CloudLinux cPanel Servers but these instructions should be the same for CloudLinux and non CloudLinux versions of cPanel.

Step 1: If MySQL is still version 5.5 on cPanel, update MySQL to 5.6 before proceeding. Make sure to backup and databases before doing this. Once logged into WHM, you can upgrade MySQL by going to the following page.

Home » Software » MySQL Upgrade

Step 2: Backup MySQL data and configuration

cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old

Step 3: Disable the cPanel RPMs for MySQL, this will make sure cPanel can't mess with MySQL anymore.

/scripts/update_local_rpm_versions --edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL55 uninstalled 
/scripts/update_local_rpm_versions --edit target_settings.MySQL56 uninstalled

Step 4: Remove the cPanel RPMs for MySQL to clean everything up. NOTE! At this point, MySQL will be stopped and removed, so during this time, database access is not happening.

/scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55,MySQL56

Step 5: Create a new mariadb repo and add in some things. NOTE! Change the version "10.1" to whatever version you want to install. For the latest version use 10.1, but in the future this will obviously change.

vim /etc/yum.repos.d/MariaDB.repo

## Add this to the file, and then save / close it

name = MariaDB
baseurl =

Step 6: Remove PHP and MySQL from the excludes line in the cPanel /etc/yum.conf file.

vim /etc/yum.conf

##remove the following items from the excludes line:


Step 7: Install the new MariaDB packages

yum install MariaDB-server MariaDB-client MariaDB-devel php-mysql

Step 8: Start MySQL, run the upgrade and restart MySQL

/etc/init.d/mysql start
/etc/init.d/mysql restart

Step 9: At this point MySQL should be running and the existing databases should be in tact. However now is a great time to make sure this is the case:


##Should say "Server version: 10.1.0-MariaDB MariaDB Server"

show databases;

##Your databases should all be listed here


Step 10: If all looks well with MySQL, then run easyapache to make sure everything is working and cPanel isn't totally broke

screen -S isitbroke
/scripts/easyapache --build

Step 11: At this point the easyapache build should have completed without error. I tested this install out on a brand new cPanel server and can confirm that PHP does indeed work just fine after this install process. I can also confirm that ea works, even when updating PHP versions or adding new modules.


Liquidweb 728x90.jpg .