This thread is dedicated to testing Centmin Mod 1.2.3-eva2000.09 betas. Starting with Github branch 123.09beta01. You can get a feel of what development and effort gets put into betas by checking out previous .08 beta thread. Testing, feedback and suggestions by users will make Centmin Mod next release even better 123.09beta01 branch = centminmod/centminmod at 123.09beta01 · GitHub 123.09beta01 commit history = Commits · centminmod/centminmod · GitHub 123.08stable vs 123.09beta01 commit comparison history How to install 123.09beta01 Initially If you are not an existing 123.08stable user or want to start off with 123.09beta01. The quick one liner curl install method is best. Everything is the same as method 3 outlined here just using betainstaller.sh instead of installer.sh or betainstaller55.sh or betainstaller56.sh. You'd still want to bookmark and read and re-read the Getting Started Guide for updates and useful info and tips to get you on your way using Centmin Mod LEMP stack.. Defaults to PHP 5.4.44 PHP 5.5.x branch as at September 5, 2015 Code (Text): curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh Added additional curl one liner 123.09beta01 unattended installs methods which default to PHP 5.6.13. Code (Text): curl -O https://centminmod.com/betainstaller56.sh && chmod 0700 betainstaller56.sh && bash betainstaller56.sh Add installer-latest.sh for 123.09beta01, allows default PHP 5.6.13 + Zend Opcache + enable customcurl RPM install to update from curl/libcurl 7.19/7.29 to 7.44 all out of box defaults for fresh 123.09beta01 and higher installs Can be installed via one liner install method Code (Text): curl -O https://centminmod.com/betainstaller-latest.sh && chmod 0700 betainstaller-latest.sh && bash betainstaller-latest.sh How to switch to 123.09beta01 branch ? If you're using Centmin Mod 1.2.3-eva2000.08 stable release (123.08stable branch) and have setup git environment via centmin.sh menu option 23 submenu 1. Then switching from 123.08stable branch to 123.09beta01 branch is easy via centmin.sh menu option 23 submenu option 3 (you can switch between 123.09beta01 back to 123.08 stable via same submenu option 3 too). launch centmin.sh via cmd shortcut = centmin or via command in SSH below or check out dedicated menu page and youtube video on how to invoke centmin.sh. Code (Text): cd /usr/local/src/centminmod ./centmin.sh If you already have centmin.sh option 23 submenu option 1 setup for git environment, go straight to centmin.sh option 23 submenu option 3. If you have yet to run centmin.sh option 23 submenu option 1, follow guide at centminmod.com/upgrade.html. Code (Text): -------------------------------------------------------- Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com -------------------------------------------------------- Centmin Mod Menu -------------------------------------------------------- 1). Centmin Install 2). Add Nginx vhost domain 3). NSD setup domain name DNS 4). Nginx Upgrade / Downgrade 5). PHP Upgrade / Downgrade 6). XCache Re-install 7). APC Cache Re-install 8). XCache Install 9). APC Cache Install 10). Memcached Server Re-install 11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu 12). Zend OpCache Install/Re-install 13). Install ioping.sh vbtechsupport.com/1239/ 14). SELinux disable 15). Install/Reinstall ImagicK PHP Extension 16). Change SSHD Port Number 17). Multi-thread compression: pigz,pbzip2,lbzip2... 18). Suhosin PHP Extension install 19). Install FFMPEG and FFMPEG PHP Extension 20). NSD Re-install 21). Update - Nginx + PHP-FPM + Siege 22). Add Wordpress Nginx vhost + WP Super Cache 23). Update Centmin Mod Code Base 24). Exit -------------------------------------------------------- Enter option [ 1 - 24 ] 23 -------------------------------------------------------- centmin.sh option 23 submenu option 3 will list out all available remote branches on github in date descending order with most recently updated remote branch at top and prompt you to enter the branchname you want to switch to which in this case is 123.09beta01 Code (Text): -------------------------------------------------------- Centmin Mod Updater Sub-Menu -------------------------------------------------------- 1). Setup Centmin Mod Github Environment 2). Update Centmin Mod Current Branch 3). Update Centmin Mod Newer Branch 4). Back to Main menu -------------------------------------------------------- Enter option [ 1 - 4 ] 3 -------------------------------------------------------- Update Centmin Mod to newer branch via git You need to input the name of the branch List of current remote branches by descending date order 2015-08-11 04:33:56 +1000 30 hours ago master 2015-08-11 04:33:56 +1000 30 hours ago master 2015-08-11 04:33:32 +1000 30 hours ago 123.08stable 2015-08-11 04:31:59 +1000 30 hours ago 123.09beta01 2015-07-26 22:47:23 +1000 2 weeks ago 123.08beta03 2015-07-26 02:36:30 +1000 2 weeks ago 123.08beta03redis 2015-07-16 07:46:33 +1000 4 weeks ago 123.08beta03-el7ffmpeg-fix 2015-07-10 19:59:08 +1000 5 weeks ago 123.07stable 2015-06-29 13:57:14 +1000 6 weeks ago 123.08beta03curl743 2015-06-14 13:15:27 +1000 8 weeks ago 123.08beta03-rtmp 2015-06-10 00:47:37 +1000 9 weeks ago 123.08beta03-libresslclang 2015-06-09 21:28:18 +1000 9 weeks ago 123.08beta03clang 2015-06-03 21:13:57 +1000 2 months ago 123.08beta03libressl 2015-05-27 15:54:13 +1000 3 months ago 123.08centos7beta02 2015-03-25 03:45:39 +1000 5 months ago 123.08zerodown 2015-03-10 16:52:37 +1000 5 months ago 123.08centos7beta01 2014-06-23 17:08:44 +1000 1 year, 2 months ago 123.06stable -> Enter the branch name you want to switch to i.e. 123.08beta03 : 123.09beta01 download github.com centmin mod 123.09beta01 branch repo Cloning into 'centminmod'... Switched to a new branch '123.09beta01' Branch 123.09beta01 set up to track remote branch 123.09beta01 from origin. list all available local branches git branch -a * 123.09beta01 master remotes/origin/123.06stable remotes/origin/123.07stable remotes/origin/123.08beta03 remotes/origin/123.08beta03-el7ffmpeg-fix remotes/origin/123.08beta03-libresslclang remotes/origin/123.08beta03-rtmp remotes/origin/123.08beta03clang remotes/origin/123.08beta03curl743 remotes/origin/123.08beta03libressl remotes/origin/123.08beta03redis remotes/origin/123.08centos7beta01 remotes/origin/123.08centos7beta02 remotes/origin/123.08stable remotes/origin/123.08zerodown remotes/origin/123.09beta01 remotes/origin/HEAD -> origin/master remotes/origin/master list git log last commit git log -a commit 0e558d19dd419ab6050c7c67a7e7ec8e7737153c Author: George Liu <MAIL> Date: Tue Aug 11 04:31:59 2015 +1000 update downloads/svr-setup.zip to update centmin mod 123.09beta01 branch repo via git cd /usr/local/src/centminmod git stash git pull