Upgrade PHP-FPM Beta Branch Centmin Mod .09 beta branch Testing

This thread is dedicated to testing Centmin Mod 1.2.3-eva2000.09 betas. Starting with Github branch 123.09beta01. You can get a feel of what development and effort gets put into betas by checking out previous .08 beta thread. Testing, feedback and suggestions by users will make Centmin Mod next release even better

• 123.09beta01 branch = centminmod/centminmod at 123.09beta01 · GitHub
• 123.09beta01 commit history = Commits · centminmod/centminmod · GitHub
• 123.08stable vs 123.09beta01 commit comparison history

How to install 123.09beta01 Initially

If you are not an existing 123.08stable user or want to start off with 123.09beta01. The quick one liner curl install method is best. Everything is the same as method 3 outlined here just using betainstaller.sh instead of installer.sh or betainstaller55.sh or betainstaller56.sh. You'd still want to bookmark and read and re-read the Getting Started Guide for updates and useful info and tips to get you on your way using Centmin Mod LEMP stack..

Defaults to PHP 5.6.x branch

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh

Add php 7.3+ default installer

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller73.sh && chmod 0700 betainstaller73.sh && bash betainstaller73.sh

Add php 7.2+ default installer

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller72.sh && chmod 0700 betainstaller72.sh && bash betainstaller72.sh

Add php 7.1+ default installer

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller71.sh && chmod 0700 betainstaller71.sh && bash betainstaller71.sh

---

Add php 7.0+ default installer

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller7.sh && chmod 0700 betainstaller7.sh && bash betainstaller7.sh

Add installer-latest.sh for 123.09beta01, allows default PHP 7.2+ or newer + Zend Opcache + MariaDB 10.3 + ngx_pagespeed + PHP 7 PGO enabled all out of box defaults for fresh 123.09beta01 and higher installs. As well newly added options outlined here.

Can be installed via one liner install method

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller-latest.sh && chmod 0700 betainstaller-latest.sh && bash betainstaller-latest.sh

Added installer-minimal.sh option for 123.09beta01 with a preset persist config file /etc/centminmod/custom_config.inc already populated reducing number of Nginx modules to minimal amount

Code (Text):

yum -y update; curl -O https://centminmod.com/betainstaller-minimal.sh && chmod 0700 betainstaller-minimal.sh && bash betainstaller-minimal.sh

How to switch to 123.09beta01 branch ?

If you're using Centmin Mod 1.2.3-eva2000.08 stable release (123.08stable branch) and have setup git environment via centmin.sh menu option 23 submenu 1. Then switching from 123.08stable branch to 123.09beta01 branch is easy via centmin.sh menu option 23 submenu option 3 (you can switch between 123.09beta01 back to 123.08 stable via same submenu option 3 too).

launch centmin.sh via cmd shortcut = centmin or via command in SSH below or check out dedicated menu page and youtube video on how to invoke centmin.sh.

Code (Text):

cd  /usr/local/src/centminmod
./centmin.sh

If you already have centmin.sh option 23 submenu option 1 setup for git environment, go straight to centmin.sh option 23 submenu option 3. If you have yet to run centmin.sh option 23 submenu option 1, follow guide at centminmod.com/upgrade.html.

Code (Text):

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 23
--------------------------------------------------------

centmin.sh option 23 submenu option 3 will list out all available remote branches on github in date descending order with most recently updated remote branch at top and prompt you to enter the branchname you want to switch to which in this case is 123.09beta01

Code (Text):

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu          
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Exit
--------------------------------------------------------
Enter option [ 1 - 4 ] 3
--------------------------------------------------------

fetching latest branch list...

Update Centmin Mod to newer branch via git
You need to input the name of the branch
List of current remote branches by descending date order

123.09beta01
123.08stable

Enter the branch name you want to switch to i.e. 123.09beta01 : 123.09beta01

download github.com centmin mod 123.09beta01 branch repo
time git clone -b 123.09beta01 --depth=1 https://github.com/centminmod/centminmod.git centminmod
Cloning into 'centminmod'...

real    0m1.634s
user    0m0.280s
sys     0m0.136s

list all available local branches
        git branch -a
* 123.09beta01
  remotes/origin/123.09beta01

list git log last commit
        git log -a
commit 071704dc6e8548c184d55080eda4a00abbf9e9e8
Author: George Liu <snipped>
Date:   Mon May 29 11:19:36 2017 +1000

    update inc/updater_submenu.inc
 
    exclude some branches for change branch listing

to update centmin mod 123.09beta01 branch repo via git
        cd /usr/local/src/centminmod
        git stash
        git pull
        chmod +x centmin.sh

####################### IMPORTANT #######################
 To complete update
####################### IMPORTANT #######################
 run:

  cd /usr/local/src/centminmod

 before invoking centmin.sh again
####################### IMPORTANT #######################

Then hit submenu option 4 to go back to main menu on centmin.sh and then hit centmin.sh menu option 24 to exit. Then you need to change into the directory again for /usr/local/src/centminmod as it's a new directory under 123.09beta01 code

Code (Text):

cd  /usr/local/src/centminmod

type git log -2 to confirm that the last git commits listed are latest from official commit history at Commits · centminmod/centminmod · GitHub

How to update 123.09beta01 branch ?

As you have git environment setup, updating is as easy as using centmin.sh menu option 23 submenu option 2.

Code (Text):

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ] 2
--------------------------------------------------------

 

123.09beta01 changes to date

With 123.08stable release officially on July 31, 2015. I had already started making updates from August 1st, 2015 for 123.09beta01 branch as outlined at Commits · centminmod/centminmod · GitHub Some are minor fixes and speed improvements for initial install times.

• 123.08stable vs 123.09beta01 commit comparison history

123.09 beta01 Change Log

Centmin Mod 123.09 beta change log:

• Nginx ngx_pagespeed module integration is now disabled and removed by default for fresh installs. If you want to re-enable it, use persistent config file /etc/centminmod/custom_config.inc persistent config that you create or already created and add to the file, the option: NGINX_PAGESPEED=y. Then run centmin.sh menu option 4, to recompile latest nginx 1.9.x branch version. Then nginx will have added ngx_pagespeed. This change was due to the fact that ~45% of Centmin Mod users do not use ngx_pagespeed and over time ngx_pagespeed requires security updates. It's best to only have folks using ngx_pagespeed, enabling it themselves.
• Add /usr/bin/cmupdate command community.centminmod.com/posts/56555/
  
• Add optional Cloudflare Nginx HTTP/2 Full HPACK encoding support community.centminmod.com/posts/51082/
• Add Nginx / OpenSSL 1.1.1 TLS v1.3 support community.centminmod.com/posts/66524/
• Add BoringSSL TLS v1.3 Nginx Support community.centminmod.com/posts/66423/
• Add TCP Fast Open support community.centminmod.com/posts/47932/
• Add TCP MTU Black Hole Discovery support community.centminmod.com/posts/56354/
• Add sar_call function to log system stats for routines community.centminmod.com/posts/47246/
• Add FORCE_IPFOUR avariable support community.centminmod.com/threads/15197/
• Add DNF_ENABLE variable support to prepare for DNF packagement support for CentOS 7 OSes. Disabled by default community.centminmod.com/posts/47208/
• Add LOWMEM_INSTALL variable support community.centminmod.com/posts/46321/
• Add LOCALCENTMINMOD_MIRROR variable to support switching local mirror fallback hosts community.centminmod.com/posts/37467/
• Add optional zstd compression support for Nginx & PHP-FPM log rotation community.centminmod.com/posts/69838/
• Add Nginx OpenSSL 1.1.0 preliminary patch support community.centminmod.com/posts/34437/
• Add Nginx Zero Downtime Upgrade support community.centminmod.com/posts/33531/
• Add Cloudflare Zlib Peformance Library Support for Nginx and PHP-FPM
• Add NGINXCOMPILE_FORMATSEC variable community.centminmod.com/posts/56473/
  
