Want more timely Centmin Mod News Updates?
Become a Member

Wordpress Few questions about caching methods and secure servers with Centminmod

Discussion in 'Blogs & CMS usage' started by David, Mar 29, 2019.

Tags:
  1. David

    David New Member

    7
    1
    3
    Mar 29, 2019
    Ratings:
    +1
    Local Time:
    8:05 AM
    So hello,

    Noob here. I have a few questions about the caching method of Centminmod & how to secure the servers with Centminmod.

    So I have read on the resources page about how to set up a server with Centminmod and secure it, still I want to clear a few things up, please help.

    1. With the KeyCDN Cache Enabler caching method provided with option 22, do I need to enable ZendOpcache & Memcached (They can work together according to this, right? https://community.centminmod.com/threads/what-is-the-best-and-fastest-cache-for-wp.14789/ ) or is it installed by default? If yes do I need to add further configurations?

    2. I read a few articles on the web and most of them rate APC Cache above Memcache? What is your recommendations for Centminmod?

    3. Besides setting automatic nightly YUM updates, install Maldet + ClamAV, and default Centminmod security features, what can I should/need to do to secure a server? Here are what I do for every VPSs with other shell scripts:
    • Set up automatic updates
    • Change SSHD port
    • Add SSH keys & disable password access
    • Setup a firewall (default Centminmod's CSF is enough, right?)
    • Install fail2ban (If I'm not wrong CSF also has something similar to this)
    Thanks for reading!
     
  2. eva2000

    eva2000 Administrator Staff Member

    39,816
    8,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,517
    Local Time:
    11:05 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Zend Opcache is enabled by default you can verify using these 2 commands for php version and checking if Zend Opcache is loaded
    Code (Text):
    php -v
    php --ri 'Zend Opcache'

    Code (Text):
    php -v
    PHP 7.2.16 (cli) (built: Mar 25 2019 04:02:10) ( NTS )
    Copyright (c) 1997-2018 The PHP Group
    Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
        with Zend OPcache v7.2.16, Copyright (c) 1999-2018, by Zend Technologies
    

    this next command displays same output as a phpinfo php page would just for a specific php extension that is loaded. You can replace 'Zend opcache' with the name of php extension you want to check is loaded/installed or not

    listing shows 224MB memory allocated to Zend Opcache via opcache.memory_consumption setting
    Code (Text):
    php --ri 'Zend opcache'
    
    Zend OPcache
    
    Opcode Caching => Disabled
    Optimization => Disabled
    SHM Cache => Enabled
    File Cache => Disabled
    Startup Failed => Opcode Caching is disabled for CLI
    
    Directive => Local Value => Master Value
    opcache.enable => On => On
    opcache.use_cwd => On => On
    opcache.validate_timestamps => On => On
    opcache.validate_permission => Off => Off
    opcache.validate_root => Off => Off
    opcache.inherited_hack => On => On
    opcache.dups_fix => Off => Off
    opcache.revalidate_path => Off => Off
    opcache.log_verbosity_level => 1 => 1
    opcache.memory_consumption => 224 => 224
    opcache.interned_strings_buffer => 8 => 8
    opcache.max_accelerated_files => 65407 => 65407
    opcache.max_wasted_percentage => 5 => 5
    opcache.consistency_checks => 0 => 0
    opcache.force_restart_timeout => 180 => 180
    opcache.revalidate_freq => 180 => 180
    opcache.file_update_protection => 2 => 2
    opcache.preferred_memory_model => no value => no value
    opcache.blacklist_filename => no value => no value
    opcache.max_file_size => 0 => 0
    opcache.protect_memory => 0 => 0
    opcache.save_comments => 1 => 1
    opcache.optimization_level => 0x7FFFBFFF => 0x7FFFBFFF
    opcache.opt_debug_level => 0 => 0
    opcache.enable_file_override => On => On
    opcache.enable_cli => Off => Off
    opcache.error_log => no value => no value
    opcache.restrict_api => no value => no value
    opcache.lockfile_path => /tmp => /tmp
    opcache.file_cache => no value => no value
    opcache.file_cache_only => 0 => 0
    opcache.file_cache_consistency_checks => 1 => 1
    opcache.huge_code_pages => Off => Off
    

    for checking memcache and memcached PHP extensions
    Code (Text):
    php --ri memcache
    php --ri memcached
    

    Code (Text):
    php --ri memcache
    
    memcache
    
    memcache support => enabled
    Version => 4.0.2
    Revision => $Revision$
    
    Directive => Local Value => Master Value
    memcache.allow_failover => 1 => 1
    memcache.max_failover_attempts => 20 => 20
    memcache.default_port => 11211 => 11211
    memcache.chunk_size => 32768 => 32768
    memcache.protocol => ascii => ascii
    memcache.hash_strategy => consistent => consistent
    memcache.hash_function => crc32 => crc32
    memcache.redundancy => 1 => 1
    memcache.session_redundancy => 2 => 2
    memcache.compress_threshold => 20000 => 20000
    memcache.lock_timeout => 15 => 15
    memcache.session_prefix_host_key => 0 => 0
    memcache.session_prefix_host_key_remove_www => 1 => 1
    memcache.session_prefix_host_key_remove_subdomain => 0 => 0
    memcache.session_prefix_static_key => no value => no value
    memcache.session_save_path => no value => no value
    memcache.prefix_host_key => 0 => 0
    memcache.prefix_host_key_remove_www => 1 => 1
    memcache.prefix_host_key_remove_subdomain => 0 => 0
    memcache.prefix_static_key => no value => no value
    

