Centmin Mod What's New
Centmin Mod 1.2.3-eva2000.08 forum discussion thread here.
The new Centmin Mod version 1.2.3-eva2000.08 (referred to .08 release or Github branch 123.08stable) is a full 12+ months worth of improvements over previous 1.2.3-eva2000.07 release and started official .08 beta testing back on July 10, 2014. Centmin Mod .08 release has over 840+ commits and 160+ file changes since 1.2.3-eva2000.07 release. Centmin Mod .08 release will also be the first release to solely be available for download via Centmin Mod Github hosted repository.
Centmin Mod version 1.2.3-eva2000.08 took an unusually long time to develop due to working and testing on CentOS 7 compatibility. CentOS 7.x was a drastic change in the way the system was setup and ran compared to CentOS 6.x especially with systemd replacing Init-V init.d method of controlling services etc and what that meant for Centmin Mod LEMP stack's source compiled Nginx and PHP-FPM software.
Centmin Mod .08 release has alot of new features and improvements in both the initial installation of Centmin Mod LEMP and Nginx and PHP-FPM's feature set. The change log below outlines the major changes. I'd just like to highlight a bit more on some of the specific changes.
Centmin Mod on Github
Centmin Mod .08 release will also be the first release to solely be available for download via Centmin Mod Github hosted repository. Being new to Git myself, it's been a long road of learning and getting use to using Git and Github. I use Windows for developing Centmin Mod, so use SourceTree App for Git and code management.
You can use Git to upgrade and manage your Centmin Mod version code as outlined here Upgrade - Working with git command line for updating Centmin Mod local copies | Centmin Mod Community.
For .08 stable release, the install instructions for Centmin Mod have changed slightly to a new base directory location at /usr/local/src/centminmod
where centmin.sh would be located at /usr/local/src/centminmod/centmin.sh
.
Manual Centmin Mod install method that existing Centmin Mod users are use to is now as follows:
branchname=123.08stable wget -O /usr/local/src/${branchname}.zip https://github.com/centminmod/centminmod/archive/${branchname}.zip cd /usr/local/src unzip ${branchname}.zip mv centminmod-${branchname} centminmod cd centminmod chmod +x centmin.sh ./centmin.sh
There's a new 3rd method of install that is faster - the one liner curl bash method. This method was added from Centmin Mod 1.2.3-eva2000.08+ onwards and is the easiest way to install Centmin Mod which allows for fully unattended installs. It's just one line you type in SSH session as root user on a fresh virgin CentOS 6 or CentOS 7 OS environment. Resource video also has an example install at Centmin Mod .08 beta SSH one liner install on CentOS 6 + CentOS 7 simultaneously.
curl -sL http://centmin.sh/installer.sh | bash
Once install completes, you'll have some basic info including mysql root password, memcached password and a post-install check list of major software installed's version numbers and also some install time stats.
--------------------------------------------------------------------------- Total Curl Installer YUM Time: 92.0033 seconds Total YUM Time: 43.166100082 seconds Total YUM + Source Download Time: 58.0522 Total Nginx First Time Install Time: 135.9561 Total PHP First Time Install Time: 130.5067 Download Zip From Github Time: 4.1942 Total Time Other eg. source compiles: 206.9870 Total Centmin Mod Install Time: 531.5020 --------------------------------------------------------------------------- Total Install Time (curl yum + cm install + zip download): 627.6995 seconds ---------------------------------------------------------------------------
There's also a more convenient centmin.sh menu option 23 for updating Centmin Mod code via github repo.