chmod +x centmin.sh Then hit submenu option 4 to go back to main menu on centmin.sh and then hit centmin.sh menu option 24 to exit. Then you need to change into the directory again for /usr/local/src/centminmod as it's a new directory under 123.09beta01 code Code (Text): cd /usr/local/src/centminmod type git log -2 to confirm that the last git commits listed are latest from official commit history at Commits · centminmod/centminmod · GitHub How to update 123.09beta01 branch ? As you have git environment setup, updating is as easy as using centmin.sh menu option 23 submenu option 2. Code (Text): -------------------------------------------------------- Centmin Mod Updater Sub-Menu -------------------------------------------------------- 1). Setup Centmin Mod Github Environment 2). Update Centmin Mod Current Branch 3). Update Centmin Mod Newer Branch 4). Back to Main menu -------------------------------------------------------- Enter option [ 1 - 4 ] 2 --------------------------------------------------------
123.09beta01 changes to date With 123.08stable release officially on July 31, 2015. I had already started making updates from August 1st, 2015 for 123.09beta01 branch as outlined at Commits · centminmod/centminmod · GitHub Some are minor fixes and speed improvements for initial install times. 123.08stable vs 123.09beta01 commit comparison history 123.09 beta01 Change Log Centmin Mod 123.09 beta change log: Add PHP 7.0.0 GA Stable Support community.centminmod.com/posts/21356/ Add Zend Opcache transparent huge pages support for PHP 7 only if CentOS 7 is detected and if Redis server is not installed community.centminmod.com/posts/21762/ Add support for SECOND_IP variable in Nginx vhost generator routines community.centminmod.com/posts/22202/ Add optional curl betainstaller56.sh and betainstaller-latest.sh support for out of box PHP 5.6.x default and PHP 5.6.x default + curl 7.44 support respectively community.centminmod.com/posts/17623/ Add tools/nginxupdate.sh unattended cli command line updater community.centminmod.com/posts/19691/ Add tools/geoipdb-update.sh community.centminmod.com/posts/23481/ Add Nginx HTTP/2 alpha and final support community.centminmod.com/posts/17443/ and community.centminmod.com/posts/18511/ Add nginScript module support community.centminmod.com/posts/18759/ Add ngx_brotli module support for better compression community.centminmod.com/posts/19593/ Add NGINX_GEOIPMEM variable to reduce nginx geoip module memory usage on low memory systems community.centminmod.com/posts/21025/ Add NGXMODULE_ALTORDER variable community.centminmod.com/posts/19654/ Add PHPIMAGICK variable support community.centminmod.com/posts/18588/ Add PHPMAILPARSE variable support community.centminmod.com/posts/23401/ Add PHPGEOIP_ALWAYS variable support community.centminmod.com/posts/18578/ Add additional PHP extension variable support community.centminmod.com/posts/18889/ Add POSTGRESQL variable support for PostgreSQL 9.4 install and pdo-pgsql PHP extension support community.centminmod.com/posts/18578/ Add additional Nginx module variable options to centmin.sh community.centminmod.com/posts/18720/ Add addons/devtoolset-3.sh installer community.centminmod.com/posts/19615/ Add addons/git2_install.sh installer community.centminmod.com/posts/20900/ Add side install Python 2.7, 3.2, 3.3, and 3.4 support that runs side by side with default system Python version community.centminmod.com/posts/17469/ Add tools/nvwp.sh standalone nginx vhost add + wordpress auto installer that bypasses WP-CLI tool usage for PHP 7 usage as WP-CLI tool doesn't fully support PHP 7 yet community.centminmod.com/posts/17563/ Add to Nginx add vhost functions for HTTP Key Pinning support for SSL centminmod.com/http-public-key-pinning.html and community.centminmod.com/posts/17649/ Add MariaDB 10.0.x to MariaDB 10.1.x upgrade routine submenu support community.centminmod.com/posts/18185/ Add Postfix opportunistic TLS encryption for outgoing server mail community.centminmod.com/posts/18355/ Add NGINX_DEBUG variable support community.centminmod.com/posts/18370/ Updated LibreSSL to 2.2.3 community.centminmod.com/posts/17818/ Updated Nginx SSL routines community.centminmod.com/posts/17872/ Updated 123.09beta01 to default to PHP 5.5 branch community.centminmod.com/posts/18027/ Updated CSF Firewall default white listed ports rules and removed 111 and 2049 ports by default community.centminmod.com/posts/18132/ Updated MariaDB my.cnf to default to default-storage-engine=InnoDB out of box community.centminmod.com/posts/18252/ Updated MariaDB default my.cnf templates and added new ones that are deployed depending on memory installed on server community.centminmod.com/posts/18478/ Updated centmin.sh menu option 22 auto wordpress installer's WP-CLI self updater routine community.centminmod.com/posts/18426/ Update sshd configurations for CentOS 6.x backported OpenSSH 5.3p1 to support backported ecdsa ssh keys community.centminmod.com/posts/19703/ Working on Letsencrypt free SSL certificate integration support community.centminmod.com/posts/18004/ Fixed missing mcrypt PHP extension for CentOS 6.7 community.centminmod.com/posts/18049/ Disabeld ATrpms YUM repo no longer works community.centminmod.com/posts/18260/ Nginx HTTP/2 Support to Replace SPDY SSL The biggest change added is now for the Nginx HTTP/2 alpha patch. Official Nginx blog announcement at Announcing an Early Alpha Patch for HTTP/2 - NGINX Basically, Google is dropping SPDY based SSL for newer HTTP/2 based SSL. I have already started HTTP/2 benchmarks with other web servers such as h2o and OpenLiteSpeed which you can see at h2ohttp2.centminmod.com/webpagetests1.html. So it's good news that Nginx is progressing and released an Nginx HTTP/2 alpha patch You can see example of how I updated Centmin Mod to 123.09beta01 and then recompiled Nginx via centmin.sh menu option 4 to enable and apply the Nginx HTTP/2 alpha patch to Nginx here. Nginx HTTP/2 and ngx_pagespeed Nginx HTTP/2 patch seems to break ngx_pagespeed for SSL based sites so just a heads up HTTP/2 Links & Info HTTP/2 - Wikipedia, the free encyclopedia HTTP/2 Frequently Asked Questions Chromium Blog: Hello HTTP/2, Goodbye SPDY HTTP/2: A Fast, Secure Bedrock for the Future of SEO - Moz The Shift from SPDY to HTTP/2 Performance Calendar » HTTP 2.0 is coming, be ready Architecting Websites For The HTTP/2 Era A Simple Performance Comparison of HTTPS, SPDY and HTTP/2 Added IUS Community Repo and Python 2.7 & Python 3.4 Added Python 2.7 and 3.4 support via addon installers via IUS Community YUM Repo. Wordpress Auto Installer without WP-CLI To work wround WP-CLI incompatibilities with PHP 7 and centmin.sh menu option 22. Full details here. MariaDB 10.0 to 10.1 Upgrade Routine Details here.
