Get the most out of your Centmin Mod LEMP stack
Become a Member

Featured CentOS 7.x How to help test .08 CentOS 7 Betas with Github code ?

Discussion in 'Beta release code' started by eva2000, Jul 11, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you're welcome

    finally should be fixed real fix for disabling NGINX_VHOSTSTAT=n on fresh installs · centminmod/centminmod@a305f86 · GitHub + fix NGINX_VHOSTSTATS=n minor correction · centminmod/centminmod@4822963 · GitHub

    edit: tested confirmed fixed

     
    Last edited: Jun 20, 2015
  2. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Don't forget guys very easy to setup cronjob to auto update centmin mod .08 beta03+ and higher as outlined here Beta Branch - Cronjob Auto Updating Centmin Mod .08 beta03 How To Guide | Centmin Mod Community :)

    I'd probably set it to update every 2hrs to be safe heh

    latest working .08 beta 03 run via the curl one liner Centmin Mod installation on CentOS 6.6 OpenVZ VPS

    Code:
    curl -sL http://centminmod.com/betainstaller.sh | bash
    Code:
    ---------------------------------------------------------------------------
    Total Curl Installer YUM Time: 92.0033 seconds
    Total YUM Time: 43.166100082 seconds
    Total YUM + Source Download Time: 58.0522
    Total Nginx First Time Install Time: 135.9561
    Total PHP First Time Install Time: 130.5067
    Download Zip From Github Time: 4.1942
    Total Time Other eg. source compiles: 206.9870
    Total Centmin Mod Install Time: 531.5020
    ---------------------------------------------------------------------------
    Total Install Time (curl yum + cm install + zip download): 627.6995 seconds
    ---------------------------------------------------------------------------
    thinking about maybe by default on initial install, I should setup Centmin Mod via git clone so that the git environment is already setup by default + setup a cronjob automatically to auto update ?
     
    Last edited: Jun 20, 2015
  3. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Latest test for CentOS 7.1 64bit and OpenVZ of course CentOS 7.1 install is slower than on CentOS 6.6 seems curl yum time + php time were slower

    Code:
    ---------------------------------------------------------------------------
    Total Curl Installer YUM Time: 135.9944 seconds
    Total YUM Time: 49.504641906 seconds
    Total YUM + Source Download Time: 64.9064
    Total Nginx First Time Install Time: 127.3856
    Total PHP First Time Install Time: 163.4365
    Download Zip From Github Time: 3.7122
    Total Time Other eg. source compiles: 206.6278
    Total Centmin Mod Install Time: 562.3563
    ---------------------------------------------------------------------------
    Total Install Time (curl yum + cm install + zip download): 702.0629 seconds
    ---------------------------------------------------------------------------
    Code:
    *************************************************
    * Post-Install Check List....
    *************************************************
    
    --------------------------------------------------------
    Check ccache Version:
    --------------------------------------------------------
    ccache version 3.2.2
    
    Copyright (C) 2002-2007 Andrew Tridgell
    Copyright (C) 2009-2015 Joel Rosdahl
    
    This program is free software; you can redistribute it and/or modify it under
    the terms of the GNU General Public License as published by the Free Software
    Foundation; either version 3 of the License, or (at your option) any later
    version.
    
    --------------------------------------------------------
    Check Nginx Version:
    --------------------------------------------------------
    nginx version: nginx/1.9.2
    built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
    built with LibreSSL 2.2.0
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_secure_link_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../openresty-memc-nginx-module-1518da4 --add-module=../openresty-srcache-nginx-module-ffa9ab7 --add-module=../ngx_devel_kit-0.2.19 --add-module=../set-misc-nginx-module-0.28 --add-module=../echo-nginx-module-0.57 --add-module=../lua-nginx-module-0.9.16rc1 --add-module=../lua-upstream-nginx-module-0.02 --add-module=../lua-upstream-cache-nginx-module-0.1.1 --add-module=../nginx_upstream_check_module-0.3.0 --add-module=../nginx-module-vts --add-module=../headers-more-nginx-module-0.25 --with-openssl=../libressl-2.2.0 --with-libatomic --with-threads --with-stream --with-stream_ssl_module --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module --add-module=../ngx_pagespeed-release-1.9.32.3-beta
    