• Add NGINX_MAXERRBYTELIMIT variable to adjust NGX_MAX_ERROR_STR hardcoded value community.centminmod.com/posts/45167/
• Add MariaDB 10.1 branch default community.centminmod.com/posts/26408/
• Add MariaDB 10.2 support preparation community.centminmod.com/posts/36985/
• Add MariaDB 10.3 upgrade & optional install support. Make it the new default version community.centminmod.com/threads/16968/
• Add MariaDB 10.4 upgrade support community.centminmod.com/threads/17793/
• Add Profile Guided Optimization support for PHP 7 installs boosting PHP performance community.centminmod.com/posts/37280/ & community.centminmod.com/posts/68858/
• Add PHP 7.0 GA Stable Support community.centminmod.com/posts/21356/
• Add PHP 7.1 Alpha/Beta/RC/Dev Support community.centminmod.com/posts/32180/
• Add PHP_HUGEPAGES variable support community.centminmod.com/posts/69763/
• Add Nginx SPDY + HTTP/2 Cloudflare patch support for Nginx 1.9.15+ / Nginx 1.11.1 community.centminmod.com/posts/32785/
• Add Nginx Dynamic TLS Record Size Support community.centminmod.com/posts/32114/
• Add Clang 4.0 binary detection support for Nginx on CentOS 7 only community.centminmod.com/posts/58195/
• Add Clang 5.0 binary detection support for Nginx on CentOS 7 only community.centminmod.com/posts/58195/
  
• Add Clang 6.0 binary detection support for Nginx on CentOS 7 only community.centminmod.com/posts/58195/
  
• Add GCC 8 binary detection support for Nginx on CentOS 7 only community.centminmod.com/posts/58195/
  
• Add OPENSSL_THREADS variable community.centminmod.com/posts/55228/
• Add VHOSTCTRL_CLOUDFLAREINC & VHOSTCTRL_AUTOPROTECTINC variables community.centminmod.com/posts/62782/
  
• Add NGX_GSPLITDWARF, PHP_GSPLITDWARF, NGXEXTRA_CCOPT & PHPEXTRA_CFLAGS variable support for Nginx/PHP compiles community.centminmod.com/posts/44073/
• Add NGX_LDGOLD & NGXEXTRA_LDOPT variable for Nginx compile community.centminmod.com/posts/44079/
• Add NGINX_DEVTOOLSETGCC variable for CentOS 7 devtoolset-4 GCC 5.3 support community.centminmod.com/posts/37439/
• Add GENERAL_DEVTOOLSETGCC variable support for devtoolset-4 GCC 5.3 usage in centmin.sh menu option 10 memcache/memached PHP extension routines and in future elsewhere community.centminmod.com/posts/37507/
• Add CRYPTO_DEVTOOLSETGCC variable support for devtoolset-4 GCC 5.3 usage in centmin.sh menu option 4 for LibreSSL / OpenSSL compiles for modern Intel processor optimised compilations community.centminmod.com/posts/43273/
• Add devtoolset-7 & llvm-toolset-7 support for GCC 7.2.1 & Clang 4.0.1 for CentOS 7.x systems via optional DEVTOOLSETSEVEN='y' & CLANG_FOUR='y' variables community.centminmod.com/posts/56087/
  
• Add Clang 5.0.1 support from updated llvm-toolset-7 community.centminmod.com/posts/65713/
• Add devtoolset-6 GCC 6.2 support via optional DEVTOOLSETSIX='y' variable you can enable as alternative to devtoolset-4 GCC 5.3 for Nginx and PHP compiles community.centminmod.com/posts/45232/. Updated devtoolset-7 as default
  
• Add custom log_format main_ext to support Nginx Amplify additional metrics out of the box community.centminmod.com/posts/33090/
  
• Add PHP geo location mirror mapping support for PHP source tarball community.centminmod.com/posts/24159/
• Add PHP tar.xz compressed file format download support for upto 45% smaller download size community.centminmod.com/posts/24163/
• Add Zend Opcache transparent huge pages support for PHP 7 only if CentOS 7 is detected and if Redis server is not installed community.centminmod.com/posts/21762/
• Add support for SECOND_IP variable in Nginx vhost generator routines community.centminmod.com/posts/22202/
• Add optional curl betainstaller56.sh and betainstaller-latest.sh support for out of box PHP 5.6.x default and PHP 5.6.x default + curl 7.49+ support respectively community.centminmod.com/posts/17623/
• Add optional curl betainstaller-minimal.sh support for minimal Nginx module install community.centminmod.com/posts/23889/
• Add tools/csf-advancetweaks.sh for more dynamic CSF Firewall IP deny limits and extending /etc/csf/csf.blocklists community.centminmod.com/posts/50058/
  
• Add tools/kernelcheck.sh for ssh login kernel update check notification & kernelcare support community.centminmod.com/posts/41091/
• Add tools/auditd.sh to install & configure Auditd and MariaDB Audit Plugins community.centminmod.com/posts/37680/
• Add tools/nano-syntax.sh to install and extend nano editor's syntax highlighting support community.centminmod.com/posts/38715/
• Add tools/regen_wpsecure.sh companion for centmin.sh menu option 22 community.centminmod.com/posts/36058/
  
• Add tools/autoprotect.sh for auto .htaccess to nginx deny all conversion community.centminmod.com/posts/30935/
• Add tools/checkdomains.sh for verifying and monitoring download's and repo's domain DNS community.centminmod.com/posts/53732/
• Add tools/resolv-setup.sh for /etc/resolv.conf configuration community.centminmod.com/posts/54218/
• Add tools/backup-perm.sh for nginx vhost site file & directory permission backups community.centminmod.com/posts/28009/
• Add tools/nginxupdate.sh unattended cli command line updater community.centminmod.com/posts/19691/
• Add tools/csfcf.sh cloudflare csf firewall configuration script community.centminmod.com/posts/26591/
• Add tools/csfincapsula.sh incapsula csf firewall config script community.centminmod.com/posts/46877/
• Add tools/geoipdb-update.sh community.centminmod.com/posts/23481/
• Add tools/setio.sh for dynamic innodb_io_capacity measured and set variable community.centminmod.com/posts/25695/
• Add Nginx HTTP/2 alpha and final support community.centminmod.com/posts/17443/ and community.centminmod.com/posts/18511/
• Add nginScript module support community.centminmod.com/posts/18759/
• Add ngx_brotli module support for better compression community.centminmod.com/posts/19593/
• Add AUTO_GITUPDATE variable community.centminmod.com/posts/25913/
• Add ENABLE_TRYFILES variable community.centminmod.com/posts/53748/
• Add DYNAMICOPT_AFTERGZIP & DYNAMICOPT_END variable community.centminmod.com/posts/56205/
  
