Discover Centmin Mod today
Register Now

Dumb question: does anyone use Centmin MOD to run real websites with heavy traffic?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by enginerev, Feb 1, 2020.

  1. enginerev

    enginerev New Member

    13
    2
    3
    Apr 11, 2018
    Ratings:
    +2
    Local Time:
    1:57 PM
    Apologies for what might seem a dumb question...
    Do people run REAL websites using Centmin MOD?
    Like ecommerce websites, using Wordpress? Or other mission critical websites?
    Like heavy websites that have 100,000 visitors a month?

    Another dumb question: what is the security like compared to standard hosting companies?
    My worst fear was jumping into the unknown!

    I stumbled upon Centmin a 1-2 years ago. I was ready to give it a go.
    But then... I got scared... thinking there would be a steep learning curve + high risk of being hacked into and losing all websites for days on end.

    Yet another dumb question: Do I need to spend hours and hours managing my server? Or is it once setup... things go OK 99.99% of the time? Maybe apply a security patch or something... apart from that, all is OK?

    EDIT: something else that is quite important... SSL. How do you cope with this? Is there a free no hassle way of getting SSL?

    I recently got screwed by my hosting company and realised I have been paying them zillions over the years. I want to give Centmin MOD a go now.

    I'm OK with anythinng technical and am happy to spend 1 whole day to set everything up.
    Or... do I need more time?

    Thanks.
     
    Last edited: Feb 1, 2020
  2. eva2000

    eva2000 Administrator Staff Member

    44,517
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    10:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Centmin Mod security or critical bug updates, I will always try to keep Centmin Mod users informed via forum news mailings, Twitter and Facebook social media accounts etc. So you're already on the right step signing up for this forum :)

    1. Centmin Mod LEMP stack runs some of the largest web sites and forums on the internet including Alexa Top 10,000 to Top 100,000 sites and forums with 30+ million visitors per month. It also runs at least 10% of all the largest Xenforo forums online https://community.centminmod.com/th...p-powers-10-of-xenforos-largest-forums.16435/ as well as some of largest vBulletin and Invision Board forums some have 60,000 concurrent members online at a time. Some Adult content web sites also use Centmin Mod reportedly pushing 1 million visitors per day https://community.centminmod.com/th...idth-requests-are-served-by-cloudflare.15149/ ! centminmod.com and this forum naturally run Centmin Mod too :) Also some web hosts actually use Centmin Mod for their business frontend site as well :)

    As such Centmin Mod is developed to scale and perform (of course server hardware(s) matter too). See how it compares to other Nginx stacks

    2. Security question has been asked before - see https://community.centminmod.com/threads/question-how-to-secure-a-cmm-install.14673/. I run 160+ servers using Centmin Mod LEMP stack and not one has been hacked and there's approximately 1,500 to 3,000 new installs per month. Centmin Mod is secure out of the box, but yes inexperience from end users could introduce potential compromise from both server end and your own local pc end - some steps outlined at https://community.centminmod.com/threads/protect-root-user-over-ssh.7123/#post-30297 i.e. avoid using unprotected wifi internet connections and securing your services/emails via 2FA. Remedy for this inexperience is outlined at https://community.centminmod.com/threads/guide-to-learning-more-about-centmin-mod.10838/ - that is only test Centmin Mod on a test VPS before going live with production web site. Learn the ropes and get comfortable with Centmin Mod LEMP stack before hand. That way you can learn without fear of messing up.

    3. Centmin Mod won't be set and forget - you'll need to keep it up to date. Just look at PHP update notices I put out in Centmin Mod News forum https://community.centminmod.com/forums/centmin-mod-news.3/ and Insight sticky thread at https://community.centminmod.com/threads/how-to-keep-informed-of-centmin-mod-related-updates.11443/. Yes can be overwhelming, but there's advantages too i.e. PHP 7.4.2 upstream introduced a bug which would prevent Wordpress logins due to a cookie bug. Fix isn't available until next PHP 7.4.3 release. However, Centmin Mod 123.09beta01 and newer already have backported patch fix in PHP 7.4.2 https://community.centminmod.com/th...ed-php-7-1-33-7-0-33-5-6-40.19065/#post-81237. This can be done because Nginx and PHP are sourced compiled rather than via YUM installs. So i can patch Nginx and PHP-FPM on the fly when required.

    4. SSL/HTTPS - Centmin Mod 123.09beta01 Nginx supports HTTP/2 HTTPS with OpenSSL 1.1.1 and TLSv1.3 and also free Letsencrypt SSL certificate auto issuance on centmin.sh menu option 2, 22 or nv command lines. You can see how I installed Wordpress with Nginx HTTP/2 HTTPS and Letsencrypt + Cloudflare on my blog at https://servermanager.guide/122/how-to-install-wordpress-on-centmin-mod-lemp-stack-guide/ using Centmin Mod 123.09beta01.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 but ensuring you set LETSENCRYPT_DETECT='y' in persistent config file created at /etc/centminmod/custom_config.inc before you run centmin.sh menu option 2 or 22 for wordpress. You can do that using command below - only need to do this step once and every subsequent run of centmin.sh menu option 2 or 22 will have letsencrypt ssl certificate support enabled
    Code (Text):
    # enable letsencrypt ssl certificate integration https://centminmod.com/acmetool/
    touch /etc/centminmod/custom_config.inc
    echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
    