    --------------------------------------------------------
    Check PHP-FPM Version:
    --------------------------------------------------------
    PHP 5.4.42 (cli) (built: Jun 20 2015 15:25:26)
    Copyright (c) 1997-2014 The PHP Group
    Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
        with Zend OPcache v7.0.5, Copyright (c) 1999-2015, by Zend Technologies
    
    --------------------------------------------------------
    Check MariaDB installed RPM Versions:
    --------------------------------------------------------
    MariaDB-common-10.0.20-1.el7.centos.x86_64
    MariaDB-compat-10.0.20-1.el7.centos.x86_64
    MariaDB-client-10.0.20-1.el7.centos.x86_64
    MariaDB-shared-10.0.20-1.el7.centos.x86_64
    MariaDB-devel-10.0.20-1.el7.centos.x86_64
    MariaDB-server-10.0.20-1.el7.centos.x86_64
    
    --------------------------------------------------------
    Check Memcached Server Version:
    --------------------------------------------------------
    memcached 1.4.24
    
    --------------------------------------------------------
    Check CSF Firewall Version:
    --------------------------------------------------------
    csf: v7.69 (generic)
    
    --------------------------------------------------------
    Check Siege Benchmark Version:
    --------------------------------------------------------
    SIEGE 3.1.0
    
    Copyright (C) 2015 by Jeffrey Fulmer, et al.
    This is free software; see the source for copying conditions.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS
    FOR A PARTICULAR PURPOSE.
    
    
    --------------------------------------------------------
    Check ngx_pagespeed Control Script:
    http://centminmod.com/nginx_ngx_pagespeed.html
    --------------------------------------------------------
    pscontrol admin
    pscontrol handler
    pscontrol edit
    pscontrol on
    pscontrol off
    pscontrol statson
    pscontrol statsoff
    
    --------------------------------------------------------
    Check mysqlreport version:
    --------------------------------------------------------
    mysqlreport v3.5-maria11 Jul 4 2013
    
    --------------------------------------------------------
    Check NSD Bind Version:
    --------------------------------------------------------
    NSD version 3.2.18
    Written by NLnet Labs.
    
    Copyright (C) 2001-2011 NLnet Labs.  This is free software.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS
    FOR A PARTICULAR PURPOSE.
    
    --------------------------------------------------------
    Check pure-ftpd Version:
    --------------------------------------------------------
    pure-ftpd v1.0.36
    
    --------------------------------------------------------
    Check YUM Repo List
    --------------------------------------------------------
    Loaded plugins: fastestmirror, priorities
    Loading mirror speeds from cached hostfile
    * base: mirrors.cat.pdx.edu
    * epel: mirror.hmc.edu
    * extras: repos.lax.quadranet.com
    * rpmforge: mirror.webnx.com
    * updates: mirror.san.fastserv.com
    149 packages excluded due to repository priority protections
    repo id             repo name                                          status
    base/7/x86_64       CentOS-7 - Base                                    6710+1942
    epel/x86_64         Extra Packages for Enterprise Linux 7 - x86_64      7422+673
    extras/7/x86_64     CentOS-7 - Extras                                        128
    mariadb             MariaDB                                                 10+4
    rpmforge            RHEL 7 - RPMforge.net - dag                           164+81
    updates/7/x86_64    CentOS-7 - Updates                                   537+147
    vz-base             vz-base                                                    1
    vz-updates          vz-updates                                                 0
    repolist: 14972
    