-------------------------------------------------------- Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com -------------------------------------------------------- Centmin Mod Menu -------------------------------------------------------- 1). Centmin Install 2). Add Nginx vhost domain 3). NSD setup domain name DNS 4). Nginx Upgrade / Downgrade 5). PHP Upgrade / Downgrade 6). XCache Re-install 7). APC Cache Re-install 8). XCache Install 9). APC Cache Install 10). Memcached Server Re-install 11). MariaDB 5.2, 5.5, 10, 10.1 Upgrade Sub-Menu 12). Zend OpCache Install/Re-install 13). Install ioping.sh vbtechsupport.com/1239/ 14). SELinux disable 15). Install/Re-install ImageMagick PHP Extension 16). Change SSHD Port Number 17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc 18). Suhosin PHP Extension install 19). Install FFMPEG and FFMPEG PHP Extension 20). NSD Re-install 21). Update - Nginx + PHP-FPM + Siege 22). Add Wordpress Nginx vhost + WP Super Cache 23). Update Centmin Mod Code Base 24). Exit -------------------------------------------------------- Enter option [ 1 - 24 ] 23 -------------------------------------------------------- -------------------------------------------------------- Centmin Mod Updater Sub-Menu -------------------------------------------------------- 1). Setup Centmin Mod Github Environment 2). Update Centmin Mod Current Branch 3). Update Centmin Mod Newer Branch 4). Back to Main menu -------------------------------------------------------- Enter option [ 1 - 4 ]
submenu option 1
setup github local environment
-------------------------------------------------------- Centmin Mod Updater Sub-Menu -------------------------------------------------------- 1). Setup Centmin Mod Github Environment 2). Update Centmin Mod Current Branch 3). Update Centmin Mod Newer Branch 4). Back to Main menu -------------------------------------------------------- Enter option [ 1 - 4 ] 1 -------------------------------------------------------- setup Centmin Mod git sourced install... download github.com centmin mod 123.08beta03 branch repo Cloning into 'centminmod-123.08beta03'... Switched to a new branch '123.08beta03' Branch 123.08beta03 set up to track remote branch 123.08beta03 from origin. list all available local branches git branch -a * 123.08beta03 master remotes/origin/123.06stable remotes/origin/123.07stable remotes/origin/123.08beta03 remotes/origin/123.08centos7beta01 remotes/origin/123.08centos7beta02 remotes/origin/123.08livestats remotes/origin/123.08lua remotes/origin/123.08zerodown remotes/origin/HEAD -> origin/master remotes/origin/master list git log last commit git log -a commit 0a14b23ee0ec2c7787bdfc6befd58d5fb13475dd Author: George LiuDate: Sun May 31 14:40:29 2015 +1000 add tools/gitsetup.sh to automate steps to switch to git updated code base https://community.centminmod.com/threads/working-with-git-command-line-for-updating-centmin-mod-local-copies.2150/ to update centmin mod 123.08beta03 branch repo via git cd /usr/local/src/centminmod-123.08beta03 git stash git pull chmod +x centmin.sh
if you try submenu option 2
and you haven't done submenu option 1
yet
-------------------------------------------------------- Centmin Mod Updater Sub-Menu -------------------------------------------------------- 1). Setup Centmin Mod Github Environment 2). Update Centmin Mod Current Branch 3). Update Centmin Mod Newer Branch 4). Back to Main menu -------------------------------------------------------- Enter option [ 1 - 4 ] 2 -------------------------------------------------------- Error: you do not have git environment setup for github based updates run submenu option 1 to setup github environment first
switching to a new github branch via submenu option 3
