Learn about Centmin Mod LEMP Stack today
Become a Member

Install After Centmin Mod Install - 5 tasks you do manually that wish to be automated?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by eva2000, Nov 15, 2016.

  1. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    4:54 AM
    1.11.x
    10.1.18
    These two would be very sweet for me, personally, as I always use Memcached and Cloudflare with my installs.
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    a side project of mine is keygen.sh generator for ssh public key authentication at GitHub - centminmod/keygen: ssh private key pair generator probably something useful for centmin mod users but they need to understand implictaions of using ssh keys, securing/backing up private key and recovering ssh access when they loose their private keys which i suspect most noob folks wouldn't know of

    FYI, those settings specifically for public key authentication are already enabled by default in centmin mod installs

    in inc/sshd.inc centminmod/sshd.inc at 123.09beta01 · centminmod/centminmod · GitHub
     
    Last edited: Nov 15, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    FYI, the more common multi-threaded compression tools are already auto installed via yum during initial centmin mod install for pigz, pbzip2, and xz & pxz
    Code (Text):
    yum list pigz pbzip2 xz pxz -q
    Installed Packages
    pbzip2.x86_64 1.1.12-1.el7 @epel
    pigz.x86_64 2.3.3-1.el7.centos @extras
    pxz.x86_64 4.999.9-10.beta.20120930git.el7 @epel
    xz.x86_64 5.1.2-12alpha.el7 @base 
     
  4. Tracy Perry

    Tracy Perry Active Member

    213
    87
    28
    Aug 24, 2014
    Texas
    Ratings:
    +145
    Local Time:
    4:54 AM
    1.11.5
    MariaDB 10.0.28
    If he doesn't (and I think some of these are his) you can use csfpre.sh and csfpost.sh to use ipset to set them. There is probably a better way, but that's what I'm doing. Roughly 7878 entries and then some CIDR's I've had issues with.
    Terms Of Condition - Guides - Now Serving Linux
     
  5. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    12:54 PM
    1- csf configuration (ports/ipv6 drop/notifications)
    2- set automatic backup of databases and files

    centmin already has a variety of options that can be configured very fast (change ssh port)
    and also many of the other configurations are application/user dependant so one configuration would not work for everyone just like that
     
  6. ethanpil

    ethanpil Active Member

    171
    53
    28
    Nov 8, 2015
    Ratings:
    +99
    Local Time:
    7:54 PM
    I'm quoting other posts below and add my own at the end.

    CSF ports: Minimal Firewall Ports? | Centmin Mod Community
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  8. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    12:54 PM
    Nginx 1.11.6
    MariaDB 10.0.27
    I do not know the right way to solve the task. May be we have to have start/stop options for services.
    When we run the service using the menu, there is a question about how to add a port to the csf.conf.
    The port is removed when you stop the service.
    And by default we have the minimum number of ports in the csf.conf.

    I have a minimal number of ports in the csf.conf. I edit the csf.conf each time manually (and I have to read docs each time :) ). An example of menu behavior:
    Code (Text):
    77. CSF Ports
    17. Add ports for outgoing traceroute
    UDP_OUT = "33434:33523" added to csf.conf
    
    88. Start/stop services
    12. Stop FTP-service
    Some ports deleted...
    
     
    Last edited: Nov 17, 2016
  9. ndha

    ndha Member

    82
    10
    8
    Sep 28, 2014
    Ratings:
    +29
    Local Time:
    4:54 PM
    Latest
    10
    1. set custom php.ini
    2. set redis + PHP sessions.
    3. set CSF Config + set Incapsula IP (Nginx & CSF).
    4. set Mysql Master/Slave + Rsync + Backup script.
    5. set Nginx reverse Proxy for Ddos Protection.

    Anyway @eva2000 is it centmin had nginx Reverse proxy config for using with VPS Ddos protection ??
    best config for http/https site..
    like had 2 vps, 1 with ddos protection and 1 normal, both using centmin..
     