    --------------------------------------------------------
    mytimes check:
    /usr/bin/mytimes
    --------------------------------------------------------
    Sat Jun 20 15:28:30 UTC 2015    [UTC]
    Sun Jun 21 01:28:30 AEST 2015   [Australia/Brisbane]
    Sat Jun 20 08:28:30 PDT 2015    [America/Los_Angeles]
    Sat Jun 20 10:28:30 CDT 2015    [America/Chicago]
    Sat Jun 20 11:28:30 EDT 2015    [America/New_York]
    Sat Jun 20 16:28:30 BST 2015    [Europe/London]
    --------------------------------------------------------
     
  4. Mask

    Mask Active Member

    108
    31
    28
    Nov 10, 2014
    Ratings:
    +37
    Local Time:
    11:03 PM
    Nginx 1.9.1
    MariaDB 10.0.19
  5. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah share your install times if you may.. always interesting to see how fast it is for others :)

    .08 stable is planned for end of June if we're lucky.. hence why you have seen me step up the commits :D
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Added a inc/customrpms.inc include file to support custom rpm installs add inc/customrpms.inc support + re2c rpm for CentOS 7 memcached PHP … · centminmod/centminmod@9cd42a1 · GitHub The first being re2c 0.14.3 rpm that I built as it's missing from EPEL 7 repo for CentOS7. It seems only CentOS 6 Epel repo has re2c yum package. It's needed for memcached PHP extension.

    Centos 6 EPEL re2c package
    Code:
    yum list re2c -q
    Available Packages
    re2c.x86_64                                                  0.13.5-1.el6                                                  epel
    CentOS 7 EPEL nothing
    Code:
    yum list re2c -q
    Error: No matching Packages to list
    On CentOS 7, memcached 2.2.0 PHP extension gives a warning

    before install custom re2c 0.14.3 rpm
    Code:
    checking for re2c... no
    configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
    
    after install custom re2c 0.14.3 rpm
    Code:
    checking for re2c... re2c
    checking for re2c version... 0.14.3 (ok)
    
    with CentOS 7 and custom re2c rpm installed = re2c-0.14.3-1.el7.x86_64.rpm
    Code:
    yum list re2c -q
    Installed Packages
    re2c.x86_64                                                 0.14.3-1                                                  installed
     
  7. Mask

    Mask Active Member

    108
    31
    28
    Nov 10, 2014
    Ratings:
    +37
    Local Time:
    11:03 PM
    Nginx 1.9.1
    MariaDB 10.0.19
    Updated a CMM beta 1 install to beta 3 and worked without any issue. (y)
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  9. Mask

    Mask Active Member

    108
    31
    28
    Nov 10, 2014
    Ratings:
    +37
    Local Time:
    11:03 PM
    Nginx 1.9.1
    MariaDB 10.0.19
  10. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah my work is never done ... :D
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    can anyone guess from below output what's coming next to centmin.sh menu option 2 ? ;)

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu             
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2, 5.5, 10, 10.1 Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Re-install ImageMagick PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 2
    --------------------------------------------------------
    
    Code:
    ---------------------------------------------
    Enter vhost domain name you want to add (without www. prefix): domain4.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: y
    
    Create FTP username for vhost domain (enter username): ftpssl4
    Do you want to auto generate FTP password (recommended) [y/n]: y
    
    FTP username you entered: ftpssl4
    FTP password auto generated: BTH2Psh33rJAYgb3bG2Xc
    
    Password:
    Enter it again:
    
    Code:
    ---------------------------------------------------------------
    SSL Vhost Setup...
    ---------------------------------------------------------------
    
    ---------------------------------------------------------------
    Generating self signed SSL certificate...
    Generating a 2048 bit RSA private key
    ..............................+++
    .................................................+++
    writing new private key to 'domain4.com.key'
    -----
    Signature ok
    subject=/C=US/ST=Los Angeles/L=California/O=domain4.com/CN=domain4.com
    Getting Private key
    ---------------------------------------------------------------
    Generating dhparam.pem file - can take a few minutes...
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .............+......................................................................................................................................................................................+..........................................................................................................................................................................+...................++*++*
    
    -------------------------------------------------------------
    service nginx reload
    Reloading nginx configuration (via systemctl):  [  OK  ]
    systemctl restart pure-ftpd.service
    