Indeed although I have fallen behind in latest h2o and OpenLiteSpeed developments from when I did the benchmarks at SSL - HTTP/2 - h2o vs OpenLiteSpeed vs Nginx SPDY/3.1 | Centmin Mod Community so will need time to catch up on that for a proper compare to Nginx HTTP/2
Updated 123.09beta01 with custom curl 7.44 rpms option cURL - Changes Both addon/customcurl.sh and centmin.sh has been updated. Details of what this custom curl rpm is for and questions can be asked at Beta Branch - Centmin Mod .08 beta 03 addon - curl 7.43 custom rpms | Centmin Mod Community
Updated first post with 123.09beta01 one line curl install command. Test away - just note with Nginx HTTP/2 patch applied by default, ngx_pagespeed maybe broken for now. Code (Text): curl -sL http://centminmod.com/betainstaller.sh | bash You can disable Nginx HTTP/2 patch by editing centmin.sh option and change from Code (Text): NGINX_HTTP2=y to Code (Text): NGINX_HTTP2=n then run centmin.sh menu option 4 to recompile Nginx 1.9.3+. However, the whole point of beta testing is to test new features
heads up version 2 of the Nginx HTTP/2 patch was released Index of /patches/http2/ Code (Text): 2015-08-14 Version 2 (NGINX 1.9.3) - Introduced NPN support for HTTP/2 negotiation (this reduces OpenSSL version requirement to 1.0.1+); - Various fixes in the prioritization mechanism; - Fixed missing "Location" response header in some configurations; - Fixed processing of the ":authority" pseudo-header (the HTTP/2 analog of the "Host" header). 2015-08-05 Version 1 (NGINX 1.9.3) The first public alpha release. centmin mod 123.09beta01 has been updated to ensure latest Nginx patch is applied each time you run Nginx upgrade/recompile via centmin.sh menu option 4 update inc/nginx_upgrade.inc ensure latest HTTP/2 patch applied · centminmod/centminmod@26a6138 · GitHub Nginx HTTP/2 version 2 patch fixed my Nginx HTTP/2 + ngx_pagespeed issues ! Working now Code (Text): nghttp -nas https://centminmod.com:443 ***** Statistics ***** Request timing: responseEnd: the time when last byte of response was received relative to connectEnd requestStart: the time just before first byte of request was sent relative to connectEnd. If '*' is shown, this was pushed by server. process: responseEnd - requestStart code: HTTP status code size: number of bytes received as response body without inflation. URI: request URI see http://www.w3.org/TR/resource-timing/#processing-model sorted by 'complete' id responseEnd requestStart process code size request path 13 +80.22ms +532us 79.69ms 200 29K / 15 +91.08ms +66.98ms 24.10ms 200 9K /img/favicon.ico 17 +125.17ms +66.99ms 58.18ms 200 60K /css/A.localfonts.css+font-awesome.min.css+bootstrap.min.css+hover-dropdown-menu.css+icons-set8.css+animate.min.css+style.css+responsive.css+color.css,Mcc.FHj-r4A0cI.css.pagespeed.cf.YOn5Xvomna.css 21 +141.41ms +66.99ms 74.42ms 200 7K /js/hover-dropdown-menu.js+jquery.hover-dropdown-menu-addon.js+jquery.easing.1.3.js.pagespeed.jc.vy5S6wKQse.js 25 +156.83ms +67.03ms 89.81ms 200 6K /js/custom.js.pagespeed.jm.q-StvNlmtR.js 19 +157.11ms +66.99ms 90.11ms 200 38K /js/jquery.min.js+bootstrap.min.js.pagespeed.jc.Cd39AMnoIp.js 23 +157.12ms +67.02ms 90.09ms 200 24K /js/bootstrapValidator.min.js.pagespeed.jm.YU3KUlvaHb.js
August 17th Git commits for 123.09beta01 add IUS Community YUM repo support (repo backed by folks at Rackspace) to provide a cleaner Python 2.7 and Python 3.4 side by side install with system Python 2.6 (CentOS 6) and Python 2.7 (CentOS 7). Updates add 2 new addons and update one existing addon. 