Join the community today
Register Now

Install DigitalOcean VPS installation questions

Discussion in 'Install & Upgrades or Pre-Install Questions' started by dooma, Nov 2, 2016.

  1. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    Hello,


    I created a new fresh DigitalOcean VPS. Should I configure and secure it before installing the centminmod like these tutorials 1 , 2 as example or I will install the centminmod directly without configuring anything with my server ?

    Thanks
     
  2. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:16 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    I went straight with centmin after I created droplet.
    For centmin, all is done with root user, and firewall (CFS) is going to be installed through centmin
     
  3. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    Even without configuring SSH daemon or timezone as ex. ??

    Thanks for your replay
     
  4. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:16 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    time zone and other settings you can do later, after centmin is installed (through custom php.ini).
    Swap and setting related to that do before centmin.
    As I remember, I just add swap to server. Maybe 2-3 settings more and than install centmin.
    But, to be sure, wait for someone with more knowledge to answer you.
    And do snapshot of your droplet before install centmin, just to be sure.
    My advise is to install centmin beta, not stable, because centmin beta give you much more and it is very stable.

    But, as I said, wait for answer from Eva2000 here.
    Before that, read this 3:

    Centmin Mod LEMP Stack Install Nginx on CentOS

    Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS

    FAQ - CentminMod.com LEMP Nginx web stack for CentOS
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    install Centmin Mod first

    in Initial Server Setup with CentOS 7 | DigitalOcean sudo user and sshd key authentication you can do after but be sure to understand what and how to use sudo user before hand otherwise you won't be able to manage your server via Centmin Mod bash shell menu if you don't know how to switch from sudo user to root to manage Centmin Mod LEMP stack which assumes root user in play. If you follow guide to disable root logins and use ssh key authentication, also need to understand how to regain ssh access to your server if you loose your ssh private key. For DigitalOcean need to know how to use their out of band Console mentioned below in the how to recover file system corruption guide.

    Before you look into ssh key only (+disable password authentication), make sure your web host is setup with features that allow you to regain access to your server if you ever loose your ssh key's private key and that you know how to use those features to regain access.

    If you don't know how to use those features, setup a test instance/VPS with that web host and test it out. If you're with web host with hourly billed VPSes like Linode, DigitalOcean, and Vultr then it is relatively cheap to test out for a few hours on a test VPS.

    Here's a example text you can use to ask your web host to be sure

    There's numerous how to use ssh key login guides online, but not many go beyond that to explain what to do if you loose your ssh private key and are unable to use password logins. And that can come down to your web host and what measures they have in place i.e. out of band console access etc and recovery ISO/cds available.

    And some relevant guides with different web hosts about setting up SSH key authentication and also about recovery as well general need to know info.

    DigitalOcean



    Has out of band console access

    Linode



    Has out of band console access called Lish

    Vultr



    Has out of band console access

    OVH


    RamNode


    Others


    from Additional Recommended Steps for New CentOS 7 Servers | DigitalOcean

    Centmin Mod disables firewalld in CentOS 7 and like CentOS 6 installs, installs CSF Firewall see Getting Started Guide Step 4 and CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS

    Centmin Mod already configures ntp and timezones for non-openvz vps like DO's KVM VPSes. If you use Centmin Mod 123.09beta01, there's also a mytimes command that Centmin Mod installs which lists common timezone times around the world including server default UTC time. So its very easy to figure out your server times using mytimes while leaving server on UTC defaults
    Code (Text):
    mytimes
    Wed Nov  2 22:20:38 UTC 2016    [UTC]
    Thu Nov  3 08:20:38 AEST 2016   [Australia/Brisbane]
    Wed Nov  2 15:20:38 PDT 2016    [America/Los_Angeles]
    Wed Nov  2 17:20:38 CDT 2016    [America/Chicago]
    Wed Nov  2 18:20:38 EDT 2016    [America/New_York]
    Wed Nov  2 18:20:38 EDT 2016    [America/Montreal]
    Wed Nov  2 22:20:38 GMT 2016    [Europe/London]
    Wed Nov  2 23:20:38 CET 2016    [Europe/Berlin]
    Thu Nov  3 05:20:39 ICT 2016    [Asia/Bangkok]
    Thu Nov  3 05:20:39 ICT 2016    [Asia/Ho_Chi_Minh]
    Thu Nov  3 05:20:39 WIB 2016    [Asia/Jakarta]
    Thu Nov  3 06:20:39 MYT 2016    [Asia/Kuala_Lumpur]
    Thu Nov  3 06:20:39 SGT 2016    [Asia/Singapore]
    

    Centmin Mod 123.09beta01 installs also take care of swap file creation if missing.
     
    Last edited: Nov 3, 2016
  6. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    Thanks for your answer. I'm familiar with using DO initial server setup and installing the additional recommended steps but I will do that after installing centminmod only or after installing it and following the getting started points too.

    So I will ignore these steps as it's already in centminmod, and follow only this tutorial.

    Sorry for asking you many questions but I started self learning of linux two months ago after using managed servers with many web hosting provider and using cPanel/WHM for more than 5 years so I decided to manage my own server. Which company do you suggest to use ?, I'm using DO and I think it's the best, may be you have another point of view.

    Thank you very much...
     
