Install CyberPanel on Ubuntu 24.04 LTS Bare Metal

How to Install CyberPanel on Ubuntu 24.04 LTS

A senior infrastructure architecture guide. Deploy a production grade web panel using advanced MySQL tuning offsite S3 backups and strict OS hardening.

Phase 1: DNS Propagation and Infrastructure Reality

Many tutorials market CyberPanel as a magical effortless replacement for cPanel that can run millions of requests on a tiny virtual server. We must establish engineering reality. CyberPanel is an outstanding platform for developers and digital agencies but it is not a complete multi tenant enterprise WHM ecosystem. If you do not tune your database operations manually heavy applications will still crash under load.

Deploying on ServerMO NVMe Bare Metal grants you massive CPU performance and eliminates public cloud egress fees. However bare metal means you are fully responsible for hardware redundancy. You must implement robust offsite backups to mitigate physical node failures.

Furthermore you must perform a critical pre flight check. Do not skip this step. Log into your domain registrar and point your chosen hostname A record directly to your new server IP address. If you attempt to install the panel before global DNS propagation completes the Lets Encrypt verification challenge will fail permanently.

  • Operating System: A fresh installation of Ubuntu 24.04 LTS. This is the heavily tested industry standard. Avoid unstable future releases until official support matures completely.
  • Hardware Reality: Ignore guides claiming 1GB RAM is sufficient for production. For a stable stack running OpenLiteSpeed MySQL PHP FPM and email services you need an absolute minimum of 4GB RAM with 8GB highly recommended.

Architecture Blueprint

Phase 2: System Preparation and Script Verification

Log into your server via SSH as the root user. Ensure your operating system packages are entirely updated to prevent missing dependency errors during the compilation phase. Running these commands prepares your system structure cleanly.

apt update -y && apt upgrade -y
apt install -y curl wget lsb-release ufw fail2ban nano

Set your Fully Qualified Domain Name matching the exact domain you configured in your DNS registrar during Phase 1. This hostname will be critical when configuring your secure panel access later.

hostnamectl set-hostname panel.yourdomain.com

Phase 3: Executing the Installation Script

Running shell scripts blindly directly from the internet is a terrible security practice. Professional system administrators should download the script first inspect its contents to verify its integrity and then execute it.

# Download and execute the installer safely
wget -O install.sh https://cyberpanel.net/install.sh
chmod +x install.sh
sh install.sh

Once the script initiates you will navigate an interactive terminal menu. Apply these specific engineering choices to ensure maximum stability for your hosting node.

  1. Initial Menu: Type 1 to select Install CyberPanel.
  2. Web Server Selection: Type 1 to select OpenLiteSpeed. This provides extreme WordPress caching performance without the recurring costs of the Enterprise version.
  3. Service Installation: If you plan to host emails natively select Y for Postfix and Pure FTPd. If you use external providers like Google Workspace safely decline these to preserve memory.
  4. Remote MySQL: Type N to install a local database instance.
  5. Password Configuration: Type s to define a highly secure custom password manually. Never rely on default generated passwords.
  6. PHP Extensions: Type Y to install Memcached and Redis. These are non negotiable requirements for database tuning.
  7. Watchdog Monitoring: Type Y to enable automated service recovery.

Phase 4: Strict Firewall and OS Hardening

A firewall alone is not enough security. Many beginner guides instruct you to open all available ports expanding your attack surface massively. We will configure a strict UFW policy and then harden the SSH service to prevent brute force server hijacking.

# Standard HTTP and HTTPS traffic
ufw allow 80/tcp
ufw allow 443/tcp

# The CyberPanel Administrative Interface
# For high security replace 'allow' with a specific IP restriction
ufw allow 8090/tcp

# ONLY run these if you opted to install local Email and FTP services
ufw allow 21/tcp
ufw allow 25/tcp
ufw allow 53/tcp
ufw allow 53/udp

# Enable the firewall
ufw enable
ufw reload

Enforcing SSH Key Authentication

Passwords can be guessed. Cryptographic keys cannot. Ensure you have added your public SSH key to the server authorized keys file then edit the SSH configuration to disable root login and password authentication entirely.

Critical Lockout Warning

Before modifying these settings and restarting the SSH service you must open a secondary terminal window and verify your SSH key login works flawlessly. If you disable password authentication without a working cryptographic key you will permanently lock yourself out of the server requiring a total operating system reinstall.

nano /etc/ssh/sshd_config

# Modify the following lines in the file
PermitRootLogin prohibit-password
PasswordAuthentication no

# Restart the SSH service carefully
systemctl restart sshd

Phase 5: Secure Dashboard Access and 2FA

Navigate to your server IP address via port 8090 using HTTPS. You will see a browser warning because the server currently uses a self signed certificate. This is entirely normal during the initial setup phase. Bypass this warning securely and proceed to the login interface.

https://YOUR_SERVER_IP:8090

Immediately navigate to the Users section on the left sidebar. Modify your administrator account and enable Two Factor Authentication. Scan the provided code with an authenticator application on your mobile device. This single action prevents unauthorized panel access even if your password is compromised via an external data breach.

Phase 6: Hostname SSL and Renewal Verification

Accessing your administrative dashboard via an insecure IP address exposes your session tokens. Securing the CyberPanel hostname with a valid Lets Encrypt SSL certificate is a mandatory production step.

