Get Centminmod installation to work on Linode with Letsencrypt, Wordpress and Nginx

Please fill in any relevant information that applies to you:

• CentOS Version: CentOS 7 64bit ?
• Centmin Mod Version Installed: 123.09beta01
• Nginx Version Installed: i.e. 1.15.3
• PHP Version Installed: 7.2.9
• MariaDB MySQL Version Installed: 10.2.xx
• When was last time updated Centmin Mod code base ? : centmin.sh menu option 23 submenu option 2
• Persistent Config:

I have now tried to install and get Centminmod to be functional the last couple of days. I have read the published guides but I just can't this to work properly.

1) I have turned off selinux.
2. I have installed centminmod successfully. My Linode is well abova the minimum requirements.
3) "Set the Default Server Main Hostname Nginx Vhost" (Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS)

When I enter uname -n, I get my full domain name = psykolog.nu.

This is obviously going to be my site domain for my visitors to navigate to.

---

So what should I do here? Should I go on with setting up a DNS entry for a new hostname (for example centhost.psykolog.nu) and change the hostname to centhost.psykolog.nu with

(a) hostnamectl set-hostname centhost.psykolog.nu
(b) edit /etc/hosts and add "serverip centhost.psykolog.nu centhost"
(c) save /etc/hosts and then type centhost centhost.psykolog.nu
(d) restart the network?

Sorry if I'm just repeating the instructions but I'm just trying to follow the instructions correctly this time so the installation will not break as it has done many times the couple of days. For your info I get this when I type hostnamectl status before changing:

[root@psykolog.nu ~]# hostnamectl status
Static hostname: localhost.localdomain
Transient hostname: psykolog.nu
Icon name: computer-vm
Chassis: vm
Machine ID:-
Boot ID: -
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-957.el7.x86_64
Architecture: x86-64

 

Ok, for a newbie it is confusing in the guide with "hostname hostname.newdomain.com" when hostname is a command and not the subdomain of choosing. Maybe "hostname subdomainofyourchoice.newdomain.com" would be easier to understand...

Now, this means that in the /etc/hosts it should state:

ip-address centhost.psykolog.nu hostname and not ip-address centhost.psykolog.nu centhost?

 

Ok I have now followed the instructions to the second part: " Add Your First Domain Name's Nginx Vhost Configuration".

What I want to go straight forward and run option 22 in the centmin and create a nginx/wordpress installation with letsencrypt SSL (with only https). Is this possible?

 

Got everything working. My previous problem was with defining wrong hostname. Also added LETSENCRYPT_DETECT='y' in /etc/centminmod/custom_config.inc before option 22.

 

I also managed to install phpmyadmin. But now I cannot access phpmyadmin at centhost.psykolog.nu due to cert error. How can I fix this? I have a letsencrypt cert on main domain psykolog.nu.

From the error log (/var/log/localhost.error.log):

2019/02/15 01:41:05 [error] 13716#13716: *109 open() "/usr/local/nginx/html/application/configs/application.ini" failed (2: No such file or directory), client: 159.203.11.15, server: centhost.psykolog.nu, request: "GET /application/configs/application.ini HTTP/1.1", host: "178.79.154.124:80"

Seems like phpmyadmin by default uses http when it should be https on my configuration?

 

Really thankful for your support (can I donate somehow?)

The problem is that I have HSTS enabled.

It was installed via phpmyadmin.sh. I saw on your reply to another poster: Nginx - SSL - phpmyadmin main hostname HTTPS SSL: conflicting server name ignored

Could this be relevant for me too?

From what I understand:

1. Edit phpmyadmin_ssl.conf and change:

(a) replace crt and key to use the main site ssl
(b) exclude the line 'include /usr/loal/nginx/conf/phpmyadmin_https.conf'
(c) included the line 'include /usr/local/nginx/conf/php.conf'
(d) remove the redirection line under location: 'return 302 https://$server_name4$request_uri;'

2. then restart nginx.

Should this work?

 

I followed your guide here to install phpmyadmin:

Addon phpmyadmin.sh - CentminMod.com LEMP Nginx web stack for CentOS

So I guess the second suggestion is to go with?

I have following files in /usr/local/nginx/conf/conf.d/

[11:16][root@centhost.psykolog.nu conf.d]# ls
demodomain.com.conf phpmyadmin_ssl.conf psykolog.nu.ssl.conf virtual.conf

So I guess I should take the content of the phpmyadmin_https.conf and place it in psykolog.nu_ssl.conf and not virtual.conf?

So these values is uniqe for phpmyadmin?

What will the inmplication of this modification be on future updates of for example phpmyadmin or Nginx. That I have to manually adjust this settings after each update?

 

After this step, configuring virtual.ssl.conf generates following error with nginx -t
[12:18][root@centhost.psykolog.nu conf.d]# nginx -t
nginx: [emerg] "root" directive is duplicate in /usr/local/nginx/conf/conf.d/virtual.ssl.conf:32
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

 

I followed your steps but it still does not work.

nginx -t
nginx: [warn] conflicting server name "centhost.psykolog.nu" on 0.0.0.0:443, ignored
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

virtual.ssl.conf:

Code:

server {
            listen 443 ssl http2;
            server_name centhost.psykolog.nu;
            root   html;


        ssl_certificate      /usr/local/nginx/conf/ssl/centhost.psykolog.nu/centhost.psykolog.nu-acme.cer;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/centhost.psykolog.nu/centhost.psykolog.nu-acme.key;
        include              /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECD$
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/centhost.psykolog.nu/centhost.psykolog.nu-acme.cer;

#        root   html;
#        access_log              /var/log/nginx/localhost.access.log     combined buffer=8k flush=1m;
 #       error_log               /var/log/nginx/localhost.error.log      error;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

# limit_conn limit_per_ip 16;
# ssi  on;

        location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        #allow youripaddress;
        deny all;
        }

            location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

#Enables directory listings when index file not found
#autoindex  on;

            }

include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/include_opcache.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
#include /usr/local/nginx/conf/vts_mainserver.conf;

       }

 

Sorry. I did not follow all the steps. Stupid me!

Thank you very much! I have made a small donation for your kind support. If I decide to use Centminmod for my server, I will definetly pay for a premium membership!