Skip to content

Deployment Overview of WHMCS on Server

Prerequisites and Basic Requirements

To successfully deploy WHMCS on the server, the following environment requirements must be met:

  • Operating System: Linux distribution compatible with systemd (e.g., Ubuntu, Debian).
  • Privileges: Root access or sudo privileges are required for all installation and configuration steps.
  • Domain: A valid domain name (whmcs_domain) must be pointed to the server's IP address.
  • Ports: The following TCP ports must be open and accessible:
  • 22 for SSH access.
  • 80 for HTTP traffic and SSL certificate validation.
  • 443 for HTTPS traffic.
  • Firewall: The Uncomplicated Firewall (UFW) is configured to allow traffic on ports 22, 80, and 443.

File and Directory Structure

The application files and data are organized across the following directories:

  • Web Root: /var/www/html/whmcs
  • Contains the main WHMCS application files.
  • Includes index.php as the entry point.
  • Contains symbolic links for storage and downloads pointing to secure locations.
  • Secure Data Directory: /var/opt/whmcs/whmcs
  • Stores sensitive data outside the web root.
  • Contains the actual storage and downloads directories.
  • Configuration File: /var/www/html/whmcs/configuration.php
  • The main configuration file, renamed from configuration.sample.php.
  • PHP Session Directory: /var/opt/whmcs/php/session
  • Dedicated directory for PHP session storage.
  • Certbot Directory: /var/www/certbot
  • Used for ACME challenge validation during SSL certificate issuance.
  • SSL Certificates: /etc/letsencrypt/live/whmcs_domain/
  • Stores the fullchain.pem and privkey.pem files.
  • External Panel Directory: /opt/panel
  • Contains controlpanel.html downloaded from the external provider.

Application Installation Process

The WHMCS application is deployed using version 8.13.1. The installation process involves the following steps:

  1. A temporary directory is created to handle the initial archive.
  2. The archive whmcs_v8131_full.zip is transferred to the server.
  3. The archive is extracted into the temporary directory.
  4. The contents are moved to the final installation path /var/www/html/whmcs.
  5. The configuration.sample.php file is renamed to configuration.php to prepare for configuration.
  6. The install directory remains present until the web-based installation wizard is completed.

Additionally, the HostkeyResellerMod module is installed by cloning the repository and copying specific components: - Hooks are copied to /var/www/html/whmcs/includes/hooks/. - Server modules are copied to /var/www/html/whmcs/modules/servers/hostkeyresellermod/. - Addon modules are copied to /var/www/html/whmcs/modules/addons/hostkeyresellermod/. - Gateway callback files are copied to /var/www/html/whmcs/modules/gateways/callback/.

Access Rights and Security

Security is enforced through firewall rules and strict file permissions:

  • Firewall: UFW is enabled and configured to allow only SSH (22), HTTP (80), and HTTPS (443).
  • User Accounts:
  • A system user whmcs is created with a home directory at /var/opt/whmcs.
  • The web server user www-data is used for ownership of web-accessible files.
  • File Permissions:
  • The main application directory /var/www/html/whmcs is owned by www-data:www-data with mode 0755.
  • The secure data directory /var/opt/whmcs/whmcs is owned by www-data:www-data with mode 0750.
  • The storage and downloads directories within the secure location are owned by www-data:www-data with mode 0750.
  • Symbolic links for storage and downloads in the web root are created and their ownership is explicitly set to www-data:www-data using chown -h.
  • The configuration.php file is set to mode 0640 to prevent world-readable access.
  • The PHP session directory is owned by www-data:www-data with mode 0750.

Web Server Configuration

Nginx is configured to serve the WHMCS application with the following features:

  • HTTP to HTTPS Redirection: All HTTP traffic on port 80 is redirected to HTTPS.
  • SSL Configuration:
  • Uses certificates from Let's Encrypt located at /etc/letsencrypt/live/whmcs_domain/.
  • Includes secure SSL options and DH parameters.
  • Proxy Configuration:
  • Specific locations for controlpanel.html, /controlpanel/, /static/, /favicon.ico, /auth.php, /eq.php, /net.php, and /eq_callback.php are proxied to https://panel.hostkey.ru.
  • The /invapi/ location is proxied to https://invapi.hostkey.ru.
  • Headers Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto are set for proxied requests.
  • PHP Processing:
  • PHP files are processed by PHP-FPM via the socket /var/run/php/php8.3-fpm.sock.
  • Includes fastcgi-php.conf and fastcgi_params.
  • Configured with increased buffer sizes and read timeouts.
  • Security Rules:
  • Direct access to sensitive directories (crons, resources, vendor, includes, storage) is denied.
  • Access to .env, .ht*, .tpl, and phpunit.phar files is blocked.
  • Certbot Verification: A location block for /.well-known/acme-challenge/ is configured to allow certificate validation.

Database Configuration

A dedicated MySQL database is created for WHMCS:

  • Database Name: whmcs_db
  • User: whmcs_user
  • Password: Stored securely in Ansible Vault (not visible in the playbook).
  • Privileges: The user is granted all privileges on the whmcs_db database.
  • Initialization: The database is created, the user is added, and privileges are granted before the application installation.

Service Management

The following services are managed to ensure the application runs correctly:

  • Nginx: Installed, enabled, and started.
  • PHP-FPM: Installed (version 8.3), enabled, and started.
  • MySQL: Installed, enabled, and started.
  • Certbot: Installed and configured for automatic certificate renewal.

Monitoring and Maintenance

  • Log Files: Nginx and PHP-FPM logs are monitored for errors and performance issues.
  • Certificate Renewal: Certbot is configured to automatically renew SSL certificates.
  • Backup Strategy: Regular backups of the database and application files are recommended.
  • Updates: The WHMCS application and modules should be updated regularly to patch security vulnerabilities.

Troubleshooting

Common issues and their resolutions:

  • SSL Certificate Errors: Ensure the domain is correctly pointed to the server and ports 80/443 are open. Check Certbot logs.
  • Permission Denied: Verify file ownership and permissions, especially for storage and downloads directories.
  • PHP Errors: Check PHP-FPM logs and ensure the correct PHP version is installed and configured.
  • Database Connection Errors: Verify database credentials in configuration.php and ensure the MySQL service is running.
  • Proxy Errors: Check Nginx configuration for proxy settings and ensure the external services (panel.hostkey.ru, invapi.hostkey.ru) are accessible.

This overview provides a comprehensive understanding of the WHMCS deployment, covering all aspects from prerequisites to maintenance.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×