    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    Time is relative to your experience and how much reading you do. As I always say, you only get as much out of something as the effort you put in :)

    I'd remind you of my remind post to your intro thread with lots of juicy info to start with at https://community.centminmod.com/threads/newbie-just-registered.14509/#post-62253

    There's 2 quick install guides too

    1. quick https://community.centminmod.com/th...-nginx-vhost-site-mysql-database-setup.13602/
    2. advanced https://servermanager.guide/117/centmin-mod-advanced-customised-installation-guide/
     
  3. eva2000

    eva2000 Administrator Staff Member

    44,517
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    10:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  4. Subha Pal

    Subha Pal New Member

    9
    2
    3
    Jul 9, 2018
    Ratings:
    +5
    Local Time:
    6:27 PM
    Let me give you answer ....

    1. Do people run REAL websites using Centmin MOD?
    Like ecommerce websites, using Wordpress? Or other mission critical websites?
    Like heavy websites that have 100,000 visitors a month?


    I personally use centminmod for my all websites. I used this stack almost over a years. Before switching to centminmod, I had used some other similar kind of script and GUI control panel like easyengine, serverpilot, runcloud and vestacp. None of them give such smooth performance like centminmod. I have few websites which got over 100k traffic/ month, which are run on centminmod.
    So, definitely centminmod is able to handle most of the situations.

    2. what is the security like compared to standard hosting companies?

    I have used few shared hosting, so I don't have much knowledge regarding security in standard hosting. Just 2 years back, I was used vestacp for all my sites, suddenly got a mail from Digital Ocean that my account had been suspended due to DDoS attack perform from my account. Later, I came to know that some security problems occures in vestacp. All DO+Vestacp account user had been suspended. Till now I didn't face any such security problem in centminmod. By the way I used all mazor VPS provider like AWS, DO, Upcloud and Linode.

    3. Do I need to spend hours and hours managing my server? Or is it once setup... things go OK 99.99% of the time?

    I personally don't think so. Once in a week I logged in my server and check for update and some server logs thats all. Few technical things are there, but centminmod documentation is just awesome.
     
  5. robert syputa

    robert syputa Member

    77
    18
    8
    Jan 18, 2018
    Seattle
    Ratings:
    +45
    Local Time:
    8:57 AM
    latest
    10
    Subha Pal's response sheds light on where Centminmod fits: it requires initial setup and maintenance but what it gains over a hosted service is far more control.

    I had used hosted services several years ago. The claim is these are easy to set up and you do not have to worry about security and server maintenance. The reality is that all servers are subject to security attack, incompatibilities, OS upgrade glitches, host virtualization problems, etc. The more a server is shared, the more chances there are that one of them is running in a way that opens up the host server to broader attack or that abuses the server enough to impact the level of service others receive. Some hosts do not take the time to look at the server logs or figure out how security was breached or how one or more clients are being used for spam or have been taken over to take part in DDOS or other attacks. Hosted services have been known to shut down service that was not the cause of the breach.

    Centminmod has good security but the actions of the host, which is you can circumvent all security.

    What you gain: Control which ultimately leads to less problems and time spent once you gain the experience and use of centminmod help resources. The or among the highest levels of performance for Wordpress hosting. Reasonably 'leading edge' upgrades... while the envelop is always being pushed forward, Centminmod upgrades when new versions are stable. User contributions have included extension of CM to include email server as an example. This can open up a server to spam abuse, DDOS. That can lead to the banning of the VPS but that would be on the shoulders of the user, not CM itself.

    The question boils down to 'are you ready to manage your own servers? If not now, do you wish to take the time and effort to get over the learning curve? I think CM is very well organized and with enough help resources found here that the learning curve is very reasonable.

    If you are willing to put in the work to get over the initial hurdle, go for it..
     
  6. ndha

    ndha Member

    82
    10
    8
    Sep 28, 2014
    Ratings:
    +29
    Local Time:
    7:57 PM
    Latest
    10
    Hi...
    Using Centmin for wordpress sites with 300 to 4K users online..
    Minimum VPS Spec from 2GB Ram 2 Shared Cores to 8GB Ram 2 Dedicated Cores..
    So far Centmin the best LEMP Stack i'd ever use with Nginx + Redis..
     
  7. skringjer

    skringjer Member

    139
    15
    18
    Apr 21, 2019
    Ratings:
    +29
    Local Time:
    5:57 PM
    This is the best thing you can get your hands on, running a big enough site, had faced thousand of issues with other panels, but Centmin is awesome. The support, the updates, the community and our @eva2000 does magic :)
     
  8. enginerev

    enginerev New Member

    13
    2
    3
    Apr 11, 2018
    Ratings:
    +2
    Local Time:
    1:57 PM
    @eva2000 thanks for the awesome reply.
    (I did actually look up my old post after posting... but left my new post anyway)

    @Subha Pal @robert syputa @ndha @skringjer thanks for all inputs as well.
    I feel inspired a lot more.

    I really want to take up using CM now so much more thanks to all the replies.
    I'm definitely going to invest time and effort.
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,517
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    10:57 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x