  10. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah probably best to manually do that as only you know which services you want disabled/port removed from whitelisting.
     
  11. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    For custom php settings read centminmod.com/phpfpm.html#customphpini. You might want to create /etc/centminmod/php.d/b_customphp.ini to override centmin mod defaults at /etc/centminmod/php.d/a_customphp.ini and restart PHP-FPM. Also outlined in Getting Started Guide Step 17. Like the service/ports setting custom settings for PHP only the end user yourself would know what to customise :)

    nginx proxies have alot of end user determined configurations so it's best left to end user to configure

    Centmin Mod's Nginx has all the nginx modules it requires for you to configure nginx reverse proxy, nginx based load balancing and proxy caching (with exception of the shared file system you'd need i.e. NFS, GlusterFS and any mysql database cluster/replication). You just have to configure it yourself :)

    For nginx reverse proxy & load balancing read the documentation, tutorial and guides below
     
  12. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    another one that really should be end user configured as they should understand what is involved in not only setting up master/slave mysql replication but how to deal with errors and issues related to mysql replication and data backup and recovery (in case of corruption).
     
  13. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    5:54 AM
    1. Option to remove vhost and associated file, settings and certs.

    With the growing number of features involved with vhosts, it would be nice if the install script went ahead and created a remove vhost script. I now it currently creates a list of what needs to be done for a basic vhost, but it would be nice if it took care of any issues with LetsEncrypt and any other stuff that gets added in the future.

    This would be a real time saving for those of us with fat fingers and end up mis-typing something in acmetool.

    2. addons/netdata -- what else needs to be said! I install it manually myself, but don't do all the additional stuff to monitor nginx and php yet.

    3. TBD...

    -John Scott
     
  14. pamamolf

    pamamolf Premium Member Premium Member

    3,811
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    12:54 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    A lot of people looks like waiting for netdata :) Cool !

    Yes uninstall of a domain and all related files of it is a nice one :)
     
    Last edited: Nov 18, 2016
  15. pamamolf

    pamamolf Premium Member Premium Member

    3,811
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    12:54 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    With a prompt for deleting a non empty public folder also ? :)
     
  16. ndha

    ndha Member

    82
    10
    8
    Sep 28, 2014
    Ratings:
    +29
    Local Time:
    4:54 PM
    Latest
    10
    ahhhh damn it, i'm not realize your thread title is ".....wish to be automatically" lol
    i only read taks you do manually, and my post above is manually...
    Sorry @eva2000

    also i already read that source for nginx reverse proxy but still want to find recommend nginx conf for it,
    maybe centmin community had something for it..
    Thanks..
     
  17. narji

    narji Member

    69
    6
    8
    Feb 4, 2016
    Ratings:
    +12
    Local Time:
    4:54 PM
    can we use this guide to add function in centmin ?
    csf-iptable-ipset-firehol dynamic ip list

    to prevent attack from botnet and other malicious ip
     
  18. eva2000

    eva2000 Administrator Staff Member

    44,500
    10,164
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,729
    Local Time:
    7:54 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah no worries

    nginx vhost domain removal is on the to do list :)

    CSF Firewall already has native IPSET support for non-openvz systems. Whenever you ban an IP in CSF Firewall or allow, it will use IPSET if the system supports it.

    addons/netdata.sh will be released later after 123.09stable is released which depends on addons/acmetool.sh beta testing right now :)
     
  19. arlon

    arlon Member

    91
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    4:54 PM
    1.13.6
    10.1
    1. Setup database+file backup
    2. install Htop
    3. Install SSL
    4. custome nginx config
     
  20. pamamolf

    pamamolf Premium Member Premium Member

    3,811
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    12:54 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    In my opinion i think Centminmod should start use both configs http and https (Let's Encrypt) on every Add domain vhost option....

    Soon https will be the default and as it is possible i think the best is to have the normal http config and the hhtps Let's encrypt and let the software/platform/script decide which one to use or even change from one to another by just changing the config file :)