    Code:
    -------------------------------------------------------------
    FTP hostname : ipaddress
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for domain4.com : ftpssl4
    FTP password created for domain4.com : BTH2Psh33rJAYgb3bG2Xc
    -------------------------------------------------------------
    
    Code:
    vhost for domain4.com created successfully
    domain: http://domain4.com
    vhost conf file for domain4.com created: /usr/local/nginx/conf/conf.d/domain4.com.conf
    
    vhost ssl for domain4.com created successfully
    domain: https://domain4.com
    vhost ssl conf file for domain4.com created: /usr/local/nginx/conf/conf.d/domain4.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    
    upload files to /home/nginx/domains/domain4.com/public
    vhost log files directory is /home/nginx/domains/domain4.com/log
    
    Code:
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
                     
    Jun 1   19:23   1.1K   demodomain.com.conf
    Jun 1   19:23   845    ssl.conf
    Jun 1   19:34   1.4K   virtual.conf
    Jun 2   07:08   2.8K   newdomain1.com.conf
    Jun 2   07:36   2.8K   newdomain2.com.conf
    Jun 2   07:41   2.8K   newdomain3.com.conf
    Jun 21  11:00   1.6K   domain3.com.conf
    Jun 21  11:00   3.2K   domain3.com.ssl.conf
    Jun 21  11:04   1.6K   domain4.com.conf
    Jun 21  11:04   3.2K   domain4.com.ssl.conf
    -------------------------------------------------------------
    /usr/local/nginx/conf/conf.d/domain4.com.ssl.conf
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #   server_name domain4.com www.domain4.com;
    #    return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl spdy;
      server_name domain4.com www.domain4.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/domain4.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain4.com/domain4.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain4.com/domain4.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain4.com/domain4.com-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain4.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/domain4.com/log/error.log;
    
      root /home/nginx/domains/domain4.com/public;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    /usr/local/nginx/conf/ssl_include.conf
    Code:
    ssl_session_cache      shared:SSL:10m;
    ssl_session_timeout    60m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    committed to .08 beta03 so test away ! ;) :D
     
    Last edited: Jun 21, 2015
  12. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    8:03 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    It will be easy to replace the self signed ssl with a commercial one like Comodo for example?
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    still need to follow instructions at Nginx HTTPS / SSL Google SPDY configuration for the crt, unified and trusted file creation however, with the new centmin.sh menu option 2, dhparam file creation and the basic nginx spdy ssl vhost structure is setup automatically for you in yourdomain.com.ssl.conf :)

    basically switching from self-signed SSL certificate to paid SSL certificate needs changing and/or enabling the following

    • switch /usr/local/nginx/conf/ssl/domain4.com/domain4.com.crt to domain SSL certificated provided by SSL provide
    • switch private key /usr/local/nginx/conf/ssl/domain4.com/domain4.com.key to one you generate yourself as outlined here. Or, if you don't mind SSL certificate saying LA, USA for location, you can use the existing generated private key /usr/local/nginx/conf/ssl/domain4.com/domain4.com.key and CSR file /usr/local/nginx/conf/ssl/domain4.com/domain4.com.csr for paid SSL and just submit the /usr/local/nginx/conf/ssl/domain4.com/domain4.com.csr CSR file to your SSL provider at order time.
    • create your /usr/local/nginx/conf/ssl/domain4.com/domain4.com-trusted.crt as outlined here.
    • uncomment the 5 lines by removing hash # from them

    Code:
      ssl_certificate      /usr/local/nginx/conf/ssl/domain4.com/domain4.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain4.com/domain4.com.key;
    
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain4.com/domain4.com-trusted.crt;
    I am thinking for Comodo Positive and GGSSL (Comodo) Wildcard SSL, might automate the domain.com-trusted.crt creation and domain.com.crt if you place the provider provided files in /usr/local/nginx/conf/ssl/domain.com/. Probably something for another update down the road.