-------------------------------------------------------- Centmin Mod Updater Sub-Menu -------------------------------------------------------- 1). Setup Centmin Mod Github Environment 2). Update Centmin Mod Current Branch 3). Update Centmin Mod Newer Branch 4). Back to Main menu -------------------------------------------------------- Enter option [ 1 - 4 ] 3 -------------------------------------------------------- Update Centmin Mod to newer branch via git You need to input the name of the branch List of current remote branches by descending date order 2015-05-31 16:54:41 +1000 4 minutes ago 123.08beta03updater 2015-05-31 14:40:29 +1000 2 hours ago 123.08beta03 2015-05-29 20:22:39 +1000 2 days ago master 2015-05-29 20:22:39 +1000 2 days ago master 2015-05-28 21:20:39 +1000 3 days ago 123.08livestats 2015-05-28 15:29:07 +1000 3 days ago 123.08lua 2015-05-27 15:54:13 +1000 4 days ago 123.08centos7beta02 2015-05-17 19:25:36 +1000 2 weeks ago 123.07stable 2015-05-12 00:44:49 +1000 3 weeks ago 123.08centos7mongodb 2015-05-08 03:36:57 +1000 3 weeks ago 123.08centos7setmisc 2015-04-13 12:00:17 +1000 7 weeks ago 123.08centos7beta02wp 2015-04-07 12:33:43 +1000 8 weeks ago 123.08centos6beta02redis 2015-04-04 05:50:25 +1000 8 weeks ago 123.07stable-fixes 2015-03-25 03:45:39 +1000 10 weeks ago 123.08zerodown 2015-03-10 16:52:48 +1000 3 months ago 123.08geoip 2015-03-10 16:52:37 +1000 3 months ago 123.08centos7beta01 2015-02-24 22:19:38 +1000 3 months ago 123.07stable_intel 2015-02-02 00:51:34 +1000 4 months ago 123.08slowfs 2014-06-23 17:08:44 +1000 11 months ago 123.06stable ->
Enter the branch name you want to switch to i.e. 123.08beta03 : 123.08beta03 download github.com centmin mod 123.08beta03 branch repo Cloning into 'centminmod-123.08beta03'...
CentOS 7.0 and CentOS 7.1 Support
The reason why Centmin Mod .08 release took much longer than usual to reach stable release is due to CentOS 7.0/7.1 support. Alot of testing and feedback by Centmin Mod users for .08 beta allowed me to fix and improve Centmin Mod LEMP stack overall. Having to test for different virtualization technologies also complicated things - Xen and KVM played nicely. However, OpenVZ had a few issues to deal with for CentOS 7 support.
Nginx SSL Switched to LibreSSL
Nginx's support for SSL has switched from static compile of OpenSSL to using OpenSSL forked version, LibreSSL. LibreSSL also adds native support for chacha20_poly1305 ciphers. Centmin Mod Nginx still supports OpenSSL 1.02d and can switch between OpenSSL 1.02d and LibreSSL via centmin.sh variable LIBRESSL_SWITCH='y
' for LibreSSL or LIBRESSL_SWITCH='n'
for OpenSSL 1.02d.
LibreSSL was forked from the OpenSSL library starting with the 1.0.1g branch and will follow the security guidelines used elsewhere in the OpenBSD project.[9].
MariaDB 10 MySQL Default
Default version of MySQL used in Centmin Mod .08 release has been updated from MariaDB 5.5 to MariaDB 10 MySQL. MariaDB 10 is basically a merge of the best stuff from MariaDB 5.5, MySQL 5.6 and Percona 5.6. You can read the following for more info:
- What is MariaDB 10.0? - MariaDB Knowledge Base
- MariaDB 10 vs MySQL 5.6 - A Feature Comparison Update | MariaDB
- System Variable Differences Between MariaDB 5.5 and MySQL 5.5 - MariaDB Knowledge Base
- System Variable Differences Between MariaDB 10.0 and MySQL 5.6 - MariaDB Knowledge Base
- MariaDB versus MySQL - Features - MariaDB Knowledge Base
Pure-ftpd virtual FTP Users
Centmin Mod LEMP initially being a fork of the original Centmin project was never intended for shared hosting with individual user accounts that where isolated. I planned to do full jailed/chrooted user SFTP/SSH support in future. However, as a stop gap workaround for now, I have implemented Pure-ftpd virtual FTP user support for FTP over forced TLS with PASV enabled requirements for each Nginx vhost you add via centmin.sh menu option 2.
Wordpress Nginx Vhost + Wordpress Installer
Added a new centmin.sh menu option 22 to auto install Wordpress + WP Super Cache and other WP Plugins + also auto setup and create the Nginx vhost specifically for Wordpress and WP Super Cache support. As part of centmin.sh menu option 22 routine, it will auto create a cronjob script to auto update all Wordpress Plugins every 8 hours and email you a status update for all WP Plugins and their current status. Also the script will setup wp-login.php with password protection as an additional layer of security.