• Add NGINX_ZLIBCUSTOM & NGINX_ZLIBVER variable support for nginx compiles with custom zlib 1.2.11+ versions. https://community.centminmod.com/posts/44361/
• Add NGXDYNAMIC_VHOSTSTATS option support for nginx-module-vts module community.centminmod.com/posts/54840/
• Add NGINX_STREAMGEOIP &
  NGXDYNAMIC_STREAMGEOIP variable support in nginx >1.11.3+ community.centminmod.com/posts/33947/
• Add NGINX_STREAMREALIP variable support in nginx >1.11.4+ community.centminmod.com/posts/36002/
• Add NGINX_STREAMSSLPREREAD variable support in nginx >1.11.5+ community.centminmod.com/posts/41082/
• Add NGINX_SLICE variable for Nginx Slice Module support community.centminmod.com/threads/15539/
• Add NGINX_VIDEO variable to control all Nginx video/streaming related nginx modules https://community.centminmod.com/threads/15540/
• Add NGINX_XSLT variable support community.centminmod.com/posts/28939/
• Add NGINX_PERL variable support community.centminmod.com/posts/28614/
• Add testcookie-nginx-module support community.centminmod.com/posts/56214/
  
• Add NGINX_MODSECURITY variable to control newly added modsecurity nginx module configuration and auto detection routines if modsecurity is detected as being installed at known default directory paths community.centminmod.com/posts/24344/ & updated to ModSecurity v3.0 support community.centminmod.com/posts/52824/
• Add NGINX_GEOIPMEM variable to reduce nginx geoip module memory usage on low memory systems community.centminmod.com/posts/21025/
• Add NGXMODULE_ALTORDER variable community.centminmod.com/posts/19654/
• Add PHP_ARGON alias variable for PHP_LIBZIP community.centminmod.com/posts/68694/
• Add PHPMSSQL variable to enable optional Microsoft SQL / MSSQL driver support via PDO_ODBC community.centminmod.com/posts/33077/
• Add PHPZOPFLI variable for Zopfli PHP extension support community.centminmod.com/posts/65156/
• Add PHPIONCUBE variable community.centminmod.com/posts/27550/
• Add PHPIMAGICK variable support community.centminmod.com/posts/18588/
• Add PHPMAILPARSE variable support community.centminmod.com/posts/23401/
• Add PHPGEOIP_ALWAYS variable support community.centminmod.com/posts/18578/
• Add additional PHP extension variable support community.centminmod.com/posts/18889/
• Add POSTGRESQL variable support for PostgreSQL 9.5 install and pdo-pgsql PHP extension support community.centminmod.com/posts/23957/
• Add additional Nginx module variable options to centmin.sh community.centminmod.com/posts/18720/
• Add addons/acmetool.sh community.centminmod.com/posts/34492/
  
• Add addons/rclone.sh community.centminmod.com/posts/39071/
• Add addons/wget.sh install routines for version >1.18+ community.centminmod.com/posts/33240/
• Add addons/opendkim.sh installer community.centminmod.com/posts/29878/
• Add addons/golang.sh installer community.centminmod.com/posts/31686/
• Add addons/nodejs.sh installer community.centminmod.com/posts/24531/
• Add addons/devtoolset-3.sh installer community.centminmod.com/posts/19615/
• Add addons/git2_install.sh installer community.centminmod.com/posts/20900/
• Add side install Python 2.7, 3.2, 3.3, and 3.4 support that runs side by side with default system Python version community.centminmod.com/posts/17469/
• Add tools/nvwp.sh standalone nginx vhost add + wordpress auto installer that bypasses WP-CLI tool usage for PHP 7 usage as WP-CLI tool doesn't fully support PHP 7 yet community.centminmod.com/posts/17563/
• Add to Nginx add vhost functions for HTTP Key Pinning support for SSL centminmod.com/http-public-key-pinning.html and community.centminmod.com/posts/17649/
• Add MariaDB 10.0.x to MariaDB 10.1.x upgrade routine submenu support community.centminmod.com/posts/18185/
• Add Postfix opportunistic TLS encryption for outgoing server mail community.centminmod.com/posts/18355/
• Add NGINX_DEBUG variable support community.centminmod.com/posts/18370/
• Add auto clean up routine for downloads in /svr-setup for Nginx and PHP upgrade routines community.centminmod.com/posts/23901/
• Add workaround support via devtoolset-3 GCC 4.9.1 for Nginx Pagespeed (ngx_pagespeed) 1.10 branch install on CentOS 6.x which has higher GCC =>4.8 version requirements than CentOS 6.x provided GCC 4.4.7 community.centminmod.com/posts/24794/
• Add 503 maintenance mode support community.centminmod.com/posts/23686/ & community.centminmod.com/posts/26447/
• Add pwdh alias command to show server hostname along with present working directory name community.centminmod.com/posts/44210/
  
• Add ImageMagick6 version locking community.centminmod.com/posts/53190/
• Add GeoIP2 Nginx module support community.centminmod.com/threads/17165/
• Add USEAXEL='y' variable to control axel vs wget download usage community.centminmod.com/threads/16720/
  
• Add zstd compression supported nginx & php-fpm log rotation community.centminmod.com/posts/69838/
  
• Add php compression extensions - brotli, lz4, lzf & zstd community.centminmod.com/posts/70777/
  
• Add PHP 7.3 support community.centminmod.com/tags/php73/
• Add PHPFINFO_STANDALONE variable community.centminmod.com/threads/16737/
  
• Add tools/mariadb-jemalloc.sh for MariaDB 10.3+ community.centminmod.com/threads/17821/
• Update PHP-FPM service control to Systemd for CentOS 7 systems community.centminmod.com/threads/16968/
• Update PCRE 8.43 community.centminmod.com/posts/71222/
• Update Nginx build variable identifier community.centminmod.com/threads/16732/
  
