Join the community today
Register Now

Install Nginx First Install - Xenforo running - but got some questions

Discussion in 'Install & Upgrades or Pre-Install Questions' started by hazehs, Jul 27, 2020.

  1. hazehs

    hazehs New Member

    19
    1
    3
    Jul 18, 2020
    Ratings:
    +5
    Local Time:
    8:56 AM
    NGINX 1.18
    MariaDB 10.4
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 6 32bit or 64bit / CentOS 7 64bit ?
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.19.1
    • PHP Version Installed: 7.3.x
    • MariaDB MySQL Version Installed: 10.2.xx
    • When was last time updated Centmin Mod code base ? :
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command:
      Code (Text):
      NGINX_SSLCACHE_ALLOWOVERRIDE='y'
      SET_DEFAULT_MYSQLCHARSET='utf8mb4'
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      PHP_PGO='y'
      PHP_LZFOUR='y'
      PHP_LZF='y'
      PHP_ZSTD='y'
      DUALCERTS='y'
      LETSENCRYPT_DETECT='y'
      ###############################################################
      # Cloudflare DNS API for DNS Mode
      # https://github.com/Neilpang/acme.sh/tree/master/dnsapi
      # login to your Cloudflare account to get your API Key in
      # My Settings section of your account
      # to ensure these settings persist DO NOT change them in this
      # script but set these variables in persistent config file at
      # /etc/centminmod/acmetoool-config.ini
      # set to CF_DNSAPI='y' and fill in CF_KEY and CF_EMAIL settings
      CF_DNSAPI='y'
      CF_KEY=''
      CF_EMAIL=''
      ###############################################################
      AUDITD_ENABLE='y'
      


    So. First of all thanks for the stack. I was long time affraid off it, cause there are so many informations, but so far it is working good. My problem was that i cant do http01 challenge cause the dns is not pointing on my ip.
    So first off all:
    Is it possible to disable the main host? Im afraid about leaking my ip through the hostname.

    Second: Caching for Xenforo: I got still a small forum but it is growing. 120-150 Member. Should i stay for Redis or Memcached ?

    Last one: Firewall: Im only using the 443/80 Port for Web at outgoing service. And i need to only allow to access my Reverse proxys provider ip (ip, proxy ip).
    SSH i would open for my static IP. I dont understand CSF so far..

    Thanks for Help and Regards!
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,780
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    6:56 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    http-01 challenge is web root authentication it validates based on a generated file at yourdomain.com/.well-known/* So the only requirement DNS wise is you're pointing your www and non-www domain DNS A ipv4 and if applicable DNS AAAA ipv6 IP addresses to Centmin Mod server IP and if you're behind Cloudflare that should still work as validation is looking for yourdomain.com/.well-known/* generated file and you should be able to get to that.

    Make sure you have not used main hostname domain as your xenforo domain, they need to be separate as per Getting Started Guide step 1 and 2 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS

    From the Getting Started Guide summary
    So you want to install xenfor on the newdomain.com and not main hostname.newdomain.com you setup in step 1.

    Redis is better
    You can read up on how to whitelist an IP address at CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS
     
  3. eva2000

    eva2000 Administrator Staff Member

    44,780
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    6:56 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x