Tweaking RunCloud Servers After Deployment

Here are some references for various fix ups or tweaks that I apply to  servers with a RunCloud control panel. These are not all done inclusively, depends on the need.

Change root password

You root password initially generated by your host provider might be on the weak side always best to change and strengthen it.

SSH in as root and run:

passwd root

Then you can either type in a new password or paste in a generated one.


Change the SSH Port from the default 22

nano /etc/ssh/sshd_config

Uncomment and change to desired port

Port 2200

Restart ssh

service ssh restart

Open new port in RunCloud panel, close old 22 – then redeploy firewall.




If you have changed SSH port and closed port 22 on the firewall – change fail2ban to include new SSH port, while you are at it – give your IP Address a permanent pass…

nano /etc/fail2ban/jail.local
ignoreip =
bantime = 36000
findtime = 600
maxretry = 5

enabled = true
logpath = %(sshd_log)s
port = 2683
banaction = iptables

Restart fail2ban

service fail2ban restart



Check running on server

firewall-cmd --state

Check open ports

firewall-cmd --list-all

Should match with RunCloud panel

How to restart Firewall on Server.

service firewalld restart

Block access to xmlrpc.php and wp-login.php via NGINX

Ref & Ref


Sudo Users

Add new user

adduser [username]

Add/remove users to the sudo group (login as root)

usermod -aG sudo [username]

Remove a user from the sudo group

deluser [username] sudo




Change domain name strings and https prefix

Tweak MySQL Performance Using MySQLTuner



Send command line server emails by tweaking Postfix


Server Domain Name

Set a server hostname and FQDN



Set up a malware scanner LMD


Update the RunCloud Agent NGINX

apt update && unattended-upgrade -d
apt upgrade runcloud-agent
service runcloud-agent restart

Update the RunCloud Agent OpenLiteSpeed

apt update && unattended-upgrade -d
apt upgrade runcloud-agent-lsws
service runcloud-agent restart