• Update Nginx GCC compiler defaults - switch to DEVTOOLSETEIGHT='y' GCC 8.2.1 default for Nginx compilations community.centminmod.com/posts/71027/
• Update Nginx & PHP upgrade log managment community.centminmod.com/posts/58638/
• Updated Nginx to 1.17 Mainline Branch default
• Update PHP 7.2+ compatibility with CentOS 6 community.centminmod.com/posts/69766/
• Update Nginx Brotli module routine to allow manual forced update of Google Brotli version dependency for ngx_brotli nginx module community.centminmod.com/threads/16361/
• Update centmin.sh menu option 22 Wordpress cache selection menu community.centminmod.com/threads/17451/
• Update centmin.sh menu option 22 add prompt selection to install Classic editor instead of Gutenberg editor community.centminmod.com/threads/17472/
• Update tools/cminfo.sh top output - add swap/committed memory usage info community.centminmod.com/threads/17834/
• Updated Siege benchmark to 4.0.4
• Updated haveged entropy availability routines for CentOS 7 community.centminmod.com/posts/29994/
• Updated Nginx to switch from LibreSSL back to OpenSSL 1.0.2+ by default due to Nginx 1.9.12+ compatibility issues with LibreSSL community.centminmod.com/posts/27262/
• Updated LibreSSL to 2.3.4+ with fixed Nginx 1.9.12 compatibility community.centminmod.com/posts/29046/
• Updated Nginx SSL routines community.centminmod.com/posts/17872/
• Updated Nginx vhost default templates to include local & global pre staticfiles.conf include files community.centminmod.com/posts/51422/
• Updated 123.09beta01 to default to PHP 5.6 branch community.centminmod.com/posts/26415/
• Updated ngx_pagespeed to 1.13 branch
• Updated ccache to 3.5
• Update ngx_fancyindex module 0.4.0 & nginx dynamic module support community.centminmod.com/posts/32238/
• Updated CSF Firewall default white listed ports rules and removed 111 and 2049 ports by default community.centminmod.com/posts/18132/
• Update CSF Firewall configure PT_LOAD_ACTION /etc/csf/load.sh script community.centminmod.com/posts/62605/
• Updated MariaDB my.cnf to default to default-storage-engine=InnoDB out of box community.centminmod.com/posts/18252/ & for MariaDB 10.1/10.2 set innodb_default_row_format variable community.centminmod.com/posts/62935/
• Updated MariaDB default my.cnf templates and added new ones that are deployed depending on memory installed on server community.centminmod.com/posts/18478/
• Updated centmin.sh menu option 22 auto wordpress installer's WP-CLI self updater routine community.centminmod.com/posts/18426/ & community.centminmod.com/posts/26050/ & community.centminmod.com/posts/62842/
• Update sshd configurations for CentOS 6.x backported OpenSSH 5.3p1 to support backported ecdsa ssh keys community.centminmod.com/posts/19703/
• Updated centmin.sh menu option 19 to rework FFMPEG + FFMPEG php extension install into submenu based option community.centminmod.com/posts/24021/
• Updated addons/ffmpeg.sh to add AV1 encoder support community.centminmod.com/posts/66605/
• Updated nginx http and https vhost templates with new security headers commented out by default community.centminmod.com/posts/25431/
• Updated Google gperftools + libunwind routines community.centminmod.com/posts/33306/
• Updated motd banner on login community.centminmod.com/posts/26403/ & 2 new variables community.centminmod.com/posts/36283/
• Updated centmin.sh menu option 20 - expand to submenu for install & reinstall options community.centminmod.com/posts/31335/
• Updated centmin.sh menu option 23 to be more efficient community.centminmod.com/posts/26235/
• Updated centmin.sh menu option 11 to add submenu option for MySQL root user password resetting community.centminmod.com/posts/41346/
• Update for MariaDB 10.0.29+ & 10.1.21+ changes to mysqld_safe and log-error path setups community.centminmod.com/posts/43341/
• Update default SSH PS1 command prompt to display full hostname instead of short hostname format for easier identification of the server you are logged into community.centminmod.com/posts/44163/
• Update Nginx Dynamic Module support to take into account manually dropped in dynamic modules via NGXDYNAMIC_MANUALOVERRIDE variable community.centminmod.com/posts/47801/
• Updated default error page and maintenance page html templates community.centminmod.com/posts/49720/
• Update addons/wp-cli.sh add wp-sec and wp-checksum package extensions community.centminmod.com/posts/49837/
• Update cminfo to add netstat & csf firewall statistics summary info community.centminmod.com/posts/62080/
• Working on BoringSSL support for Nginx community.centminmod.com/posts/31689/
• Fixed missing mcrypt PHP extension for CentOS 6.7 community.centminmod.com/posts/18049/
• Disabeld ATrpms YUM repo no longer works community.centminmod.com/posts/18260/

Nginx HTTP/2 Support to Replace SPDY SSL

The biggest change added is now for the Nginx HTTP/2 alpha patch. Official Nginx blog announcement at Announcing an Early Alpha Patch for HTTP/2 - NGINX Basically, Google is dropping SPDY based SSL for newer HTTP/2 based SSL.

I have already started HTTP/2 benchmarks with other web servers such as h2o and OpenLiteSpeed which you can see at h2ohttp2.centminmod.com/webpagetests1.html. So it's good news that Nginx is progressing and released an Nginx HTTP/2 alpha patch

You can see example of how I updated Centmin Mod to 123.09beta01 and then recompiled Nginx via centmin.sh menu option 4 to enable and apply the Nginx HTTP/2 alpha patch to Nginx here.


HTTP/2 Links & Info

• HTTP/2 - Wikipedia, the free encyclopedia
• HTTP/2 Frequently Asked Questions
• Chromium Blog: Hello HTTP/2, Goodbye SPDY
• HTTP/2: A Fast, Secure Bedrock for the Future of SEO - Moz
• The Shift from SPDY to HTTP/2
• Performance Calendar » HTTP 2.0 is coming, be ready
• Architecting Websites For The HTTP/2 Era
• A Simple Performance Comparison of HTTPS, SPDY and HTTP/2

Added IUS Community Repo and Python 2.7 & Python 3.4

• Added Python 2.7 and 3.4 support via addon installers via IUS Community YUM Repo.

Wordpress Auto Installer without WP-CLI

• To work wround WP-CLI incompatibilities with PHP 7 and centmin.sh menu option 22. Full details here.

MariaDB 10.0 to 10.1 Upgrade Routine

Details here.

 

Indeed although I have fallen behind in latest h2o and OpenLiteSpeed developments from when I did the benchmarks at SSL - HTTP/2 - h2o vs OpenLiteSpeed vs Nginx SPDY/3.1 | Centmin Mod Community so will need time to catch up on that for a proper compare to Nginx HTTP/2

 

Updated 123.09beta01 with custom curl 7.44 rpms option cURL - Changes Both addon/customcurl.sh and centmin.sh has been updated. Details of what this custom curl rpm is for and questions can be asked at Beta Branch - Centmin Mod .08 beta 03 addon - curl 7.43 custom rpms | Centmin Mod Community

 

Updated first post with 123.09beta01 one line curl install command. Test away - just note with Nginx HTTP/2 patch applied by default, ngx_pagespeed maybe broken for now.

Code:

curl -sL http://centminmod.com/betainstaller.sh | bash

You can disable Nginx HTTP/2 patch by editing centmin.sh option and change from

Code:

NGINX_HTTP2=y

to

Code:

NGINX_HTTP2=n

then run centmin.sh menu option 4 to recompile Nginx 1.9.3+. However, the whole point of beta testing is to test new features

 

heads up version 2 of the Nginx HTTP/2 patch was released Index of /patches/http2/

Code:

2015-08-14 Version 2 (NGINX 1.9.3)
- Introduced NPN support for HTTP/2 negotiation (this reduces OpenSSL version
   requirement to 1.0.1+);
- Various fixes in the prioritization mechanism;
- Fixed missing "Location" response header in some configurations;
- Fixed processing of the ":authority" pseudo-header (the HTTP/2 analog of
   the "Host" header).

2015-08-05 Version 1 (NGINX 1.9.3)
The first public alpha release.

centmin mod 123.09beta01 has been updated to ensure latest Nginx patch is applied each time you run Nginx upgrade/recompile via centmin.sh menu option 4 update inc/nginx_upgrade.inc ensure latest HTTP/2 patch applied · centminmod/centminmod@26a6138 · GitHub

Nginx HTTP/2 version 2 patch fixed my Nginx HTTP/2 + ngx_pagespeed issues !

Working now

Code:

nghttp -nas https://centminmod.com:443
***** Statistics *****

Request timing:
  responseEnd: the  time  when  last  byte of  response  was  received
               relative to connectEnd
requestStart: the time  just before  first byte  of request  was sent
               relative  to connectEnd.   If  '*' is  shown, this  was
               pushed by server.
      process: responseEnd - requestStart
         code: HTTP status code
         size: number  of  bytes  received as  response  body  without
               inflation.
          URI: request URI

see http://www.w3.org/TR/resource-timing/#processing-model

sorted by 'complete'

id  responseEnd requestStart  process code size request path
13    +80.22ms       +532us  79.69ms  200  29K /
15    +91.08ms     +66.98ms  24.10ms  200   9K /img/favicon.ico
17   +125.17ms     +66.99ms  58.18ms  200  60K /css/A.localfonts.css+font-awesome.min.css+bootstrap.min.css+hover-dropdown-menu.css+icons-set8.css+animate.min.css+style.css+responsive.css+color.css,Mcc.FHj-r4A0cI.css.pagespeed.cf.YOn5Xvomna.css
21   +141.41ms     +66.99ms  74.42ms  200   7K /js/hover-dropdown-menu.js+jquery.hover-dropdown-menu-addon.js+jquery.easing.1.3.js.pagespeed.jc.vy5S6wKQse.js
25   +156.83ms     +67.03ms  89.81ms  200   6K /js/custom.js.pagespeed.jm.q-StvNlmtR.js
19   +157.11ms     +66.99ms  90.11ms  200  38K /js/jquery.min.js+bootstrap.min.js.pagespeed.jc.Cd39AMnoIp.js
23   +157.12ms     +67.02ms  90.09ms  200  24K /js/bootstrapValidator.min.js.pagespeed.jm.YU3KUlvaHb.js   