123.09beta01 addons listing on github /addons/python27_install.sh updated /addons/python34_install.sh added /addons/ius-repo.sh added With addons/ius-repo.sh ran you will install IUS Community YUM repo so can manually install Python 2.7 and/or 3.4 via commands For Python 2.7 if on CentOS 6. CentOS 7 already uses Python 2.7 so not needed Code (Text): yum -y install python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv --enablerepo=ius Code (Text): # rpm -ql python27 python27-pip python27-virtualenv | grep bin # /usr/bin/pydoc27 # /usr/bin/python2.7 # /usr/bin/pip2.7 # /usr/bin/virtualenv-2.7 For Python 3.4 on either CentOS 6 or CentOS 7 Code (Text): yum -y install python34u python34u-devel python34u-pip python34u-setuptools python34u-tools --enablerepo=ius Code (Text): # rpm -ql python34u python34u-pip | grep bin # /usr/bin/pydoc3 # /usr/bin/pydoc3.4 # /usr/bin/python3 # /usr/bin/python3.4 # /usr/bin/python3.4m # /usr/bin/pyvenv # /usr/bin/pyvenv-3.4 # /usr/bin/pip3 # /usr/bin/pip3.4 Code (Text): python --version Python 2.6.6 python2.7 --version Python 2.7.10 python3.4 --version Python 3.4.3 Full python 3.* versions and packages available in IUS Community repo on CentOS 6.7 Code (Text): yum list python3* --enablerepo=ius --disableplugin=priorities -q Available Packages python32.x86_64 3.2.6-1.ius.centos6 ius python32-debug.x86_64 3.2.6-1.ius.centos6 ius python32-debuginfo.x86_64 3.2.6-1.ius.centos6 ius python32-devel.x86_64 3.2.6-1.ius.centos6 ius python32-hiredis.x86_64 0.2.0-1.ius.centos6 ius python32-hiredis-debuginfo.x86_64 0.2.0-1.ius.centos6 ius python32-libs.x86_64 3.2.6-1.ius.centos6 ius python32-lxml.x86_64 3.4.4-1.ius.centos6 ius python32-lxml-debuginfo.x86_64 3.4.4-1.ius.centos6 ius python32-mod_wsgi.x86_64 4.4.13-1.ius.centos6 ius python32-mod_wsgi-debuginfo.x86_64 4.4.13-1.ius.centos6 ius python32-postgresql.x86_64 1.1.0-2.ius.centos6 ius python32-postgresql-debuginfo.x86_64 1.1.0-2.ius.centos6 ius python32-redis.noarch 2.10.3-1.ius.centos6 ius python32-setuptools.noarch 18.0.1-1.ius.centos6 ius python32-test.x86_64 3.2.6-1.ius.centos6 ius python32-tkinter.x86_64 3.2.6-1.ius.centos6 ius python32-tools.x86_64 3.2.6-1.ius.centos6 ius python33.x86_64 3.3.6-1.ius.centos6 ius python33-debug.x86_64 3.3.6-1.ius.centos6 ius python33-debuginfo.x86_64 3.3.6-1.ius.centos6 ius python33-devel.x86_64 3.3.6-1.ius.centos6 ius python33-hiredis.x86_64 0.2.0-1.ius.centos6 ius python33-hiredis-debuginfo.x86_64 0.2.0-1.ius.centos6 ius python33-libs.x86_64 3.3.6-1.ius.centos6 ius python33-lxml.x86_64 3.4.4-1.ius.centos6 ius python33-lxml-debuginfo.x86_64 3.4.4-1.ius.centos6 ius python33-mod_wsgi.x86_64 4.4.13-1.ius.centos6 ius python33-mod_wsgi-debuginfo.x86_64 4.4.13-1.ius.centos6 ius python33-postgresql.x86_64 1.1.0-1.ius.centos6 ius python33-postgresql-debuginfo.x86_64 1.1.0-1.ius.centos6 ius python33-redis.noarch 2.10.3-1.ius.centos6 ius python33-setuptools.noarch 18.0.1-1.ius.centos6 ius python33-test.x86_64 3.3.6-1.ius.centos6 ius python33-tkinter.x86_64 3.3.6-1.ius.centos6 ius python33-tools.x86_64 3.3.6-1.ius.centos6 ius python34u.x86_64 3.4.3-2.ius.centos6 ius python34u-debug.x86_64 3.4.3-2.ius.centos6 ius python34u-debuginfo.x86_64 3.4.3-2.ius.centos6 ius python34u-devel.x86_64 3.4.3-2.ius.centos6 ius python34u-libs.x86_64 3.4.3-2.ius.centos6 ius python34u-pip.noarch 7.1.0-1.ius.centos6 ius python34u-redis.noarch 2.10.3-1.ius.centos6 ius python34u-setuptools.noarch 18.0.1-1.ius.centos6 ius python34u-test.x86_64 3.4.3-2.ius.centos6 ius python34u-tkinter.x86_64 3.4.3-2.ius.centos6 ius python34u-tools.x86_64 3.4.3-2.ius.centos6 ius python34u-wheel.noarch 0.24.0-1.ius.centos6 ius Technically, Centmin Mod .08 stable users can also use these updated and newly added Centmin Mod addon scripts by just manually grabbing them from 123.09beta01 repo too at centminmod/addons at 123.09beta01 · centminmod/centminmod · GitHub Once 123.09 goes stable, these addons will also feature on official site page at Centmin Mod Addons - CentminMod.com LEMP Nginx web stack for CentOS edit: decided to backport updated python27_install.sh to .08 stable too as it's a better method for install and would lead to less issues when you upgrade to .09 stable in future.