-------------------------------------------------------- Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com -------------------------------------------------------- Centmin Mod Menu -------------------------------------------------------- 1). Centmin Install 2). Add Nginx vhost domain 3). NSD setup domain name DNS 4). Nginx Upgrade / Downgrade 5). PHP Upgrade / Downgrade 6). XCache Re-install 7). APC Cache Re-install 8). XCache Install 9). APC Cache Install 10). Memcached Server Re-install 11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu 12). Zend OpCache Install/Re-install 13). Install ioping.sh vbtechsupport.com/1239/ 14). SELinux disable 15). Install/Re-install ImageMagick PHP Extension 16). Change SSHD Port Number 17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc 18). Suhosin PHP Extension install 19). Install FFMPEG and FFMPEG PHP Extension 20). NSD Re-install 21). Update - Nginx + PHP-FPM + Siege 22). Add Wordpress Nginx vhost + WP Super Cache 23). Exit -------------------------------------------------------- Enter option [ 1 - 23 ] 22 --------------------------------------------------------
cminfo
cminfo command shortcut gives you a full summary overview of your Centmin Mod LEMP stack state - including software versions, and Nginx vhost, pure-ftpd virtual FTP and MySQL databases etc.
PHP 7.0 support
Centmin Mod .08 release has native support for the next version of PHP = PHP 7.0 (PHPNG). PHP 7.0 is considered alpha state so not ready for production live use as not all PHP extensions are supported yet i.e. memcache/memcached, igbinary, imagick PHP extensions are not yet supported in PHP 7.0. However, I am running a test Wordpress blog on CentOS 7.1 with PHP 7.0 right now at http://wordpress7.centminmod.com/. With Centmin Mod .08 release, you can also play with PHP 7.0 if you want just by using centmin.sh menu option 5 and upgrading PHP by specifying version 7.0.0 when prompted.
New Nginx Modules Added
Centmin Mod's source compiled Nginx server has new Nginx modules added which are equivalent to the ones in Nginx's commercial paid Nginx Plus server and more.
- Centmin Mod Nginx server has added support for Nginx Sticky Module and Nginx Upstream Check Module.
- 3 additional Openresty Nginx modules echo-nginx-module, set-misc-nginx-module and ngx_devel_kit.
- Nginx Lua module and LuaJIT support
- Nginx vhost traffic statistics module support
- RTMP Nginx Module default is disabled
- Openresty Redis2 Module and Nginx http-redis module support
New Centmin Mod Official Addons
New maldet.sh addon for Linux Malware Detect + ClamAV antivirus scanner support. When installed, your Centmin Mod server has automatic daily malware and antivirus scans of the system and auto email notifies you when malware or viruses are detected.
New Centmin Mod Default Index Page
New Centmin Mod logo makes up the new Default Index Page.
Added Remi YUM Repo
Remi YUM repo added as a replacement for dead CentALT Yum Repo. With Remi YUM repo in place, this also allowed Centmin Mod LEMP stack to default to a newer version of ImageMagick for the system at version 6.9.x.
Added ATrpms YUM Repo
ATrpms YUM repo was added to fix ffmpeg and ffmpeg-devel missing required dependency packages on CentOS 7.
Added Redis & MongoDB PHP Extension
Redis PHP extension and MongoDB PHP extension support has been added.
CSF Firewall IPSET Support
CSF Firewall IPSET support has been added when non-OpenVZ systems are detected. IPSET support allow hashing of ips to reduce the overhead involved in blocking and managing large number of IP addresses in CSF Firewall which interfaces with IPTables. Without IPSET support, blocking or managing a large number of IP addresses will slow down and reduce network and system performance of your server.
Nginx + OpenSSL 1.0.2d default
Centmin Mod Nginx is source compiled against static version of OpenSSL and that version has been updated to default to OpenSSL 1.0.2d. Centmin Mod Nginx still supports OpenSSL 1.02d and can switch between OpenSSL 1.02d and LibreSSL via centmin.sh variable LIBRESSL_SWITCH='y
' for LibreSSL or LIBRESSL_SWITCH='n'
for OpenSSL 1.02d.