    Code (Text):
    php --ri memcached
    
    memcached
    
    memcached support => enabled
    Version => 3.1.3
    libmemcached version => 1.0.16
    SASL support => yes
    Session support => yes
    igbinary support => no
    json support => yes
    msgpack support => no
    
    Directive => Local Value => Master Value
    memcached.sess_locking => On => On
    memcached.sess_lock_wait_min => 150 => 150
    memcached.sess_lock_wait_max => 150 => 150
    memcached.sess_lock_retries => 5 => 5
    memcached.sess_lock_expire => 0 => 0
    memcached.sess_binary_protocol => Off => Off
    memcached.sess_consistent_hash => Off => Off
    memcached.sess_consistent_hash_type => ketama => ketama
    memcached.sess_number_of_replicas => 0 => 0
    memcached.sess_randomize_replica_read => Off => Off
    memcached.sess_remove_failed_servers => Off => Off
    memcached.sess_server_failure_limit => 0 => 0
    memcached.sess_connect_timeout => 3000 => 3000
    memcached.sess_sasl_username => no value => no value
    memcached.sess_sasl_password => no value => no value
    memcached.sess_persistent => Off => Off
    memcached.sess_prefix => memc.sess.key. => memc.sess.key.
    memcached.sess_lock_wait => not set => not set
    memcached.sess_lock_max_wait => not set => not set
    memcached.compression_type => fastlz => fastlz
    memcached.compression_factor => 1.3 => 1.3
    memcached.compression_threshold => 2000 => 2000
    memcached.serializer => php => php
    memcached.store_retry_count => 2 => 2
    memcached.default_consistent_hash => Off => Off
    memcached.default_binary_protocol => Off => Off
    memcached.default_connect_timeout => 0 => 0
    

    checking if memcached server is running
    Code (Text):
    service memcached status
    

    output
    Code (Text):
    service memcached status
    Memcached server is running 
    

    or filter grep the process list output for memcached - if blank output returns, that means memcached server not running
    Code (Text):
    ps aufxw | grep memcached | grep -v grep

    output
    Code (Text):
    ps aufxw | grep memcached | grep -v grep
    memcach+  3275  0.0  0.0 449776  1728 ?        Ssl  Mar25   1:22 /usr/local/bin/memcached -d -m 8 -l 127.0.0.1 -p 11211 -c 2048 -b 2048 -R 200 -t 4 -n 72 -f 1.25 -u memcached -o modern -P /var/run/memcached/memcached1.pid
    

    more details on Centmin Mod's memcached server on official site at https://centminmod.com/memcached.html i.e. how to change memory size allocation to memcached server etc.

    for adjusting Zend Opcache memory allocation add a custom php .ini settings file instead of editing php.ini directly as explained at https://centminmod.com/phpfpm.html#customphpini

    use command php --ini to list all the custom .ini settings files first
    Code (Text):
    php --ini
    Configuration File (php.ini) Path: /usr/local/lib
    Loaded Configuration File:         /usr/local/lib/php.ini
    Scan for additional .ini files in: /etc/centminmod/php.d
    Additional .ini files parsed:      /etc/centminmod/php.d/a_customphp.ini,
    /etc/centminmod/php.d/curlcainfo.ini,
    /etc/centminmod/php.d/fileinfo.ini,
    /etc/centminmod/php.d/geoip.ini,
    /etc/centminmod/php.d/igbinary.ini,
    /etc/centminmod/php.d/imagick.ini,
    /etc/centminmod/php.d/mailparse.ini,
    /etc/centminmod/php.d/mcrypt.ini,
    /etc/centminmod/php.d/memcache.ini,
    /etc/centminmod/php.d/memcached.ini,
    /etc/centminmod/php.d/redis.ini,
    /etc/centminmod/php.d/zendopcache.ini
    