Added standalone tools/nvwp.sh cmd line Nginx vhost + Wordpress setup installer to work around WP-CLI incompatibilities with PHP 7 and centmin.sh menu option 22. The tools/nvwp.sh I wrote is a modified version of /tools/nv.sh (/usr/bin/nv) command line too for Centmin Mod Nginx vhost auto setup and added Wordpress database and latest download + Nginx wordpress vhost config routines to it without WP-CLI. This tool has been added to 123.09beta01 branch at tools/nvwp.sh - you can download standalone file here. What this means is I can't install Wordpress plugins like Super Cache automatically but I can get Wordpress mysql database, user and nginx vhost setup first. Then all you need is to visit the site in web browser to complete the Wordpress install. Actual command to setup Nginx vhost for newdomain3.com with self signed SSL enabled and pure-ftpd virtual ftp username = ftpusr003 Code (Text): ./nvwp.sh -d newdomain3.com -s y -u ftpusr003 Code (Text): ./nvwp.sh -d newdomain3.com -s y -u ftpusr003 --------------------------------------------------------------- Nginx Vhost Setup... --------------------------------------------------------------- FTP password auto generated: Rm8L4TD9L4MHQPci44Wgq Password: Enter it again: /usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/newdomain3.com/htpasswd_wplogin uy+8zcGN+P+HmYx25586 p37LChHl97FKvc4PW8Yxy25586 /home/nginx/domains/newdomain3.com/htpasswd_wplogin contents: uy+8zcGN+P+HmYx25586:$apr1$4RmP4Syb$dAoWAbzxQoodTlQVI4bS61 --------------------------------------------------------------- SSL Vhost Setup... --------------------------------------------------------------- --------------------------------------------------------------- Generating self signed SSL certificate... Generating a 2048 bit RSA private key .....+++ .............................................................................+++ writing new private key to 'newdomain3.com.key' ----- Signature ok subject=/C=US/ST=California/L=Los Angeles/O=newdomain3.com/CN=newdomain3.com Getting Private key --------------------------------------------------------------- Generating dhparam.pem file - can take a few minutes... Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time ..++*++* dhparam file generation time: 124.833351005 --------------------------------------------------------------- Setup Wordpress + Super Cache (vhost only disabled by default) for newdomain3.com --------------------------------------------------------------- 2015-08-20 13:27:09 URL:https://wordpress.org/latest.zip [7088086/7088086] -> "latest.zip" [1] Archive: latest.zip creating: wordpress/ ------------------------------------------------------------ Created uninstall script /root/tools/wp_uninstall_newdomain3.com.sh ------------------------------------------------------------ Code (Text): ------------------------------------------------------------- nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful Stopping nginx: [ OK ] Starting nginx: [ OK ] service pure-ftpd restart ------------------------------------------------------------- FTP hostname : IPADDRESS FTP port : 21 FTP mode : FTP (explicit SSL) FTP Passive (PASV) : ensure is checked/enabled FTP username created for newdomain3.com : ftpusr003 FTP password created for newdomain3.com : Rm8L4TD9L4MHQPci44Wgq ------------------------------------------------------------- vhost for newdomain3.com created successfully domain: http://newdomain3.com vhost conf file for newdomain3.com created: /usr/local/nginx/conf/conf.d/newdomain3.com.conf vhost ssl for newdomain3.com created successfully domain: https://newdomain3.com vhost ssl conf file for newdomain3.com created: /usr/local/nginx/conf/conf.d/newdomain3.com.ssl.conf /usr/local/nginx/conf/ssl_include.conf created Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.crt SSL Private Key: /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.key SSL CSR File: /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.csr upload files to /home/nginx/domains/newdomain3.com/public vhost log files directory is /home/nginx/domains/newdomain3.com/log ------------------------------------------------------------ SSH commands to uninstall created Wordpress install and Nginx vhost: /root/tools/wp_uninstall_newdomain3.com.sh ------------------------------------------------------------ Code (Text): Wordpress domain: newdomain3.com Wordpress DB Name: wp18251db_4151 Wordpress DB User: wpdb4151u7535 Wordpress DB Pass: wpdbZPkuXZ9yK5dSp8745 Wordpress wp-login.php password protection info: wp-login.php protection file /home/nginx/domains/newdomain3.com/htpasswd_wplogin wp-login.php protection Username: uy+8zcGN+P+HmYx25586 wp-login.php protection Password: p37LChHl97FKvc4PW8Yxy25586 http://uy+8zcGN+P+HmYx25586:p37LChHl97FKvc4PW8Yxy25586@newdomain3.com/wp-login.php Resetting wp-login.php protection: Step 1. remove protection file at /home/nginx/domains/newdomain3.com/htpasswd_wplogin rm -rf /home/nginx/domains/newdomain3.com/htpasswd_wplogin Step 2. run command: /usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/newdomain3.com/htpasswd_wplogin YOURUSERNAME YOURPASSWORD Step 3. restart Nginx + PHP-FPM services nprestart ------------------------------------------------------------- Current vhost listing at: /usr/local/nginx/conf/conf.d/ Aug 16 23:42 845 ssl.conf Aug 16 23:42 1.1K demodomain.com.conf Aug 16 23:48 1.6K virtual.conf Aug 20 13:12 2.1K newdomain.com.conf Aug 20 13:12 3.8K newdomain.com.ssl.conf Aug 20 13:15 3.8K newdomain2.com.ssl.conf Aug 20 13:18 2.1K newdomain2.com.conf Aug 20 13:27 2.1K newdomain3.com.conf Aug 20 13:27 3.8K newdomain3.com.ssl.conf ------------------------------------------------------------- Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain3.com Aug 20 13:24 1.7K newdomain3.com.key Aug 20 13:24 1009 newdomain3.com.csr Aug 20 13:24 1.2K newdomain3.com.crt Aug 20 13:27 424 dhparam.pem Then visit newdomain3.com in web browser and manually install Wordpress /home/nginx/domains/newdomain3.com/public/wp-config.php contents look okay too Code (Text): <?php /** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the * installation. You don't have to use the web site, you can * copy this file to "wp-config.php" and fill in the values. * * This file contains the following configurations: * * * MySQL settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://codex.wordpress.org/Editing_wp-config.php * * @package WordPress */ // ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'wp18251db_4151'); /** MySQL database username */ define('DB_USER', 'wpdb4151u7535'); /** MySQL database password */ define('DB_PASSWORD', 'wpdbZPkuXZ9yK5dSp8745'); /** MySQL hostname */ define('DB_HOST', 'localhost'); /** Database Charset to use in creating database tables. */ define('DB_CHARSET', 'utf8'); /** The Database Collate type. Don't change this if in doubt. */ define('DB_COLLATE', ''); /**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', '61tiA+E5-Y>*B~:RyLI.vx:)]WB>[E^:Ms=aa,:[@C>Q>f{7e(:sx,=5DD.8k:`U'); define('SECURE_AUTH_KEY', 'L{[ A_cJhKpA0Od3X1TORjLjFr5l^S5A@nfmCj<3]bXWG5{~ oy{fz>^8L{2-&T/'); define('LOGGED_IN_KEY', '6^K.G&)=oc{=Z]?Gk1/^|6XY#P#MMh.O)w&W/yX^jvAgk^c20BIBOwdxQm)o!