 

August 17th Git commits for 123.09beta01 add IUS Community YUM repo support (repo backed by folks at Rackspace) to provide a cleaner Python 2.7 and Python 3.4 side by side install with system Python 2.6 (CentOS 6) and Python 2.7 (CentOS 7). Updates add 2 new addons and update one existing addon. 123.09beta01 addons listing on github

• /addons/python27_install.sh updated
• /addons/python34_install.sh added
• /addons/ius-repo.sh added

With addons/ius-repo.sh ran you will install IUS Community YUM repo so can manually install Python 2.7 and/or 3.4 via commands

For Python 2.7 if on CentOS 6. CentOS 7 already uses Python 2.7 so not needed

Code:

yum -y install python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv --enablerepo=ius

Code:

# rpm -ql python27 python27-pip python27-virtualenv | grep bin
# /usr/bin/pydoc27
# /usr/bin/python2.7
# /usr/bin/pip2.7
# /usr/bin/virtualenv-2.7

For Python 3.4 on either CentOS 6 or CentOS 7

Code:

yum -y install python34u python34u-devel python34u-pip python34u-setuptools python34u-tools --enablerepo=ius

Code:

# rpm -ql python34u python34u-pip | grep bin
# /usr/bin/pydoc3
# /usr/bin/pydoc3.4
# /usr/bin/python3
# /usr/bin/python3.4
# /usr/bin/python3.4m
# /usr/bin/pyvenv
# /usr/bin/pyvenv-3.4
# /usr/bin/pip3
# /usr/bin/pip3.4

Code:

python --version
Python 2.6.6

python2.7 --version
Python 2.7.10

python3.4 --version
Python 3.4.3

Full python 3.* versions and packages available in IUS Community repo on CentOS 6.7

Code:

yum list python3* --enablerepo=ius --disableplugin=priorities -q                  
Available Packages
python32.x86_64                                                                                                                    3.2.6-1.ius.centos6                                                                                                 ius
python32-debug.x86_64                                                                                                              3.2.6-1.ius.centos6                                                                                                 ius
python32-debuginfo.x86_64                                                                                                          3.2.6-1.ius.centos6                                                                                                 ius
python32-devel.x86_64                                                                                                              3.2.6-1.ius.centos6                                                                                                 ius
python32-hiredis.x86_64                                                                                                            0.2.0-1.ius.centos6                                                                                                 ius
python32-hiredis-debuginfo.x86_64                                                                                                  0.2.0-1.ius.centos6                                                                                                 ius
python32-libs.x86_64                                                                                                               3.2.6-1.ius.centos6                                                                                                 ius
python32-lxml.x86_64                                                                                                               3.4.4-1.ius.centos6                                                                                                 ius
python32-lxml-debuginfo.x86_64                                                                                                     3.4.4-1.ius.centos6                                                                                                 ius
python32-mod_wsgi.x86_64                                                                                                           4.4.13-1.ius.centos6                                                                                                ius
python32-mod_wsgi-debuginfo.x86_64                                                                                                 4.4.13-1.ius.centos6                                                                                                ius
python32-postgresql.x86_64                                                                                                         1.1.0-2.ius.centos6                                                                                                 ius
python32-postgresql-debuginfo.x86_64                                                                                               1.1.0-2.ius.centos6                                                                                                 ius
python32-redis.noarch                                                                                                              2.10.3-1.ius.centos6                                                                                                ius
python32-setuptools.noarch                                                                                                         18.0.1-1.ius.centos6                                                                                                ius
python32-test.x86_64                                                                                                               3.2.6-1.ius.centos6                                                                                                 ius
python32-tkinter.x86_64                                                                                                            3.2.6-1.ius.centos6                                                                                                 ius
python32-tools.x86_64                                                                                                              3.2.6-1.ius.centos6                                                                                                 ius
python33.x86_64                                                                                                                    3.3.6-1.ius.centos6                                                                                                 ius
python33-debug.x86_64                                                                                                              3.3.6-1.ius.centos6                                                                                                 ius
python33-debuginfo.x86_64                                                                                                          3.3.6-1.ius.centos6                                                                                                 ius
python33-devel.x86_64                                                                                                              3.3.6-1.ius.centos6                                                                                                 ius
python33-hiredis.x86_64                                                                                                            0.2.0-1.ius.centos6                                                                                                 ius
python33-hiredis-debuginfo.x86_64                                                                                                  0.2.0-1.ius.centos6                                                                                                 ius
python33-libs.x86_64                                                                                                               3.3.6-1.ius.centos6                                                                                                 ius
python33-lxml.x86_64                                                                                                               3.4.4-1.ius.centos6                                                                                                 ius
python33-lxml-debuginfo.x86_64                                                                                                     3.4.4-1.ius.centos6                                                                                                 ius
python33-mod_wsgi.x86_64                                                                                                           4.4.13-1.ius.centos6                                                                                                ius
python33-mod_wsgi-debuginfo.x86_64                                                                                                 4.4.13-1.ius.centos6                                                                                                ius
python33-postgresql.x86_64                                                                                                         1.1.0-1.ius.centos6                                                                                                 ius
python33-postgresql-debuginfo.x86_64                                                                                               1.1.0-1.ius.centos6                                                                                                 ius
python33-redis.noarch                                                                                                              2.10.3-1.ius.centos6                                                                                                ius
python33-setuptools.noarch                                                                                                         18.0.1-1.ius.centos6                                                                                                ius
python33-test.x86_64                                                                                                               3.3.6-1.ius.centos6                                                                                                 ius
python33-tkinter.x86_64                                                                                                            3.3.6-1.ius.centos6                                                                                                 ius
python33-tools.x86_64                                                                                                              3.3.6-1.ius.centos6                                                                                                 ius
python34u.x86_64                                                                                                                   3.4.3-2.ius.centos6                                                                                                 ius
python34u-debug.x86_64                                                                                                             3.4.3-2.ius.centos6                                                                                                 ius
python34u-debuginfo.x86_64                                                                                                         3.4.3-2.ius.centos6                                                                                                 ius
python34u-devel.x86_64                                                                                                             3.4.3-2.ius.centos6                                                                                                 ius
python34u-libs.x86_64                                                                                                              3.4.3-2.ius.centos6                                                                                                 ius
python34u-pip.noarch                                                                                                               7.1.0-1.ius.centos6                                                                                                 ius
python34u-redis.noarch                                                                                                             2.10.3-1.ius.centos6                                                                                                ius
python34u-setuptools.noarch                                                                                                        18.0.1-1.ius.centos6                                                                                                ius
python34u-test.x86_64                                                                                                              3.4.3-2.ius.centos6                                                                                                 ius
python34u-tkinter.x86_64                                                                                                           3.4.3-2.ius.centos6                                                                                                 ius
python34u-tools.x86_64                                                                                                             3.4.3-2.ius.centos6                                                                                                 ius
python34u-wheel.noarch                                                                                                             0.24.0-1.ius.centos6                                                                                                ius

Technically, Centmin Mod .08 stable users can also use these updated and newly added Centmin Mod addon scripts by just manually grabbing them from 123.09beta01 repo too at centminmod/addons at 123.09beta01 · centminmod/centminmod · GitHub

Once 123.09 goes stable, these addons will also feature on official site page at Centmin Mod Addons - CentminMod.com LEMP Nginx web stack for CentOS

edit: decided to backport updated python27_install.sh to .08 stable too as it's a better method for install and would lead to less issues when you upgrade to .09 stable in future.