Persistent Settings via custom_config.inc
Added support for a separate and persistent custom_config.inc
file to place custom centmin.sh settings/variables in which override centmin.sh defaults. This comes in handy when updating Centmin Mod but wanting your custom settings in centmin.sh
to be untouched.
Supports 2 locations for custom_config.inc
inc/custom_config.inc
where centmin.sh base directory resides- at
${CONFIGSCANBASE}/custom_config.inc
which defaults to/etc/centminmod/custom_config.inc
To override centmin.sh
settings and allow them to persist on centmin mod code updates, create a custom_config.inc
at one of the 2 locations mentioned above and add the centmin.sh
option to the custom_config.inc
file.
i.e. to set PHP 5.6.11 and Zend Opcache as default place in manually created file at /etc/centminmod/custom_config.inc
the following variables which are in centmin.sh to override centmin.sh
ones
PHP_VERSION='5.6.11' ZOPCACHEDFT='y'
Finer Grain Nginx Module Control
You'll also have finer grain control over which additional Nginx modules are added to Centmin Mod. An example with centmin.sh variables set to no to disable Nginx module additions. These variables set to no will give you a bare minimum recommended Nginx configuration if you do not require such modules.
NGINX_STREAM=n # http://nginx.org/en/docs/stream/ngx_stream_core_module.html NGINX_RTMP=n # Nginx RTMP Module support https://github.com/arut/nginx-rtmp-module NGINX_FLV=n # http://nginx.org/en/docs/http/ngx_http_flv_module.html NGINX_MP4=n # Nginx MP4 Module http://nginx.org/en/docs/http/ngx_http_mp4_module.html NGINX_AUTHREQ=n # http://nginx.org/en/docs/http/ngx_http_auth_request_module.html NGINX_SECURELINK=n # http://nginx.org/en/docs/http/ngx_http_secure_link_module.html NGINX_FANCYINDEX=n # http://wiki.nginx.org/NgxFancyIndex NGINX_VHOSTSTATS=n # https://github.com/vozlt/nginx-module-vts NGINX_PAGESPEED=n # Install ngx_pagespeed NGINX_PASSENGER='n' # Install Phusion Passenger requires installing addons/passenger.sh before hand NGINX_WEBDAV=n # Nginx WebDAV and nginx-dav-ext-module NGINX_UPSTREAMCHECK='n' # nginx upstream check https://github.com/yaoweibin/nginx_upstream_check_module NGINX_OPENRESTY='n' # Agentzh's openresty Nginx modules LUAJIT_GITINSTALL='n' # opt to install luajit 2.1 from dev branch http://repo.or.cz/w/luajit-2.0.git/shortlog/refs/heads/v2.1 ORESTY_LUANGINX='n' # enable or disable or ORESTY_LUA* nginx modules below
nginx -V nginx version: nginx/1.9.3 built by clang 3.4.2 (tags/RELEASE_34/dot2-final) built with LibreSSL 2.2.1 TLS SNI support enabled configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../headers-more-nginx-module-0.25 --with-openssl=../portable-2.2.0 --with-libatomic --with-threads --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module
for m in $(nginx -V 2>&1 | grep configure); do echo $m; done configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../headers-more-nginx-module-0.25 --with-openssl=../portable-2.2.0 --with-libatomic --with-threads --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module
Nginx SPDY SSL Vhost Generation Support
Centmin Mod's centmin.sh menu option 2 has added support for auto generating a self-signed SPDY SSL Nginx vhost to accompany your non-SSL Nginx vhost so your domains have basic https and non-https support. Then it's just a matter of replacing your SPDY SSL Nginx vhost yourdomain.com.ssl.conf Nginx vhost with your paid commercial SSL certificates if you want as per outline here.Also added SSH command line support for creating new Nginx vhosts with SPDY SSL vhost auto generation support