_e3'); define('NONCE_KEY', 'UQV]mm6fJSpYxPkIZ@k8MM@Ld|GIv( Wk9JWeNORBQV4LeGS P[aA;JzBMe*3;Hr'); define('AUTH_SALT', 'O?0K:Sq.[Dp10n03Q,1E3Ej_Ai?5Ls&0?=EQ9b].*:0,<d5@7p*s(-|c3ht==`ZI'); define('SECURE_AUTH_SALT', 'ZelS:k{Wtrc.>;prin :aOn{3B-V!}xbP};k(#)@?PStr_=~uT;iyu~j36|c6hxB'); define('LOGGED_IN_SALT', 'sXyQDe6XE4}V0fJ1FRVcD.)f>HBad.!I8vpK:SL}5k,!OptMwTlf)alm1DOP;+dH'); define('NONCE_SALT', '`blh=BbTRs7)=e&/,<0#KMxg2Et=0<DuyHjJ[;Ws20uzyiK/)aEtAPpQzGK jwF'); /**#@-*/ /** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = '3261_'; /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the Codex. * * @link https://codex.wordpress.org/Debugging_in_WordPress */ define('WP_DEBUG', false); /* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php'); Ran this on 123.09beta01 build so Nginx is patched for HTTP/2 so when you visit the self-signed SSL name you see And since Nginx is compiled against LibreSSL native chacha20_poly1305 cipher support out of the box Nginx vhost auto generated for newdomain3.com is also setup for rate limiting like centmin.sh menu option 22 /usr/local/nginx/conf/conf.d/newdomain3.com.conf Code (Text): # Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarted.html # redirect from non-www to www # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 #server { # listen 80; # server_name newdomain3.com; # return 301 $scheme://www.newdomain3.com$request_uri; # } server { server_name newdomain3.com www.newdomain3.com; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/newdomain3.com/log/access.log combined buffer=256k flush=60m; error_log /home/nginx/domains/newdomain3.com/log/error.log; root /home/nginx/domains/newdomain3.com/public; # prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } include /usr/local/nginx/conf/wpsupercache_newdomain3.com.conf; location / { # Enables directory listings when index file not found #autoindex on; # for wordpress super cache plugin #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; # Wordpress Permalinks try_files $uri $uri/ /index.php?q=$uri&$args; } location ~* /(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; #limit_conn xwpconlimit 30; auth_basic "Private"; auth_basic_user_file /home/nginx/domains/newdomain3.com/htpasswd_wplogin; include /usr/local/nginx/conf/php-wpsc.conf; } location ~* /(xmlrpc\.php) { limit_req zone=xwplogin burst=2 nodelay; #limit_conn xwpconlimit 30; include /usr/local/nginx/conf/php-wpsc.conf; } include /usr/local/nginx/conf/wpsecure_newdomain3.com.conf; include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; } and ssl version /usr/local/nginx/conf/conf.d/newdomain3.com.ssl.conf with Nginx HTTP/2 support Code (Text): # Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarted.html # For SPDY SSL Setup # read http://centminmod.com/nginx_configure_https_ssl_spdy.html # redirect from www to non-www forced SSL # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 # server { # server_name newdomain3.com www.newdomain3.com; # return 302 https://$server_name$request_uri; # } server { listen 443 ssl http2; server_name newdomain3.com www.newdomain3.com; ssl_dhparam /usr/local/nginx/conf/ssl/newdomain3.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.key; include /usr/local/nginx/conf/ssl_include.conf; # mozilla recommended ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA; ssl_prefer_server_ciphers on; add_header Alternate-Protocol 443:npn-spdy/3; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header X-Content-Type-Options "nosniff"; #add_header X-Frame-Options DENY; #spdy_headers_comp 5; ssl_buffer_size 1400; ssl_session_tickets on; # enable ocsp stapling #resolver 8.8.8.8 8.8.4.4 valid=10m; #resolver_timeout 10s; #ssl_stapling on; #ssl_stapling_verify on; #ssl_trusted_certificate /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/newdomain3.com/log/access.log combined buffer=256k flush=60m; error_log /home/nginx/domains/newdomain3.com/log/error.log; root /home/nginx/domains/newdomain3.com/public; # prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } include /usr/local/nginx/conf/wpsupercache_newdomain3.com.conf; location / { # Enables directory listings when index file not found #autoindex on; # for wordpress super cache plugin #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; # Wordpress Permalinks try_files $uri $uri/ /index.php?q=$uri&$args; } location ~* /(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; #limit_conn xwpconlimit 30; auth_basic "Private"; auth_basic_user_file /home/nginx/domains/newdomain3.com/htpasswd_wplogin; include /usr/local/nginx/conf/php-wpsc.conf; } location ~* /(xmlrpc\.php) { limit_req zone=xwplogin burst=2 nodelay; #limit_conn xwpconlimit 30; include /usr/local/nginx/conf/php-wpsc.conf; } include /usr/local/nginx/conf/wpsecure_newdomain3.com.conf; include /usr/local/nginx/conf/php-wpsc.conf; include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; } FYI, this installer also auto disables WP_CRON and sets up a system cronjob for better performance custom wp-config.php settings Code (Text): /** Enable core updates for minor releases (default) **/ define('DISABLE_WP_CRON', true); define('WP_AUTO_UPDATE_CORE', 'minor' ); define('WP_POST_REVISIONS', 10 ); define('EMPTY_TRASH_DAYS', 10 ); define('WP_CRON_LOCK_TIMEOUT', 60 ); cronjob Code (Text): crontab -l */15 * * * * sleep 268s ; wget -O - -q -t 1 http://newdomain3.com/wp-cron.php?doing_wp_cron=1 > /dev/null 2>&1
For 123.09beta01 PHP default version I am thinking of bumping defaults to either PHP 5.5.28 or PHP 5.6.12 as PHP 5.4 active support ends in ~22 days on September 14, 2015 PHP: Supported Versions What do you guys think ?