 

Added standalone tools/nvwp.sh cmd line Nginx vhost + Wordpress setup installer to work around WP-CLI incompatibilities with PHP 7 and centmin.sh menu option 22.

The tools/nvwp.sh I wrote is a modified version of /tools/nv.sh (/usr/bin/nv) command line too for Centmin Mod Nginx vhost auto setup and added Wordpress database and latest download + Nginx wordpress vhost config routines to it without WP-CLI. This tool has been added to 123.09beta01 branch at tools/nvwp.sh - you can download standalone file here.

What this means is I can't install Wordpress plugins like Super Cache automatically but I can get Wordpress mysql database, user and nginx vhost setup first.

Then all you need is to visit the site in web browser to complete the Wordpress install.

Actual command to setup Nginx vhost for newdomain3.com with self signed SSL enabled and pure-ftpd virtual ftp username = ftpusr003

Code:

./nvwp.sh -d newdomain3.com -s y -u ftpusr003

Code:

./nvwp.sh -d newdomain3.com -s y -u ftpusr003
---------------------------------------------------------------
Nginx Vhost Setup...
---------------------------------------------------------------
FTP password auto generated: Rm8L4TD9L4MHQPci44Wgq

Password:
Enter it again:
/usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/newdomain3.com/htpasswd_wplogin uy+8zcGN+P+HmYx25586 p37LChHl97FKvc4PW8Yxy25586

/home/nginx/domains/newdomain3.com/htpasswd_wplogin contents:
uy+8zcGN+P+HmYx25586:$apr1$4RmP4Syb$dAoWAbzxQoodTlQVI4bS61
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------

---------------------------------------------------------------
Generating self signed SSL certificate...
Generating a 2048 bit RSA private key
.....+++
.............................................................................+++
writing new private key to 'newdomain3.com.key'
-----
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=newdomain3.com/CN=newdomain3.com
Getting Private key
---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..++*++*
dhparam file generation time: 124.833351005
---------------------------------------------------------------
Setup Wordpress + Super Cache (vhost only disabled by default) for newdomain3.com
---------------------------------------------------------------
2015-08-20 13:27:09 URL:https://wordpress.org/latest.zip [7088086/7088086] -> "latest.zip" [1]
Archive:  latest.zip
   creating: wordpress/

------------------------------------------------------------
Created uninstall script
/root/tools/wp_uninstall_newdomain3.com.sh
------------------------------------------------------------

Code:

-------------------------------------------------------------
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]
service pure-ftpd restart

-------------------------------------------------------------
FTP hostname : IPADDRESS
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for newdomain3.com : ftpusr003
FTP password created for newdomain3.com : Rm8L4TD9L4MHQPci44Wgq
-------------------------------------------------------------
vhost for newdomain3.com created successfully

domain: http://newdomain3.com
vhost conf file for newdomain3.com created: /usr/local/nginx/conf/conf.d/newdomain3.com.conf

vhost ssl for newdomain3.com created successfully

domain: https://newdomain3.com
vhost ssl conf file for newdomain3.com created: /usr/local/nginx/conf/conf.d/newdomain3.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.csr

upload files to /home/nginx/domains/newdomain3.com/public
vhost log files directory is /home/nginx/domains/newdomain3.com/log

------------------------------------------------------------
SSH commands to uninstall created Wordpress install and Nginx vhost:
  /root/tools/wp_uninstall_newdomain3.com.sh
------------------------------------------------------------

Code:

Wordpress domain: newdomain3.com
Wordpress DB Name: wp18251db_4151
Wordpress DB User: wpdb4151u7535
Wordpress DB Pass: wpdbZPkuXZ9yK5dSp8745

Wordpress wp-login.php password protection info:
wp-login.php protection file /home/nginx/domains/newdomain3.com/htpasswd_wplogin
wp-login.php protection Username: uy+8zcGN+P+HmYx25586
wp-login.php protection Password: p37LChHl97FKvc4PW8Yxy25586
http://uy+8zcGN+P+HmYx25586:p37LChHl97FKvc4PW8Yxy25586@newdomain3.com/wp-login.php

Resetting wp-login.php protection:
Step 1. remove protection file at /home/nginx/domains/newdomain3.com/htpasswd_wplogin
     rm -rf /home/nginx/domains/newdomain3.com/htpasswd_wplogin
Step 2. run command:
     /usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/newdomain3.com/htpasswd_wplogin YOURUSERNAME YOURPASSWORD
Step 3. restart Nginx + PHP-FPM services
     nprestart

-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/

Aug 16  23:42   845    ssl.conf
Aug 16  23:42   1.1K   demodomain.com.conf
Aug 16  23:48   1.6K   virtual.conf
Aug 20  13:12   2.1K   newdomain.com.conf
Aug 20  13:12   3.8K   newdomain.com.ssl.conf
Aug 20  13:15   3.8K   newdomain2.com.ssl.conf
Aug 20  13:18   2.1K   newdomain2.com.conf
Aug 20  13:27   2.1K   newdomain3.com.conf
Aug 20  13:27   3.8K   newdomain3.com.ssl.conf

-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain3.com

Aug 20  13:24   1.7K   newdomain3.com.key
Aug 20  13:24   1009   newdomain3.com.csr
Aug 20  13:24   1.2K   newdomain3.com.crt
Aug 20  13:27   424    dhparam.pem

Then visit newdomain3.com in web browser and manually install Wordpress





/home/nginx/domains/newdomain3.com/public/wp-config.php contents look okay too

Code:

<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://codex.wordpress.org/Editing_wp-config.php
*
* @package WordPress
*/

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wp18251db_4151');

/** MySQL database username */
define('DB_USER', 'wpdb4151u7535');

/** MySQL database password */
define('DB_PASSWORD', 'wpdbZPkuXZ9yK5dSp8745');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY',         '61tiA+E5-Y>*B~:RyLI.vx:)]WB>[E^:Ms=aa,:[@C>Q>f{7e(:sx,=5DD.8k:`U');
define('SECURE_AUTH_KEY',  'L{[ A_cJhKpA0Od3X1TORjLjFr5l^S5A@nfmCj<3]bXWG5{~ oy{fz>^8L{2-&T/');
define('LOGGED_IN_KEY',    '6^K.G&)=oc{=Z]?Gk1/^|6XY#P#MMh.O)w&W/yX^jvAgk^c20BIBOwdxQm)o!_e3');
define('NONCE_KEY',        'UQV]mm6fJSpYxPkIZ@k8MM@Ld|GIv( Wk9JWeNORBQV4LeGS P[aA;JzBMe*3;Hr');
define('AUTH_SALT',        'O?0K:Sq.[Dp10n03Q,1E3Ej_Ai?5Ls&0?=EQ9b].*:0,<d5@7p*s(-|c3ht==`ZI');
define('SECURE_AUTH_SALT', 'ZelS:k{Wtrc.>;prin :aOn{3B-V!}xbP};k(#)@?PStr_=~uT;iyu~j36|c6hxB');
define('LOGGED_IN_SALT',   'sXyQDe6XE4}V0fJ1FRVcD.)f>HBad.!I8vpK:SL}5k,!OptMwTlf)alm1DOP;+dH');
define('NONCE_SALT',       '`blh=BbTRs7)=e&/,<0#KMxg2Et=0<DuyHjJ[;Ws20uzyiK/)aEtAPpQzGK  jwF');