-------------------------------------------------------- Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com -------------------------------------------------------- Centmin Mod Menu -------------------------------------------------------- 1). Centmin Install 2). Add Nginx vhost domain 3). NSD setup domain name DNS 4). Nginx Upgrade / Downgrade 5). PHP Upgrade / Downgrade 6). XCache Re-install 7). APC Cache Re-install 8). XCache Install 9). APC Cache Install 10). Memcached Server Re-install 11). MariaDB 5.2, 5.5, 10, 10.1 Upgrade Sub-Menu 12). Zend OpCache Install/Re-install 13). Install ioping.sh vbtechsupport.com/1239/ 14). SELinux disable 15). Install/Re-install ImageMagick PHP Extension 16). Change SSHD Port Number 17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc 18). Suhosin PHP Extension install 19). Install FFMPEG and FFMPEG PHP Extension 20). NSD Re-install 21). Update - Nginx + PHP-FPM + Siege 22). Add Wordpress Nginx vhost + WP Super Cache 23). Update Centmin Mod Code Base 24). Exit -------------------------------------------------------- Enter option [ 1 - 24 ] 2 --------------------------------------------------------
--------------------------------------------- Enter vhost domain name you want to add (without www. prefix): domain4.com Create a self-signed SSL certificate Nginx vhost? [y/n]: y Create FTP username for vhost domain (enter username): ftpssl4 Do you want to auto generate FTP password (recommended) [y/n]: y FTP username you entered: ftpssl4 FTP password auto generated: BTH2Psh33rJAYgb3bG2Xc Password: Enter it again:
--------------------------------------------------------------- SSL Vhost Setup... --------------------------------------------------------------- --------------------------------------------------------------- Generating self signed SSL certificate... Generating a 2048 bit RSA private key ..............................+++ .................................................+++ writing new private key to 'domain4.com.key' ----- Signature ok subject=/C=US/ST=Los Angeles/L=California/O=domain4.com/CN=domain4.com Getting Private key --------------------------------------------------------------- Generating dhparam.pem file - can take a few minutes... Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .............+......................................................................................................................................................................................+..........................................................................................................................................................................+...................++*++* ------------------------------------------------------------- service nginx reload Reloading nginx configuration (via systemctl): [ OK ] systemctl restart pure-ftpd.service
------------------------------------------------------------- FTP hostname : ipaddress FTP port : 21 FTP mode : FTP (explicit SSL) FTP Passive (PASV) : ensure is checked/enabled FTP username created for domain4.com : ftpssl4 FTP password created for domain4.com : BTH2Psh33rJAYgb3bG2Xc -------------------------------------------------------------
vhost for domain4.com created successfully domain: http://domain4.com vhost conf file for domain4.com created: /usr/local/nginx/conf/conf.d/domain4.com.conf vhost ssl for domain4.com created successfully domain: https://domain4.com vhost ssl conf file for domain4.com created: /usr/local/nginx/conf/conf.d/domain4.com.ssl.conf /usr/local/nginx/conf/ssl_include.conf created upload files to /home/nginx/domains/domain4.com/public vhost log files directory is /home/nginx/domains/domain4.com/log
Current vhost listing at: /usr/local/nginx/conf/conf.d/ Jun 1 19:23 1.1K demodomain.com.conf Jun 1 19:23 845 ssl.conf Jun 1 19:34 1.4K virtual.conf Jun 2 07:08 2.8K newdomain1.com.conf Jun 2 07:36 2.8K newdomain2.com.conf Jun 2 07:41 2.8K newdomain3.com.conf Jun 21 11:00 1.6K domain3.com.conf Jun 21 11:00 3.2K domain3.com.ssl.conf Jun 21 11:04 1.6K domain4.com.conf Jun 21 11:04 3.2K domain4.com.ssl.conf -------------------------------------------------------------
contents of /usr/local/nginx/conf/conf.d/domain4.com.ssl.conf