Playing with the initial SSH log in motd banner - seeing if I can get some useful info printed including whether or not there are updated versions for Nginx, PHP-FPM etc first draft Code (Text): ################################################################ # This message was setup by Centmin Mod # * Getting Started Guide - http://centminmod.com/getstarted.html # * Latest Centmin Mod version - http://centminmod.com # * Centmin Mod FAQ - http://centminmod.com/faq.html # * Change Log - http://centminmod.com/changelog.html # * Google+ Page latest news http://centminmod.com/gpage # * Google+ Community Forum http://centminmod.com/gcom # * Centmin Mod Twitter https://twitter.com/centminmod ############################################################### # Cheap VPS Hosting at Digitalocean # https://www.digitalocean.com/?refcode=c1cb367108e8 ############################################################### # recommend to keep the above lines and remove and # add your own messages below this point ############################################################### # To edit this message, # 1). edit /etc/motd # 2). edit inc/motd.inc and set to no ENABLEMOTD='n' ############################################################### ############################################################## Centmin Mod: 1.2.3-eva2000.09 Hostname: centminmod.com OS: CentOS release 6.7 (Final) Kernel: 2.6.32-042stab093.5 Uptime: 11 day(s) 22:57:7 Nginx: nginx/1.9.3 [latest: 1.9.4] PHP-FPM: PHP 7.0.0RC1 [latest: check php.net] MariaDB MySQL: 10.0.21-MariaDB CSF Firewall: csf: v8.04 ############################################################## latest revision Code (Text): --------------------------------------------------------------- Centmin Mod: 1.2.3-eva2000.09 Hostname: centminmod.com OS: CentOS release 6.7 (Final) Type: openvz Kernel: 2.6.32-042stab093.5 Uptime: 12 day(s) 5:11:2 --------------------------------------------------------------- Nginx: nginx/1.9.3 [latest: 1.9.4] PHP-FPM: PHP 7.0.0RC1 [latest: check php.net] MariaDB MySQL: 10.0.21 CSF Firewall: csf: v8.04 LibreSSL: 2.2.2 [latest: check libressl.org] --------------------------------------------------------------- Folks can help test the script motd.sh out first without any actual install on your server by running this command and sharing the output you get in CODE tags. Testing help ensures output is as expected across different server platforms and VPS virtualisation methods Code (Text): curl -sL https://gist.github.com/centminmod/a0caad0bea9b8d39126d/raw/motd.sh | bash
Updating 1st post with additional curl one liner 123.09beta01 unattended installs methods which default to PHP 5.5.28 and PHP 5.6.12 default respectively. Code (Text): curl -sL http://centminmod.com/betainstaller55.sh | bash or Code (Text): curl -sL http://centminmod.com/betainstaller56.sh | bash
Working on updating centmin.sh menu option 2 and /usr/bin/nv and tools/nvwp.sh routines for Nginx vhost auto generation to add to SSL generation part, HTTP Public Key Pinning and auto generation of the 2nd CSR + Private key pair for back pin setup and the base64 encoded hashes themselves are saved to hpkp-info-primary-pin.txt and hpkp-info-secondary-pin.txt files in your auto created SSL directory at /usr/local/nginx/conf/ssl/yourdomain.com. You will need to add the header manually if you want to use HTTP Public Key Pinning but all the work is done for you on output actually i'll add it to your Nginx SSL vhost file /usr/local/nginx/conf/conf.d/newdomain5.com.ssl.conf as a commented out header option example from /usr/bin/nv method for creating Nginx vhost for newdomain5.com with SSL enabled and pure-ftpd virtual ftp user = fp02 Code (Text): /usr/bin/nv -d newdomain5.com -s y -u fp02 --------------------------------------------------------------- Nginx Vhost Setup... --------------------------------------------------------------- FTP password auto generated: BmpQimW4TCBxL8ie1o4aU Password: Enter it again: --------------------------------------------------------------- SSL Vhost Setup... --------------------------------------------------------------- Code (Text): --------------------------------------------------------------- Generating self signed SSL certificate... CSR file can also be used to be submitted for paid SSL certificates If using for paid SSL certificates be sure to keey both private key and CSR safe creating CSR File: newdomain5.com.csr creating private key: newdomain5.com.key creating self-signed SSL certificate: newdomain5.com.crt Generating a 2048 bit RSA private key ...........................................+++ .....+++ writing new private key to 'newdomain5.com.key' ----- Signature ok subject=/C=US/ST=California/L=Los Angeles/O=newdomain5.com/OU=IT/CN=newdomain5.com Getting Private key Code (Text): --------------------------------------------------------------- Generating backup CSR and private key for HTTP Public Key Pinning... creating CSR File: newdomain5.com-backup.csr creating private key: newdomain5.com-backup.key Generating a 2048 bit RSA private key ....................................................+++ .................+++ writing new private key to 'newdomain5.com-backup.key' ----- Code (Text): --------------------------------------------------------------- Extracting Base64 encoded information for primary and secondary private key's SPKI - Subject Public Key Information Primary private key - newdomain5.com.key Backup private key - newdomain5.com-backup.key For HPKP - HTTP Public Key Pinning hash generation... extracting SPKI Base64 encoded hash for primary private key = newdomain5.com.key ... writing RSA key OxuWh/qkrx2pCAD61nuI9foOs6E9UBazP/0JT3VDHhE= extracting SPKI Base64 encoded hash for backup private key = newdomain5.com-backup.key ... writing RSA key xcxXIdzzosEITfDxVugOWOyubt48ZfJ6+3i9MJy97tU= HTTP Public Key Pinning Header for Nginx for 7 days max-age including subdomains add_header Public-Key-Pins 'pin-sha256="OxuWh/qkrx2pCAD61nuI9foOs6E9UBazP/0JT3VDHhE="; pin-sha256="xcxXIdzzosEITfDxVugOWOyubt48ZfJ6+3i9MJy97tU="; max-age=604800; includeSubDomains'; for 7 days max-age excluding subdomains add_header Public-Key-Pins 'pin-sha256="OxuWh/qkrx2pCAD61nuI9foOs6E9UBazP/0JT3VDHhE="; pin-sha256="xcxXIdzzosEITfDxVugOWOyubt48ZfJ6+3i9MJy97tU="; max-age=604800'; Code (Text): --------------------------------------------------------------- Generating dhparam.pem file - can take a few minutes... Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .............................................................................................................................+.............................................................................+..................