  • DNS Verification: Because you intelligently pointed your DNS records in Phase 1 issuing a secure certificate is now possible. The Lets Encrypt authority will check your domain A records before authorizing the certificate.
  • Navigate to SSL Settings: From the left sidebar click on SSL and select Hostname SSL.
  • Select Your Domain: Choose the fully qualified domain name you configured earlier from the dropdown menu.
  • Issue the Certificate: Click the Issue SSL button. The system will apply a secure certificate to port 8090.

Automated Renewal Warnings

Lets Encrypt certificates expire every ninety days. The control panel attempts to renew these automatically. However if you block port 80 in the future or alter your DNS TTL records abruptly the automated HTTP validation challenge will fail breaking your secure panel access. You must monitor renewal logs periodically.

Phase 7: The Database Bottleneck Tuning

The control panel interface does not dictate how fast your website loads the database engine does. A massive oversight in beginner setups is leaving MySQL on default configurations which limit memory usage causing severe disk input output spikes.

You must manually tune the InnoDB buffer pool based on your total physical memory. Blindly copying configuration values is dangerous. Allocate roughly sixty percent of your available system RAM to the database buffer.

nano /etc/mysql/mariadb.conf.d/50-server.cnf

# Adjust the buffer pool based strictly on your total system memory
# 2GB RAM Server: innodb_buffer_pool_size = 512M
# 8GB RAM Server: innodb_buffer_pool_size = 4G
# 16GB RAM Server: innodb_buffer_pool_size = 10G

innodb_buffer_pool_size = 4G
innodb_log_file_size = 1G

systemctl restart mariadb

Similarly navigate to the PHP settings within CyberPanel and adjust your LSAPI worker limits. Increasing the child limits ensures OpenLiteSpeed can process more concurrent dynamic requests preventing gateway timeouts during traffic surges.

Phase 8: Disaster Recovery and Observability

A server without offsite backups is a ticking time bomb. Bare metal provides ultimate performance freedom but hardware components eventually fail. You must configure remote snapshots to ensure business continuity.

  • S3 API Integration: CyberPanel natively supports pushing backups to remote object storage. Navigate to the Backups section select Remote Backups and input your Amazon S3 or compatible API credentials. Schedule daily automated database dumps and weekly full site archives.
  • Observability Stack: You cannot fix what you cannot measure. While CyberPanel provides basic metrics deploying a dedicated observability agent like Netdata or Prometheus provides granular real time insights into CPU wait times disk latency and network saturation.

You have successfully engineered a hardened highly optimized web hosting architecture. To extract the absolute highest possible performance and stability deploy your applications natively on the ServerMO Unmetered Bare Metal Inventory.

CyberPanel Architecture FAQ

Is CyberPanel a complete replacement for cPanel WHM?

Not entirely. CyberPanel is an incredible high performance panel for individual developers digital agencies and WordPress hosting. However it lacks the advanced reseller isolation and complex multi tenant ecosystem found in enterprise cPanel WHM environments.

Why is my CyberPanel server crashing under heavy traffic?

The control panel does not dictate application speed the database does. You must manually tune your MySQL InnoDB buffer pool to utilize your available RAM and adjust your PHP LSAPI worker limits to prevent bottlenecks.

How do I secure my CyberPanel installation?

A firewall is not enough. You must disable root password login enforce SSH keys configure Fail2ban for brute force protection and mandate Two Factor Authentication for the panel interface.

How does OpenLiteSpeed process rewrite rules compared to Apache?

Unlike Apache which reads files on every request OpenLiteSpeed caches rewrite rules. While CyberPanel automatically restarts the service for standard WordPress changes custom modifications to your configuration files often require a graceful restart of the web server to take effect.

Why are WordPress cron jobs causing CPU spikes on my server?

Default WordPress cron jobs trigger upon user visits causing unpredictable CPU spikes under heavy traffic. You must disable the internal cron within your WordPress configuration file and execute it manually utilizing the Ubuntu system crontab every five minutes.

What is the optimal PHP LSAPI configuration for heavy traffic?

To prevent gateway timeouts you must tune your PHP LSAPI worker limits. Modifying the children parameter to match your CPU core count and raising the requests per child limit allows OpenLiteSpeed to process significantly more concurrent dynamic requests without dropping connections.

Ready to Launch with Unmatched Power?

Ready to Launch with Unmatched Power? Deploy blazing-fast 1–100Gbps unmetered servers, high-performance GPU rigs, or game-optimized hosting custom-built for speed, reliability, and scale. Whether it’s colocation, compute-intensive tasks, or latency-critical applications, ServerMO delivers. Order now and get online in minutes, fully secured, fully optimized.

Red and white text reads '24x7' above bold purple 'SERVICES' on a white background, all set against a black backdrop. Energetic and modern feel.

Power. Performance. Precision.

99.99% Uptime Guarantee
24/7 Expert Support
Blazing-Fast NVMe SSD

Christmas Mega Sale!

Unwrap the ultimate power! Get massive holiday discounts on all Dedicated Servers. Offer ends soon grab yours before the snow melts!

London UK (15% OFF)
Tokyo Japan (10% OFF)
00Days
00Hrs
00Min
00Sec
Explore Grand Offers