Install After changing IP address of server

Please fill in any relevant information that applies to you:

• CentOS Version: CentOS 7 64bit
• Centmin Mod Version Installed: 123.09beta01
• Nginx Version Installed: 1.17.9
• PHP Version Installed: 7.3
• MariaDB MySQL Version Installed: 10.xx.xx

1. After changing the IP address of an already running centminmod wordpress stack server, what additional changes do I need to make onto my stack?
2. I am using mod_security, aggressive badbot blocker, maldet, csf fail2ban type rule setting. I need to update IP address on

Code:

/usr/local/nginx/conf/ultimate-badbot-blocker/bots.d/whitelist-ips.conf

but apart from here do I need to update my new IP address to somewhere also too like in one of these security addons?
3. Do you have any other recommendation for making my centminmod stack more secure apart from these addons?
4. Will the letsencrypt ssl will get auto renewed even when the domain has a new IP address now? If no then what is the manual way of renewing the ssl certificate?
5. I am using cloudfront CDN, do you have any other recommended settings or guide for cloudfront too just like cloudflare CDN?

---

 

Thanks a lot for your suggestion. I got to learn some new things. I have some questions here.

1. I want to block access to my domain via its ip address. I tried some guides but found no useful way to do this. Anyway to achieve this?

2. I am implementing csf fail2ban type rule after installation of centminmod stack via these codes

Code:

# enable CSF Firewall native fail2ban like support
# https://community.centminmod.com/posts/62343/
csf --profile backup backup-b4-customregex
cp -a /usr/local/csf/bin/regex.custom.pm /usr/local/csf/bin/regex.custom.pm.bak
egrep 'CUSTOM1_LOG|CUSTOM2_LOG|CUSTOM3_LOG|CUSTOM4_LOG' /etc/csf/csf.conf
sed -i "s|CUSTOM1_LOG = .*|CUSTOM1_LOG = \"/home/nginx/domains/\*/log/access.log\"|" /etc/csf/csf.conf
sed -i "s|CUSTOM2_LOG = .*|CUSTOM2_LOG = \"/home/nginx/domains/\*/log/error.log\"|" /etc/csf/csf.conf
sed -i "s|CUSTOM3_LOG = .*|CUSTOM3_LOG = \"/var/log/nginx/localhost.access.log\"|" /etc/csf/csf.conf
sed -i "s|CUSTOM4_LOG = .*|CUSTOM4_LOG = \"/var/log/nginx/localhost.error.log\"|" /etc/csf/csf.conf
egrep 'CUSTOM1_LOG|CUSTOM2_LOG|CUSTOM3_LOG|CUSTOM4_LOG' /etc/csf/csf.conf
wget -O /usr/local/csf/bin/regex.custom.pm https://gist.github.com/centminmod/f5551b92b8aba768c3b4db84c57e756d/raw/regex.custom.pm
csf -ra

Do I need to additonally install and activate fail2ban via fail2ban.sh? Can I implement both of these? Will it cause any conflict on my stack if both are implemented at the same time/

3. Can I set access to my ssh port, sql port and ftpd ports from my own country and block all the rest of countries?

 

There are some guides available such as this https://serverfault.com/questions/607137/restrict-direct-ip-access-to-website. But on centminmod, things are little different, when I try to access my site via its ip address it lands me on the welcome screen of centminmod page. I want to hide that page from the world. So anyway to do that? Maybe by restricting self ip address access or anything like that?

 

Can you please elaborate as what this means and how its gonna affect my site and do I need to worry about that?

I followed this guide NGINX — Disable direct access (via http and https) to a website using IP address and edited vhostconf and removed

Code:

root html;

and put there

Code:

return 404;

and it's working and direct ip address shows nginx error 404. Is this the right method to do it and will this cause some other error like the one you mentioned above about

Code:

break Centmin Mod administrative stats pages outlined in sticky thread in Centmin Mod Insights

?

 

I installed and configured fail2ban on a new server and upon visiting /etc/fail2ban/jail.local I found three ip address already registered there on ignoreip
1. 127.0.0.1/8
2. Internal ip address of the VM
3. My wifi ip address
But there was no ip address of the server so I entered it manually and removed my wifi ip address. Is this normal ?

The other thing which I noticed that when I installed fail2ban before domain vhost configuration via option 22 then fail2ban was not working properly and

Code:

fail2ban-client status wordpress-auth

was not executing properly along with other commandsbut then I reinstalled fail2ban and everything became normal and started functioning properly. Is this normal and do I need to install fail2ban only after creating vhost via option 22?

 

Thanks a lot @eva2000 for helping me out here. I got to learn some really great things only because of you. Thanks!!