cPanel migration guide

🛎️ This is outdated! See docs/admin/Migrations.md for the most recent version.

apnscp now supports cPanel migrations as of v3.0.53. Migrations allow fast restoration into apnscp. Better yet, apnscp can be used with PowerDNS integration to share DNS servers with cPanel as you transition over.

Components

  • Import account metadata from cp
    - Apply plan from PLAN=
    - Preserve STARTDATE=, DEMO=,
    - Copy storage/bandwidth/domain limits
  • SSL certificates
  • Cronjobs
  • Users, quota limits, passwords
    - Each user assigned unique user ID
    - Conflicting email addresses by default fail, set --conflict=merge per Merge Policy
  • Email aliases, forwards
    - Conflict policy applies
  • Restores inboxes and files within /homedir
  • Addon domains, parked domains (aliases to primary domain)
  • MySQL databases, users (override conflict with -c mysql,dbaseprefix)
  • DNS change on migration, disable with --no-activate
  • Automatic Web App scan + enrollment in nightly updates (--no-scan disables)
  • Add last login IPs to delegated whitelist if platform version supported (v8+, see Caveats section)

Migration procedure

ImportDomain consists of two stages, account creation and file migration. Stages may be selectively run.

Basic usage

ImportDomain --format=cpanel /path/to/cpmove-backup.tar.gz

Account creation

An import will faithfully restore whatever options were used in creation. Conflicts may arise and can be remedied by overriding creation options using -c service,parameter=value. For example to change the storage to 10 GB in a restore,

ImportDomain -c diskquota,quota=10 -c diskquota,units=G --format=cpanel  /path/to/cpmove-backup.tar.gz

Dumping parsed configuration

--dump will dump the configuration inferred from the backup.

ImportDomain --format=cpanel --dump /path/to/cpmove-backup.tar.gz

Sample response:

siteinfo:
    plan: basic
    email: matt@apnscp.test
    domain: apnscpbackup.test
    admin_user: atest
bandwidth:
    threshold: 104857600000
    units: B
diskquota:
    quota: !!float 3000
    units: MB
aliases:
    max: null
    aliases: { apnscpaddon.test, apnscpaddon.apnscpbackup.test, dph.apnscpbackup.test }
mlist:
    max: null
mysql:
    dbasenum: null
    dbaseadmin: atest
rampart:
    whitelist: [64.22.68.1]
auth:
    cpasswd: $6$test$test
ssh:
    enabled: true
crontab:
    enabled: true

Account import

Import occurs following creation. Import is destructive. Any users in conflict or directories in conflict with the backup will be removed during the import stage. Use --no-create to bypass creation and perform just data import.

ImportDomain --format=cpanel --no-create /path/to/cpmove-backup.tar.gz

Email conflict

Each email account is delivered to a separate user account. Partitioning email into distinct user accounts ensures that an account may have multiple distinct users and each of these users is protected from snooping by other users on the account. Such a format conflicts with cPanel's single UID approach. apnscp has a few solutions to remedy:

Method Existing Email Conflicting Email Final User
fail foo@a.com foo@b.com n/a, terminate task
merge foo@a.com foo@b.com foo
namespaced foo@a.com foo@b.com foo-b

Conflict strategy may be specified with --conflict=method. The default method is fail.

Bypasses

DNS activation

DNS will update to the current server at conclusion of import. This behavior may be disabled by passing --no-activate to ImportDomain.

Web App scan/update

Once an import concludes, the filesystem is scoured for known web apps to be enrolled in nightly automatic Web App updates (core: nightly, assets: Wednesday/Sunday). Use --no-scan to prevent this behavior.

Decompression oddities

Migration will attempt to use PHP's PharData handler to decompress files. It's based on USTAR, which has limitations that may result in a cPanel backup generated in POSIX.1-2001 standards to fail. Use --no-builtin to disable the builtin handler from attempting to read the backup.

Previewing domains

There's a KB article on it!

Caveats

  • Delegated whitelisting requires apnscp 3.1.
  • apnscp has no notion of a "parked domain". The maximum number of addon domains is the max of MAXADDON and MAXPARK.
  • Accounts are multi-tenant. Each mailbox is a separate user account. In multi-domain layouts duplicate email addresses can be merged into a single user account or separated into distinct user accounts. Default policy is to fail when a conflict is encountered. Specifying --conflict=merge or --conflict=namespaced will merge duplicate addresses or split addresses into separate user accounts when encountered.
  • Database and account passwords are separate. cPanel does not store the database password anywhere instead relying on storing the password in the active session for phpMyAdmin SSO. SSO will not function until the user updates the password via Databases > phpMyAdmin. For added security, the password should be changed to something different than the panel password via Databases > MySQL Manager. Doing so will also update the stored password in ~/.my.cnf.

To-do

  • Mailing list
  • PostgreSQL user/database
  • Update paths in files/database
  • Webmail address book