Don’t run cPanel installation script if a web server is already installed

Don’t run cPanel installation script if a web server is already installed

I was recently looking into the source code of the cpanel installation script in order to gain a better grasp of the installation process and possibly examine the security of all the sources that this script takes from the website. While the majority of the code is encrypted, the readable portion confirms that it has been audited and upgraded during the years that cpanel has been around.

However, one thing I found during the cpanel installation process that I think is worth addressing is checking if a webserver is already installed and operating. This is important because installing cpanel on a system with websites operating under another hosting panel or even a basic web server would result in downtime or even conflicts.

to be fair, cpanel installation script does alert you:

image - Don't run cPanel installation script if a web server is already installed

But, hold on, why would anyone put cPanel on a server that is already hosting websites?

The first thing that comes to mind is ignorance: users attempting to transfer from one hosting panel to another, e.g. plesk to cpanel, without uninstalling the latter. Yes, I’ve seen it.

Okay, what can we do about it? cPanel is not an opensource project that we can just fork, add code to, and submit a pull request for. All we can do is make a suggestion on their website and leave it at that.

Later I went trough some other popular hosting panels and noticed this excellent example from the Aapanel installation script:

	if [ "${INSTALL_FORCE}" ];then
	echo -e "----------------------------------------------------"
	echo -e "Web service is alreday installed,installing aaPanel may affect existing sites."
	echo -e "----------------------------------------------------"
	echo -e "Enter [yes] to force installation"
	read -p "Enter yes to force installation: " yes;
	if [ "$yes" != "yes" ];then
		echo -e "------------"
		echo "Installation canceled"
	MYSQLD_CHECK=$(ps -ef |grep mysqld|grep -v grep|grep -v /www/server/mysql)
	PHP_CHECK=$(ps -ef|grep php-fpm|grep master|grep -v /www/server/php)
	NGINX_CHECK=$(ps -ef|grep nginx|grep master|grep -v /www/server/nginx)
	HTTPD_CHECK=$(ps -ef |grep -E 'httpd|apache'|grep -v /www/server/apache|grep -v grep)
	if [ "${PHP_CHECK}" ] || [ "${MYSQLD_CHECK}" ] || [ "${NGINX_CHECK}" ] || [ "${HTTPD_CHECK}" ];then

Kudos to the pagoda team!

Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.