    Then as the order of .ini loaded is alphabetically, custom ini files need to be after the existing default

    for Zend Opcache and memcached stats pages see in Centmin Mod Insight's forum sticky thread at https://community.centminmod.com/threads/php-opcode-and-memcached-statistics-pages.1513/ so to override settings in /etc/centminmod/php.d/zendopcache.ini, create a new ini file named /etc/centminmod/php.d/z-zendopcache.ini

    here i piped in opcache.memory_consumption with 256MB memory allocated to Zend Opcache into /etc/centminmod/php.d/zz-zendopcache.ini settings file
    Code (Text):
    echo 'opcache.memory_consumption=256' > /etc/centminmod/php.d/zz-zendopcache.ini
    

    which is listed after default zendopcache.ini
    Code (Text):
    php --ini
    Configuration File (php.ini) Path: /usr/local/lib
    Loaded Configuration File:         /usr/local/lib/php.ini
    Scan for additional .ini files in: /etc/centminmod/php.d
    Additional .ini files parsed:      /etc/centminmod/php.d/a_customphp.ini,
    /etc/centminmod/php.d/curlcainfo.ini,
    /etc/centminmod/php.d/fileinfo.ini,
    /etc/centminmod/php.d/geoip.ini,
    /etc/centminmod/php.d/igbinary.ini,
    /etc/centminmod/php.d/imagick.ini,
    /etc/centminmod/php.d/mailparse.ini,
    /etc/centminmod/php.d/mcrypt.ini,
    /etc/centminmod/php.d/memcache.ini,
    /etc/centminmod/php.d/memcached.ini,
    /etc/centminmod/php.d/redis.ini,
    /etc/centminmod/php.d/zendopcache.ini,
    /etc/centminmod/php.d/zz-zendopcache.ini
    

    then restart php-fpm service
    Code (Text):
    service php-fpm restart

    or via command shortcut
    Code (Text):
    fpmrestart


    Zend Opcache is fastest so ignore APC Cache for opcode caching. For data caching it's between Redis and Memcached server caching if your web app supports it. You can have Zend Opcache working for PHP opcode cachinge + either Memcached or Redis caching for data caching.

    In context of Wordpress via centmin.sh menu option 22, also there's additional security setups like autoprotect.sh and wp plugin whitelisting outlined at https://community.centminmod.com/threads/wordpress-403-permission-denied-errors.11215/

    But yes CSF Firewall is installed by default and has features for brute force SSHD protection and login failure so fail2ban isn't required to protect SSHD port at least see https://centminmod.com/csf_firewall.html

    change SSHD port can be done via centmin.sh menu option 16 which first asks you for default SSHD port number which is 22, then asks what is the desired new SSHD port number
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com     
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 
    

    as to updates etc as outlined in welcome reply post at https://community.centminmod.com/threads/im-new-to-centminmod.17050/#post-72192 see keep track of Centmin Mod installed software updates

    and same welcome post reply's section for
    maybe start with bad bot block/rate limiting, enabling CSF firewall blocklist/advance block lists and nginx general rate limiting if you need it though centmin.sh menu option 22 already by default does rate limiting for key wordpress urls see https://community.centminmod.com/th...l-vs-centmin-sh-menu-option-22-install.15435/
     
  3. David

    David New Member

    7
    1
    3
    Mar 29, 2019
    Ratings:
    +1
    Local Time:
    8:05 AM
    @eva2000 For Wordpress I need to use plugins like W3 Total Cache or WP-FFPC to make it work, right?

     
  4. eva2000

    eva2000 Administrator Staff Member

    39,816
    8,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,517
    Local Time:
    11:05 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  5. David

    David New Member

    7
    1
    3
    Mar 29, 2019
    Ratings:
    +1
    Local Time:
    8:05 AM
    Oh sorry, my bad my bad :facepalm:, I didn't mean Wordpress only. I meant to make Memcached work with Wordpress do I need to use W3 Total Cache or WP-FFPC? Also can I use Cache Enabler and Memcached together, like the first is for full page caching and the latter is for data caching https://community.centminmod.com/threads/what-is-the-best-and-fastest-cache-for-wp.14789/#post-63387
     
    Last edited: Apr 1, 2019
  6. eva2000

    eva2000 Administrator Staff Member

    39,816
    8,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,517
    Local Time:
    11:05 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    no you don't need those wordpress plugins for memcached nor do you need memcached if you choose cache enable + autoptimize for performance.
    you don't need memcached for data caching as cache enabler/redis nginx level cache/wp super cache options for full page cache replaces memcached data caching purpose
     
    • Like Like x 1
  7. David

    David New Member

    7
    1
    3
    Mar 29, 2019
    Ratings:
    +1
    Local Time:
    8:05 AM
    Thank you so muchh for the clarification. I spent Sunday for setting up a test server and playing around with Centminmod. So far so good.

    I'm a bit confused with the Zend OPCache. In your post, you said that Zend Opcache is enabled by default but in the output, it says the Opcode Caching is disabled. Same in my output. I don't know if the cache is working. If not, what should I enable?

    Code (Text):
    Opcode Caching => Disabled
    Optimization => Disabled
    SHM Cache => Enabled
    File Cache => Disabled
    Startup Failed => Opcode Caching is disabled for CLI
    
     
  8. eva2000

    eva2000 Administrator Staff Member

    39,816
    8,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,517
    Local Time:
    11:05 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Zend Opcache operates on php and php command line. When you run via SSH the command you are testing Zend Opcache command line cache and that is disabled. But when you run non-command line i.e. your normal PHP script usage, Zend Opcache is enabled
     
  9. David

    David New Member

    7
    1
    3
    Mar 29, 2019
    Ratings:
    +1
    Local Time:
    8:05 AM
    Thanks man!
     
..