    i.e. For my 3 yr GGSSL (Comodo) Wildcard SSL certificate for centminmod.com created with RSA 2048 bit key algorithm and sha256 signature algorithm. The trusted file centminmod.com-unified.crt and unified file centminmod.com-unified.crt would be created from
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    • Your GGSSL Wildcard SSL - STAR_centminmod_com.crt
    centminmod.com-unified.crt
    Code:
    cat STAR_centminmod_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > centminmod.com-unified.crt
    
    centminmod.com-trusted.crt
    Code:
    cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > centminmod.com-trusted.crt
    
    For instance, GGSSL Comodo SSL WildCard Setup for centminmod.com
    Code:
    vhostname=centminmod.com
    
    SITE_CRT=$(ls /usr/local/nginx/conf/ssl/${vhostname}/ | grep 'STAR_' | grep -v ocsp)
    SSLROOT_CRT=$(ls /usr/local/nginx/conf/ssl/${vhostname}/ | grep 'AddTrustExternalCARoot.crt')
    INTERMEDIATE_CRTA=$(ls /usr/local/nginx/conf/ssl/${vhostname}/ | grep 'COMODORSAAddTrustCA.crt')
    INTERMEDIATE_CRTB=$(ls /usr/local/nginx/conf/ssl/${vhostname}/ | grep 'COMODORSADomainValidationSecureServerCA.crt')
    
    cat $SITE_CRT $INTERMEDIATE_CRTB $INTERMEDIATE_CRTA > /usr/local/nginx/conf/ssl/${vhostname}/${vhostname}-unified.crt
    
    cat $INTERMEDIATE_CRTA $INTERMEDIATE_CRTB $SSLROOT_CRT > /usr/local/nginx/conf/ssl/${vhostname}/${vhostname}-trusted.crt
    
     
    Last edited: Jun 21, 2015
  14. Mask

    Mask Active Member

    108
    31
    28
    Nov 10, 2014
    Ratings:
    +37
    Local Time:
    11:03 PM
    Nginx 1.9.1
    MariaDB 10.0.19
    @eva2000
    reporting a small bug. I said no when it asked for SSL
    Code:
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    But it still created the vhost with ssl setup.
    And boy, it really took a while to create that 2048bit key. It actually felt a lot longer than 2048 bit :)
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    thanks for the bug report.. fixed fix create SSL vhost detect/prompt for inc/nginx_addvhost.inc · centminmod/centminmod@2f7c821 · GitHub
    2048bit generation of the dhparam file not key.. it's speed depends on hardware specs of the server :)

    i'm curious about times so going to add a timer to it :D
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    To accompany the new nginx vhost centmin.sh menu option 2, starting to create a new standalone nginx vhost script, nv.sh which can take parameters on command line so it does exactly what centmin.sh menu option 2 does and create a nginx vhost with or without self-signed ssl and generate pure-ftpd username and auto generate password (if pure-ftpd service is detected if not no ftp user is generated).

    with pure-ftpd service enabled

    nv-sh-tool-00.png

    when pure-ftpd service is detected as disabled/stopped

    nv-sh-tool-01.png

    Code:
    /root/tools/nv.sh -d sky5.newdomain.com -s y
    ---------------------------------------------------------------
    Nginx Vhost Setup...
    ---------------------------------------------------------------
    
    
    ---------------------------------------------------------------
    SSL Vhost Setup...
    ---------------------------------------------------------------
    
    ---------------------------------------------------------------
    Generating self signed SSL certificate...
    Generating a 2048 bit RSA private key
    .........................................+++
    .............................+++
    writing new private key to 'sky5.newdomain.com.key'
    -----
    Signature ok
    subject=/C=US/ST=California/L=Los Angeles/O=sky5.newdomain.com/CN=sky5.newdomain.com
    Getting Private key
    ---------------------------------------------------------------
    Generating dhparam.pem file - can take a few minutes...
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .........................................................+................................................+..........................................................+..................+......+...................................................................................................................................................................................................................+..................................................................................+................................................................................................................................+..................................................................................................................................................................................................+..........................................................................................................................................................................................................................................++*++*
    dhparam file generation time: 8.629665763
    