  8. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    beginner wise, DigitalOcean is good as there's alot of tutorials out there and snapshot system allows you to install centos, make a snapshot, install centmin mod, make a snapshot, do whatever and if mess up, revert to previous good snapshot and try again. Makes learning easy as no fear of messing up - especially if you do a test site/server first before moving a live site to DO and Centmin Mod.
     
  9. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    Thanks a lot but what is your answer regarding this point :

    I'm familiar with using DO initial server setup and installing the additional recommended steps but I will do that after installing centminmod only or after installing it and following the getting started points too.
     
  10. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    centmin mod first and getting started guide

    then anything afterwards
     
  11. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    can you tell me how to make sure that the cron update every 6 hours of my server is installed correctly and running every 6 hrs ?

    Thanks
     
  12. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    check your cron log at /var/log/cron which logs cronjob runs

    FAQ item 19 has list of logs

    example the centmin mod default cminfo_updater cronjob check /var/log/cron with grep filter on cminfo_updater and use tail to list last 10 lines of /var/log/cron

    runs every 4 minutes
    Code (Text):
    grep 'cminfo_updater' /var/log/cron | tail -10
    Nov  3 00:32:01 hostname CROND[2382]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 00:36:01 hostname CROND[3999]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 00:40:01 hostname CROND[5309]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 00:44:01 hostname CROND[6952]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 00:48:01 hostname CROND[8762]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 00:52:01 hostname CROND[10998]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 00:56:01 hostname CROND[12607]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 01:00:01 hostname CROND[13239]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 01:04:01 hostname CROND[15828]: (root) CMD (/usr/bin/cminfo_updater)
    Nov  3 01:08:01 hostname CROND[17433]: (root) CMD (/usr/bin/cminfo_updater)

    use crontab -l to list cronjobs and grep to filter search for specific cronjob i.e. cminfo_updater
    Code (Text):
    crontab -l | grep cminfo_updater
    */4 * * * * /usr/bin/cminfo_updater
     
  13. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    Hi, regarding open_basedir restrictions which may cause error to xenforo, I found the line mentioned has "#" before it so no need for this point correct ?? or should I remove the "#" ?thanks
     
  14. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    if hash # in front means it's disabled/commented out already so nothing to do
     
  15. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    regarding the friendly URLs of xenforo, I added the official nginx conf. to my configuration file with changing the path for sure. And then I will add centminmod configuration listed here to the same file but i will change the IP.. to my static IP ?? what do you mean by my static IP ?? my pub server IP ?

    AM I correct ?
     
  16. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  17. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    hi

    when I added the info below to my conf file(at the end of the file) my forum down "cant find server" :
    Code:
    location / {
                index index.php index.html index.htm;
                try_files $uri $uri/ /index.php?$uri&$args;
           
            }
     
            location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow my ISP ip;
            deny all;
            }
    
            location /library/ {
            internal;
            allow 127.0.0.1;
            allow my ISP ip;
            deny all;
            }
    and when I tried to restart nginx I got this error :

    Restarting nginx (via systemctl): Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
    [FAILED]
     
  18. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    also what's output of
    Code (Text):
    nginx -t
     
  19. dooma

    dooma Active Member

    326
    34
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +49
    Local Time:
    9:16 AM
    The Outputs are :

    Code (Text):
    cat /usr/local/nginx/conf/conf.d/mydomain.com.conf
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name mydomain.com;
    #            return 301 $scheme://www.mydomain.com$request_uri;
    #       }
    
    server {
    
      server_name mydomain.com www.mydomain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.com/autoprotect-mydomain.com.conf;
      root /home/nginx/domains/mydomain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      #location ~ (?:^|/)\. {
      # deny all;
      #}
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    location / {
                index index.php index.html index.htm;
                try_files $uri $uri/ /index.php?$uri&$args;
    
            }
    
            location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow my ISP ip;
            deny all;
            }
    
            location /library/ {
            internal;
            allow 127.0.0.1;
            allow my ISP ip;
            deny all;
            }
    

    ------------------
    Code (Text):
    cat /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name mydomin.com www.mydomain.com;
    #       return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl http2;
      server_name mydomian.com www.mydomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomaint.com/mydomain.com-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.com/autoprotect-mydomain.com.conf;
      root /home/nginx/domains/mydomain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      #location ~ (?:^|/)\. {
      # deny all;
      #}
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    --------------
    Code (Text):
    nginx -t
    nginx: [emerg] "location" directive is not allowed here in /usr/local/nginx/conf/conf.d/mysite.com.conf:69
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    
    
     
  20. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    5:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    there's your problem the location context for web root / is duplicated and the xenforo location contexts are outside of the server{} context. If you look at example at Nginx Rewrites for Xenforo Friendly Urls - CentminMod.com LEMP Nginx web stack for CentOS at bottom you can see that

    you replace this part
    Code (Text):
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }

    with
    Code (Text):
    location / {
               index index.php index.html index.htm;
                try_files $uri $uri/ /index.php?$uri&$args;
    
            }
    

    And right after location /, you place these parts so they are within the most outer server{} context brackets which embrace the whole nginx vhost file - comment out ISP ip static if you don't have static ISP ip
    Code (Text):
           location /internal_data/ {
            internal;
            allow 127.0.0.1;
            #allow my ISP ip;
            deny all;
            }
    
            location /library/ {
            internal;
            allow 127.0.0.1;
            #allow my ISP ip;
            deny all;
            }