+..............................................................................................+....................+....+...............................................+....................................+...................................++*++* dhparam file generation time: 29.307974817 ------------------------------------------------------------- nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful Stopping nginx: [ OK ] Starting nginx: [ OK ] service pure-ftpd restart Code (Text): ------------------------------------------------------------- FTP hostname : IPADDRESS FTP port : 21 FTP mode : FTP (explicit SSL) FTP Passive (PASV) : ensure is checked/enabled FTP username created for newdomain5.com : fp02 FTP password created for newdomain5.com : BmpQimW4TCBxL8ie1o4aU ------------------------------------------------------------- vhost for newdomain5.com created successfully domain: http://newdomain5.com vhost conf file for newdomain5.com created: /usr/local/nginx/conf/conf.d/newdomain5.com.conf vhost ssl for newdomain5.com created successfully domain: https://newdomain5.com vhost ssl conf file for newdomain5.com created: /usr/local/nginx/conf/conf.d/newdomain5.com.ssl.conf /usr/local/nginx/conf/ssl_include.conf created Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.crt SSL Private Key: /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.key SSL CSR File: /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.csr upload files to /home/nginx/domains/newdomain5.com/public vhost log files directory is /home/nginx/domains/newdomain5.com/log Code (Text): ------------------------------------------------------------- Current vhost listing at: /usr/local/nginx/conf/conf.d/ Aug 10 20:26 845 ssl.conf Aug 10 20:26 1.1K demodomain.com.conf Aug 10 20:29 1.6K virtual.conf Aug 19 16:13 1.6K domain1.com.conf Aug 19 16:13 3.2K domain1.com.ssl.conf Aug 25 02:59 1.6K newdomain4.com.conf Aug 25 02:59 3.3K newdomain4.com.ssl.conf Aug 25 03:09 3.3K newdomain5.com.ssl.conf Aug 25 03:09 1.6K newdomain5.com.conf Code (Text): ------------------------------------------------------------- Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain5.com Aug 25 03:08 1.7K newdomain5.com.key Aug 25 03:08 1.1K newdomain5.com.csr Aug 25 03:08 1.3K newdomain5.com.crt Aug 25 03:08 1.7K newdomain5.com-backup.key Aug 25 03:08 1.1K newdomain5.com-backup.csr Aug 25 03:08 45 hpkp-info-primary-pin.txt Aug 25 03:08 45 hpkp-info-secondary-pin.txt Aug 25 03:09 424 dhparam.pem Code (Text): ------------------------------------------------------------- Commands to remove newdomain5.com rm -rf /usr/local/nginx/conf/conf.d/newdomain5.com.conf rm -rf /usr/local/nginx/conf/conf.d/newdomain5.com.ssl.conf rm -rf /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.crt rm -rf /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.key rm -rf /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.csr rm -rf /home/nginx/domains/newdomain5.com service nginx restart ------------------------------------------------------------- Still testing before I commit updates to 123.09beta01 commited changes update Nginx vhost autogen to support HTTP Public Key Pinning for SSL · centminmod/centminmod@332b41f · GitHub Best part is the HPKP generated hash pins are derived from the primary and secondary backup private key's SPKI - Subject Public Key Information fields so if you use the primary and or secondary backup CSR and private key pairs for even paid SSL certificates - i.e. submitting the CSR file like /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.csr. The HPKP pins and headers that are auto generated are also valid and usable for paid SSL certificates Only item to be aware of with HPKP auto generation is when you renew or change your SSL certificates to using a different CSR file and private key, you need to regenerate new hashed pins manually. However, if you renewal by using same CSR file and private that is auto generated, then hashed pins should be still valid.
Updated default LibreSSL Version Updated both Centmin Mod 1.2.3-eva2000.08 stable and 1.2.3-eva2000.09 beta01 to default to LibreSSL 2.2.3 for fresh installs. For existing installs you need to update to LibreSSL 2.2.3 as outlined here LibreSSL 2.2.3 Released for Centmin Mod Nginx | Centmin Mod Community
Update SSL Vhost Generation Routines Updated the SSL vhost generation routines with this commit update inc/wpsetup.inc add SSL vhost setup & ssl cert variables · centminmod/centminmod@870e19b · GitHub updated inc/wpsetup.inc to allow self signed SSL certificate generated vhost like centmin.sh menu option 2 updated all vhost self signed SSL certificate routines in inc/nginx_addvhost, tools/nvwp.sh, tools/nv.sh to be able to use preset centmin.sh variables for SSL certificates Country 2 digit code, State, Location (city), Organization and Organizational Unit fields. All are editable via centmin.sh set variables Code (Text): ############################################################### # Settings for centmin.sh menu option 2 and option 22 for # the details of the self-signed SSL certificate that is auto # generated. The default values where vhostname variable is # auto added based on what you input for your site name # # -subj "/C=US/ST=California/L=Los Angeles/O=${vhostname}/OU=${vhostname}/CN=${vhostname}" # # You can only customise the first 5 variables for # C = Country 2 digit code # ST = state # L = Location as in city # 0 = organisation # OU = organisational unit # # if left blank # defaults to same as vhostname that is your domain # if set it overrides that SELFSIGNEDSSL_C='US' SELFSIGNEDSSL_ST='California' SELFSIGNEDSSL_L='Los Angeles' SELFSIGNEDSSL_O='' SELFSIGNEDSSL_OU='' ###############################################################
With me working on extending motd message on first log into SSH, I was thinking about maybe also checking if a user's Centmin Mod install at /usr/local/src/centminmod has been setup for Git environment updates and then auto updating the Centmin Mod code at the same time as your first SSH login. This will update the Centmin Mod installed code at a more timely moment as the user logging into SSH is more likely to be using centmin.sh than leaving it up to a cronjob to schedule updating. Not sure how folks would feel about such a way of updating Centmin Mod code install at /usr/local/src/centminmod ?
I would like to do it manually when I need to work some centmin task. But an automatic option is nice to have.
Yeah for me I personally do manual updates via centmin.sh menu option 23 submenu option 2 or have cronjob setup to do auto updates depending on the site. For instance centminmod.com cluster of VPS servers is auto updated via the cronjob outlined here.