    -------------------------------------------------------------
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    Stopping nginx:                                            [  OK  ]
    Starting nginx:                                            [  OK  ]
    
    -------------------------------------------------------------
    vhost for sky5.newdomain.com created successfully
    
    domain: http://sky5.newdomain.com
    vhost conf file for sky5.newdomain.com created: /usr/local/nginx/conf/conf.d/sky5.newdomain.com.conf
    
    vhost ssl for sky5.newdomain.com created successfully
    
    domain: https://sky5.newdomain.com
    vhost ssl conf file for sky5.newdomain.com created: /usr/local/nginx/conf/conf.d/sky5.newdomain.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.csr
    
    upload files to /home/nginx/domains/sky5.newdomain.com/public
    vhost log files directory is /home/nginx/domains/sky5.newdomain.com/log
    
    -------------------------------------------------------------
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
                    
    Jun 21  20:23   845    ssl.conf
    Jun 21  20:23   1.1K   demodomain.com.conf
    Jun 21  20:23   1.6K   virtual.conf
    Jun 22  12:17   1.6K   sky1.newdomain.com.conf
    Jun 22  12:17   3.3K   sky1.newdomain.com.ssl.conf
    Jun 22  12:23   1.6K   sky2.newdomain.com.conf
    Jun 22  12:23   3.3K   sky2.newdomain.com.ssl.conf
    Jun 22  12:25   1.6K   sky3.newdomain.com.conf
    Jun 22  12:25   3.3K   sky3.newdomain.com.ssl.conf
    Jun 22  12:28   3.3K   sky4.newdomain.com.ssl.conf
    Jun 22  12:28   1.6K   sky4.newdomain.com.conf
    Jun 22  13:10   1.6K   sky5.newdomain.com.conf
    Jun 22  13:10   3.3K   sky5.newdomain.com.ssl.conf
    
    -------------------------------------------------------------
    Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/sky5.newdomain.com
    
                    
    Jun 22  13:10   1.7K   sky5.newdomain.com.key
    Jun 22  13:10   1017   sky5.newdomain.com.csr
    Jun 22  13:10   1.3K   sky5.newdomain.com.crt
    Jun 22  13:10   424    dhparam.pem
    
    -------------------------------------------------------------
    Commands to remove sky5.newdomain.com
    
    rm -rf /usr/local/nginx/conf/conf.d/sky5.newdomain.com.conf
    rm -rf /usr/local/nginx/conf/conf.d/sky5.newdomain.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.crt
    rm -rf /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.key
    rm -rf /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.csr
    rm -rf /home/nginx/domains/sky5.newdomain.com
    service nginx restart
    -------------------------------------------------------------
    
    
    so essentially you could combine the curl one line installer + the nv.sh script to install Centmin Mod .08 beta03 + and higher + create nginx vhost

    Code:
    curl -sL http://centminmod.com/betainstaller.sh | bash;
    /path/to/nv.sh -d sky5.newdomain.com -s y -u ftpusername
    Dedicated discussion thread Beta Branch - Add Nginx Vhost via SSH command line via nv.sh /usr/bin/nv | Centmin Mod Community
     
    Last edited: Jun 23, 2015
  17. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  18. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: Jun 24, 2015
  19. Mask

    Mask Active Member

    108
    31
    28
    Nov 10, 2014
    Ratings:
    +37
    Local Time:
    11:03 PM
    Nginx 1.9.1
    MariaDB 10.0.19
    There use to be a time chart at the end of fresh install. Has it changed in the new version?
    I mean I just setup a free install on CentOS 6.6. and I don't see anything like
    Do I need to check some file(s) to get those stats ?
     
  20. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:03 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    extended time stats are only for curl one liner installs.. versus the basic one centmin mod install time is only on centmin.sh menu option 1 installs.

    which did you do ?