# Centmin Mod Getting Started Guide # must read http://centmin.sh/getstarted.html # For SPDY SSL Setup # read http://centmin.sh/nginx_configure_https_ssl_spdy.html # redirect from www to non-www forced SSL # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 # server { # server_name domain4.com www.domain4.com; # return 302 https://$server_name$request_uri; # } server { listen 443 ssl spdy; server_name domain4.com www.domain4.com; ssl_dhparam /usr/local/nginx/conf/ssl/domain4.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/domain4.com/domain4.com.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/domain4.com/domain4.com.key; include /usr/local/nginx/conf/ssl_include.conf; # mozilla recommended ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA; ssl_prefer_server_ciphers on; add_header Alternate-Protocol 443:npn-spdy/3; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header X-Content-Type-Options "nosniff"; #add_header X-Frame-Options DENY; spdy_headers_comp 5; ssl_buffer_size 1369; ssl_session_tickets on; # enable ocsp stapling #resolver 8.8.8.8 8.8.4.4 valid=10m; #resolver_timeout 10s; #ssl_stapling on; #ssl_stapling_verify on; #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain4.com/domain4.com-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/domain4.com/log/access.log combined buffer=256k flush=60m; error_log /home/nginx/domains/domain4.com/log/error.log; root /home/nginx/domains/domain4.com/public; location / { # block common exploits, sql injections etc #include /usr/local/nginx/conf/block.conf; # Enables directory listings when index file not found #autoindex on; # Shows file listing times as local time #autoindex_localtime on; # Enable for vBulletin usage WITHOUT vbSEO installed # More example Nginx vhost configurations at # http://centmin.sh/nginx_configure.html #try_files $uri $uri/ /index.php; } include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; }
contents of /usr/local/nginx/conf/ssl_include.conf
ssl_session_cache shared:SSL:10m; ssl_session_timeout 60m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Basic Multiple PHP-FPM Pool Support
Added basic multiple PHP-FPM pools support. Full details here.
Add Optional Custom Curl 7.43 RPM Support
CentOS 6 defaults to curl 7.19 and CentOS 7 defaults to curl 7.29 while latest curl is 7.43. Added optional routine and standalone /addons/customcurl.sh addon to update to curl 7.43 Beta Branch - Centmin Mod .08 beta 03 addon - curl 7.43 custom rpms.
Centmin Mod 1.2.3-eva2000.08 Change Log
- Add centmin.sh menu option 23 for updating Centmin Mod code via github repo
- Add cminfo quick info summary CLI command
- Add custom_config.inc persistent centmin.sh option file support
- Add CentOS 7.0 & CentOS 7.1 support
- Add CentOS 6.6 support
- Add Clang compiler support for faster source compiles and installs for select software
- Add SSH command line support for creating new Nginx vhosts with SPDY SSL vhost auto generation support
- Add PHP 7 / PHP NG support PHP-FPM - PHP 5.7 (PHPNG)
- Add to centmin.sh menu option 2 support for SPDY SSL Nginx vhost generator setup
- Add basic Multiple PHP-FPM pool support for 4 additional pools
- Add pure-ftpd virtual FTP user support per Nginx vhost isolated to domain's vhost directory
- Add centmin.sh menu option 22 for quick Wordpress Nginx vhost + Wordpress installation
- Add EMAIL and PUSHOVER_EMAIL variable support in centmin.sh - if EMAIL variable is populated with an email address, CSF Firewall's alert email field will be populated with EMAIL value so you will get CSF Firewall notification emails when certain actions are taken i.e. blocking IPs from SSHD brute force attacks etc
- Add new default Nginx index page design (new default Nginx index.html design)
- Add Nginx Lua modules + LuaJIT support
- Add Nginx Vhost Traffic Statistics module support
- Add RTMP Nginx Module to Nginx configuration - default is disabled
- Add Nginx Sticky module to Nginx configuration nginx-goodies / nginx-sticky-module-ng — Bitbucket (downloads) for cookie or route based session persistence for upstream load balancing. This is a feature that is available in the commercial paid Nginx Plus releases Module ngx_http_upstream_module (details here and here). Disabled by default as Nginx 1.9.0 has added equivalent support for persistence in upstream backends.