/**#@-*/

/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = '3261_';

/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Ran this on 123.09beta01 build so Nginx is patched for HTTP/2 so when you visit the self-signed SSL name you see



And since Nginx is compiled against LibreSSL native chacha20_poly1305 cipher support out of the box



Nginx vhost auto generated for newdomain3.com is also setup for rate limiting like centmin.sh menu option 22

/usr/local/nginx/conf/conf.d/newdomain3.com.conf

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name newdomain3.com;
#            return 301 $scheme://www.newdomain3.com$request_uri;
#       }

server {
  server_name newdomain3.com www.newdomain3.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain3.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/newdomain3.com/log/error.log;

  root /home/nginx/domains/newdomain3.com/public;

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
   deny all;
  }

include /usr/local/nginx/conf/wpsupercache_newdomain3.com.conf;

  location / {

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # Wordpress Permalinks
  try_files $uri $uri/ /index.php?q=$uri&$args;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/newdomain3.com/htpasswd_wplogin;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwplogin burst=2 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

  include /usr/local/nginx/conf/wpsecure_newdomain3.com.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

and ssl version /usr/local/nginx/conf/conf.d/newdomain3.com.ssl.conf with Nginx HTTP/2 support

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#   server_name newdomain3.com www.newdomain3.com;
#    return 302 https://$server_name$request_uri;
# }

server {
  listen 443 ssl http2;
  server_name newdomain3.com www.newdomain3.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain3.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  #spdy_headers_comp 5;
  ssl_buffer_size 1400;
  ssl_session_tickets on;

  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/newdomain3.com/newdomain3.com-trusted.crt;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain3.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/newdomain3.com/log/error.log;

  root /home/nginx/domains/newdomain3.com/public;

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
   deny all;
  }

include /usr/local/nginx/conf/wpsupercache_newdomain3.com.conf;

  location / {

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # Wordpress Permalinks
  try_files $uri $uri/ /index.php?q=$uri&$args;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/newdomain3.com/htpasswd_wplogin;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwplogin burst=2 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

  include /usr/local/nginx/conf/wpsecure_newdomain3.com.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

FYI, this installer also auto disables WP_CRON and sets up a system cronjob for better performance

custom wp-config.php settings

Code:

/** Enable core updates for minor releases (default) **/
define('DISABLE_WP_CRON', true);
define('WP_AUTO_UPDATE_CORE', 'minor' );
define('WP_POST_REVISIONS', 10 );
define('EMPTY_TRASH_DAYS', 10 );
define('WP_CRON_LOCK_TIMEOUT', 60 );

cronjob

Code:

crontab -l

*/15 * * * * sleep 268s ; wget -O - -q -t 1 http://newdomain3.com/wp-cron.php?doing_wp_cron=1 > /dev/null 2>&1

 

For 123.09beta01 PHP default version I am thinking of bumping defaults to either PHP 5.5.28 or PHP 5.6.12 as PHP 5.4 active support ends in ~22 days on September 14, 2015 PHP: Supported Versions

What do you guys think ?

 

Playing with the initial SSH log in motd banner - seeing if I can get some useful info printed including whether or not there are updated versions for Nginx, PHP-FPM etc

first draft

Code:

################################################################
# This message was setup by Centmin Mod
# * Getting Started Guide - http://centminmod.com/getstarted.html
# * Latest Centmin Mod version - http://centminmod.com 
# * Centmin Mod FAQ - http://centminmod.com/faq.html
# * Change Log - http://centminmod.com/changelog.html
# * Google+ Page latest news http://centminmod.com/gpage
# * Google+ Community Forum http://centminmod.com/gcom
# * Centmin Mod Twitter https://twitter.com/centminmod
###############################################################
# Cheap VPS Hosting at Digitalocean
# https://www.digitalocean.com/?refcode=c1cb367108e8
###############################################################
# recommend to keep the above lines and remove and
# add your own messages below this point
###############################################################
# To edit this message,
# 1). edit /etc/motd
# 2). edit inc/motd.inc and set to no ENABLEMOTD='n'
###############################################################

##############################################################
Centmin Mod:           1.2.3-eva2000.09
Hostname:              centminmod.com
OS:                    CentOS release 6.7 (Final)
Kernel:                2.6.32-042stab093.5
Uptime:                11 day(s) 22:57:7
Nginx:                 nginx/1.9.3 [latest: 1.9.4]
PHP-FPM:               PHP 7.0.0RC1 [latest: check php.net]
MariaDB MySQL:         10.0.21-MariaDB
CSF Firewall:          csf: v8.04
##############################################################

latest revision

Code:

---------------------------------------------------------------
Centmin Mod:           1.2.3-eva2000.09
Hostname:              centminmod.com
OS:                    CentOS release 6.7 (Final)
Type:                  openvz
Kernel:                2.6.32-042stab093.5
Uptime:                12 day(s) 5:11:2
---------------------------------------------------------------
Nginx:                 nginx/1.9.3  [latest: 1.9.4]
PHP-FPM:               PHP 7.0.0RC1 [latest: check php.net]
MariaDB MySQL:         10.0.21
CSF Firewall:          csf: v8.04
LibreSSL:              2.2.2 [latest: check libressl.org]
---------------------------------------------------------------

Folks can help test the script motd.sh out first without any actual install on your server by running this command and sharing the output you get in CODE tags. Testing help ensures output is as expected across different server platforms and VPS virtualisation methods

Code:

curl -sL https://gist.github.com/centminmod/a0caad0bea9b8d39126d/raw/motd.sh | bash

 

Updating 1st post with additional curl one liner 123.09beta01 unattended installs methods which default to PHP 5.5.28 and PHP 5.6.12 default respectively.

Code:

curl -sL http://centminmod.com/betainstaller55.sh | bash

or

Code:

curl -sL http://centminmod.com/betainstaller56.sh | bash

 

Working on updating centmin.sh menu option 2 and /usr/bin/nv and tools/nvwp.sh routines for Nginx vhost auto generation to add to SSL generation part, HTTP Public Key Pinning and auto generation of the 2nd CSR + Private key pair for back pin setup and the base64 encoded hashes themselves are saved to hpkp-info-primary-pin.txt and hpkp-info-secondary-pin.txt files in your auto created SSL directory at /usr/local/nginx/conf/ssl/yourdomain.com.

You will need to add the header manually if you want to use HTTP Public Key Pinning but all the work is done for you on output actually i'll add it to your Nginx SSL vhost file /usr/local/nginx/conf/conf.d/newdomain5.com.ssl.conf as a commented out header option

example from /usr/bin/nv method for creating Nginx vhost for newdomain5.com with SSL enabled and pure-ftpd virtual ftp user = fp02

Code:

/usr/bin/nv -d newdomain5.com -s y -u fp02
---------------------------------------------------------------
Nginx Vhost Setup...
---------------------------------------------------------------


FTP password auto generated: BmpQimW4TCBxL8ie1o4aU

Password:
Enter it again:
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------

Code:

---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keey both private key and CSR safe
creating CSR File: newdomain5.com.csr
creating private key: newdomain5.com.key
creating self-signed SSL certificate: newdomain5.com.crt
Generating a 2048 bit RSA private key
...........................................+++
.....+++
writing new private key to 'newdomain5.com.key'
-----
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=newdomain5.com/OU=IT/CN=newdomain5.com
Getting Private key

Code:

---------------------------------------------------------------
Generating backup CSR and private key for HTTP Public Key Pinning...
creating CSR File: newdomain5.com-backup.csr
creating private key: newdomain5.com-backup.key
Generating a 2048 bit RSA private key
....................................................+++
.................+++
writing new private key to 'newdomain5.com-backup.key'
-----

Code:

---------------------------------------------------------------
Extracting Base64 encoded information for primary and secondary
private key's SPKI - Subject Public Key Information
Primary private key - newdomain5.com.key
Backup private key - newdomain5.com-backup.key
For HPKP - HTTP Public Key Pinning hash generation...

extracting SPKI Base64 encoded hash for primary private key = newdomain5.com.key ...
writing RSA key
OxuWh/qkrx2pCAD61nuI9foOs6E9UBazP/0JT3VDHhE=

extracting SPKI Base64 encoded hash for backup private key = newdomain5.com-backup.key ...
writing RSA key
xcxXIdzzosEITfDxVugOWOyubt48ZfJ6+3i9MJy97tU=

HTTP Public Key Pinning Header for Nginx

for 7 days max-age including subdomains

add_header Public-Key-Pins 'pin-sha256="OxuWh/qkrx2pCAD61nuI9foOs6E9UBazP/0JT3VDHhE="; pin-sha256="xcxXIdzzosEITfDxVugOWOyubt48ZfJ6+3i9MJy97tU="; max-age=604800; includeSubDomains';

for 7 days max-age excluding subdomains

add_header Public-Key-Pins 'pin-sha256="OxuWh/qkrx2pCAD61nuI9foOs6E9UBazP/0JT3VDHhE="; pin-sha256="xcxXIdzzosEITfDxVugOWOyubt48ZfJ6+3i9MJy97tU="; max-age=604800';

Code:

---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.............................................................................................................................+.............................................................................+..................+..............................................................................................+....................+....+...............................................+....................................+...................................++*++*
dhparam file generation time: 29.307974817

-------------------------------------------------------------
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]
service pure-ftpd restart

Code:

-------------------------------------------------------------
FTP hostname : IPADDRESS
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for newdomain5.com : fp02
FTP password created for newdomain5.com : BmpQimW4TCBxL8ie1o4aU
-------------------------------------------------------------
vhost for newdomain5.com created successfully

domain: http://newdomain5.com
vhost conf file for newdomain5.com created: /usr/local/nginx/conf/conf.d/newdomain5.com.conf

vhost ssl for newdomain5.com created successfully

domain: https://newdomain5.com
vhost ssl conf file for newdomain5.com created: /usr/local/nginx/conf/conf.d/newdomain5.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.csr

upload files to /home/nginx/domains/newdomain5.com/public
vhost log files directory is /home/nginx/domains/newdomain5.com/log

Code:

-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/

Aug 10  20:26   845    ssl.conf
Aug 10  20:26   1.1K   demodomain.com.conf
Aug 10  20:29   1.6K   virtual.conf
Aug 19  16:13   1.6K   domain1.com.conf
Aug 19  16:13   3.2K   domain1.com.ssl.conf
Aug 25  02:59   1.6K   newdomain4.com.conf
Aug 25  02:59   3.3K   newdomain4.com.ssl.conf
Aug 25  03:09   3.3K   newdomain5.com.ssl.conf
Aug 25  03:09   1.6K   newdomain5.com.conf

Code:

-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain5.com

Aug 25  03:08   1.7K   newdomain5.com.key
Aug 25  03:08   1.1K   newdomain5.com.csr
Aug 25  03:08   1.3K   newdomain5.com.crt
Aug 25  03:08   1.7K   newdomain5.com-backup.key
Aug 25  03:08   1.1K   newdomain5.com-backup.csr
Aug 25  03:08   45     hpkp-info-primary-pin.txt
Aug 25  03:08   45     hpkp-info-secondary-pin.txt
Aug 25  03:09   424    dhparam.pem

Code:

-------------------------------------------------------------
Commands to remove newdomain5.com

rm -rf /usr/local/nginx/conf/conf.d/newdomain5.com.conf
rm -rf /usr/local/nginx/conf/conf.d/newdomain5.com.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.crt
rm -rf /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.key
rm -rf /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.csr
rm -rf /home/nginx/domains/newdomain5.com
service nginx restart
-------------------------------------------------------------

Still testing before I commit updates to 123.09beta01 commited changes update Nginx vhost autogen to support HTTP Public Key Pinning for SSL · centminmod/centminmod@332b41f · GitHub

Best part is the HPKP generated hash pins are derived from the primary and secondary backup private key's SPKI - Subject Public Key Information fields so if you use the primary and or secondary backup CSR and private key pairs for even paid SSL certificates - i.e. submitting the CSR file like /usr/local/nginx/conf/ssl/newdomain5.com/newdomain5.com.csr. The HPKP pins and headers that are auto generated are also valid and usable for paid SSL certificates

Only item to be aware of with HPKP auto generation is when you renew or change your SSL certificates to using a different CSR file and private key, you need to regenerate new hashed pins manually. However, if you renewal by using same CSR file and private that is auto generated, then hashed pins should be still valid.

 

HTTP Public Key Pinning in action http://centminmod.com/http-public-key-pinning.html

 

Updated default LibreSSL Version

Updated both Centmin Mod 1.2.3-eva2000.08 stable and 1.2.3-eva2000.09 beta01 to default to LibreSSL 2.2.3 for fresh installs. For existing installs you need to update to LibreSSL 2.2.3 as outlined here LibreSSL 2.2.3 Released for Centmin Mod Nginx | Centmin Mod Community

 

Update SSL Vhost Generation Routines

Updated the SSL vhost generation routines with this commit update inc/wpsetup.inc add SSL vhost setup & ssl cert variables · centminmod/centminmod@870e19b · GitHub

1. updated inc/wpsetup.inc to allow self signed SSL certificate generated vhost like centmin.sh menu option 2
2. updated all vhost self signed SSL certificate routines in inc/nginx_addvhost, tools/nvwp.sh, tools/nv.sh to be able to use preset centmin.sh variables for SSL certificates Country 2 digit code, State, Location (city), Organization and Organizational Unit fields. All are editable via centmin.sh set variables

Code:

###############################################################
# Settings for centmin.sh menu option 2 and option 22 for
# the details of the self-signed SSL certificate that is auto
# generated. The default values where vhostname variable is
# auto added based on what you input for your site name
#
# -subj "/C=US/ST=California/L=Los Angeles/O=${vhostname}/OU=${vhostname}/CN=${vhostname}"
#
# You can only customise the first 5 variables for
# C = Country 2 digit code
# ST = state
# L = Location as in city
# 0 = organisation
# OU = organisational unit
#
# if left blank # defaults to same as vhostname that is your domain
# if set it overrides that
SELFSIGNEDSSL_C='US'
SELFSIGNEDSSL_ST='California'
SELFSIGNEDSSL_L='Los Angeles'
SELFSIGNEDSSL_O=''
SELFSIGNEDSSL_OU=''
###############################################################

 

With me working on extending motd message on first log into SSH, I was thinking about maybe also checking if a user's Centmin Mod install at /usr/local/src/centminmod has been setup for Git environment updates and then auto updating the Centmin Mod code at the same time as your first SSH login.

This will update the Centmin Mod installed code at a more timely moment as the user logging into SSH is more likely to be using centmin.sh than leaving it up to a cronjob to schedule updating.

Not sure how folks would feel about such a way of updating Centmin Mod code install at /usr/local/src/centminmod ?

 

Yeah for me I personally do manual updates via centmin.sh menu option 23 submenu option 2 or have cronjob setup to do auto updates depending on the site. For instance centminmod.com cluster of VPS servers is auto updated via the cronjob outlined here.