- Add Nginx Upstream Check module to Nginx configuration yaoweibin/nginx_upstream_check_module · GitHub which allows you to check the health of an upstream load balancer backend. Yet another Nginx module which is packaged with commercial paid Nginx Plus release Module ngx_http_upstream_module (details here). Nginx Upstream Check module 0.3.0 adds Tengine patch
- Add Openresty echo-nginx-module Nginx module support
- Add Openresty set-misc-nginx-module Nginx module support
- Add ngx_devel_kit Nginx module support
- Add Linux Malware Detect + ClamAV Addon (maldet + clamAV scanner)
- Add Remi YUM repository support to replace removed CentALT YUM repo
- Add ATrpms YUM repository support for ffmpeg-php extension YUM packages on CentOS 7
- Add individual YUM repository disabling for Axivo and Remi YUM repo at initial install time
- Add optional custom RPM support for installing curl/libcurl 7.43
- Add alternative PHP include file configuration support phpalt.conf
- Add automatic OpenSSL version checker on Nginx upgrade routine
- Add redis PHP extension support and mongodb PHP extension support
- Updated default PHP opcache from APC Cache switch to Zend Opcache
- Update /tmp creation routine which sets either ramdisk tmpfs or non-tmpfs based on system memory available/installed
- Update centmin.sh menu option 16 for changing SSHD Port
- Update custom /etc/sysctl.conf settings to re-enable tcp_sack
- Update system max file descriptor limits for Nginx, PHP-FPM and Memcached server
- Update Nginx 1.9.3 default with ngx_stream_core_module support and reuseport support + jemalloc for memory management + LibreSSL alternative to OpenSSL
- Update Nginx ngx_pagespeed to 1.9.32.4 beta
- Update ccache from 3.1.9 to 3.2.2 and switch from EPEL YUM install to source compile
- Updated OpenSSL 1.0.2d for POODLE SSLv3 and other security fixes
- Update PHP default installed version from PHP 5.3.x to 5.4 series with default Zend Opcache installed
- Update and set MariaDB 10.x as default installed MySQL server version
- Update PHP configuration and upgrade routine to support PHP 5.6 and 5.7 (PHP 7.0 / PHP NG)
- Update PHP compile configuration to add libvps and t1lib support
- Update PHP-FPM log_level to default to warning only
- Update system ImageMagicK version from 6.5.4 system package to Remi YUM repo provided ImageMagicK 6.9.0
- Update Nginx OpenResty module support for Nginx configuration
- Update AVG Anti-Virus Addon
- Update command shortcuts for Nginx, PHP-FPM, MariaDB MySQL reload command
- Update htpasswd.sh function
- Update postfix configuration settings
- Update CSF firewall install routine & configuration settings including IPSET support for non-OpenVZ VPS
- Update PHP download url
- Update Zend OpCache upgrade routine
- Update Siege benchmark 3.1.0 version
- Update Suhosin 0.9.37.1 PHP Extension
- Update Python 2.7.10 optional version
- Update ImageMagicK 3.3.0RC2 PHP extension
- Update to fix FFMPEG PHP extension support for PHP =>5.4
- Update Libevent from 2.0.21 to 2.0.22 stable
- Update Memcached server from 1.4.21 to 1.4.24
- Update igbinary PHP extension from 1.1.1-dev to 1.2.1 stable
- Update havegd entropy configuration to increase available entropy to support ECC 256 bit SSL certificates & ECDSA signature algorithm usage
- Update passenger.sh Addon's node js version
- Update Axivo YUM repo download url & moved installation to end of initial Centmin Mod install
- Update Percona YUM repo download url and YUM priorities routine
- Update EPEL YUM repo to take advantage of their mirror system, so it always get's the most updated download version for their rpm.
- Update and switch to /dev/urandom based random number generator to include letters
- Update multi-threaded parallel compression install tool versions
- Removed outdated /Extras* files from downloaded package