Get the most out of your Centmin Mod LEMP stack
Become a Member

Need to ask about oneliner install method

Discussion in 'Introductions' started by Kyvaith, Jun 14, 2016.

  1. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    Hi, Is it possible to install everything using beta one-liner, but with PHP 7.0 GA Final and ngx_pagespeed? Without need to upgrade PHP and recompile Nginx to get ngx_pagespeed? Maybe oneliner respect /etc/centminmod/custom_config.inc file created by hand? If so, how to create it with thoes two things I need. Thanks.

    EDIT: So the exact question is will it work:
    Code:
    mkdir /etc/centminmod && echo -e "PHP_VERSION='7.0.0'\nNGINX_PAGESPEED='y'" > /etc/centminmod/custom_config.inc && curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh
    And do I need anything else to get cutting-edge configuration for WordPress best performance?
     
    Last edited: Jun 14, 2016
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    welcome @Kyvaith to Centmin Mod Community :)

    Yup you can do it that way to create the /etc/centminmod/custom_config.inc persistent config file before install. Or just see 1st post at Beta Branch - Centmin Mod .09 beta branch Testing | Centmin Mod Community - there's a PHP 7.0.7 installer called betainstaller7.sh method at

    Code (Text):
    curl -O https://centminmod.com/betainstaller7.sh && chmod 0700 betainstaller7.sh && bash betainstaller7.sh
    


    contents of betainstaller7.sh on git is at installer7.sh and you can see basically it does what you did above centminmod/installer7.sh at 123.09beta01 · centminmod/centminmod · GitHub

    there's also a betainstaller-latest.sh
    Code (Text):
    curl -O https://centminmod.com/betainstaller-latest.sh && chmod 0700 betainstaller-latest.sh && bash betainstaller-latest.sh
    

    which corresponds to installer-latest on github at centminmod/installer-latest.sh at 123.09beta01 · centminmod/centminmod · GitHub

    Should give you some ideas.. you can even take the installer-latest.sh code and tweak it for your specific needs. For that best to ask in Centmin Mod Insights forum Centmin Mod Insights | Centmin Mod Community or install/upgrade forum Install & Upgrades or Pre-Install Questions | Centmin Mod Community :)

    for wordpress post in blog/cms forum at Blogs & CMS usage | Centmin Mod Community

    Threads you might want to participate in ;)

    Threads & Info To Bookmark



    Threads to read, pages to bookmark and threads to watch/subscribe to get to know Centmin Mod would include:

    Premium Membership


     
  3. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    actually you need a few more commands for unattended that are contained in installer.sh/installer7.sh/installer-latest.sh example centminmod/installer-latest.sh at 123.09beta01 · centminmod/centminmod · GitHub which you can tweak

    Code (Text):
    # switch from PHP 5.4.41 to 5.6.9 default with Zend Opcache
    sed -i "s|^PHP_VERSION='.*'|PHP_VERSION='5.6.22'|" centmin.sh
    sed -i "s|ZOPCACHEDFT='n'|ZOPCACHEDFT='y'|" centmin.sh
    
    # disable axivo yum repo
    #sed -i "s|AXIVOREPO_DISABLE=n|AXIVOREPO_DISABLE=y|" centmin.sh
    
    # bypass initial setup email prompt
    mkdir -p /etc/centminmod/
    echo "NGINX_PAGESPEED=y" > /etc/centminmod/custom_config.inc
    echo "ORESTY_LUANGINX=y" >> /etc/centminmod/custom_config.inc
    echo "NGINX_XSLT='n'" >> /etc/centminmod/custom_config.inc
    echo "NGINX_LIBBROTLI='y'" >> /etc/centminmod/custom_config.inc
    # Nginx Dynamic Module Switches
    echo "NGXDYNAMIC_XSLT='n'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_IMAGEFILTER='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_GEOIP='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_STREAM='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_HEADERSMORE='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_SETMISC='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_ECHO='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_SRCCACHE='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_MEMC='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_REDISTWO='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_NGXPAGESPEED='y'" >> /etc/centminmod/custom_config.inc
    echo "NGXDYNAMIC_BROTLI='y'" >> /etc/centminmod/custom_config.inc
    # echo "ORESTY_LUANGINXVER='0.10.4'" >> /etc/centminmod/custom_config.inc
    echo "1" > /etc/centminmod/email-primary.ini
    echo "2" > /etc/centminmod/email-secondary.ini
    "${INSTALLDIR}/centminmod/centmin.sh" install
    rm -rf /etc/centminmod/email-primary.ini
    rm -rf /etc/centminmod/email-secondary.ini


    probably best to take one of the installer-latest.sh and tweak just for the /etc/centminmod/custom_config.inc

    Or if it's tooo confusing the command in your 1st post is fine
     
    Last edited: Jun 14, 2016
  4. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    Ok, I ended up with this code:

    Code:
    mkdir /etc/centminmod && echo -e "PHP_VERSION='7.0.0'\nNGINX_PAGESPEED=y" > /etc/centminmod/custom_config.inc && curl -O https://centminmod.com/betainstaller-latest.sh && chmod 0700 betainstaller-latest.sh && bash betainstaller-latest.sh && centmin
    Works great, but I have one more question. Is it possible to restrict wordpress form listing parrent directories? Something like chroot app in its domain folder. In scenario when I have multpile Wordpress sites I want to get situation where one vulnerable site != all sites down.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Now that you have posted a intro post, you can post elsewhere in the more appropriate forums
    FYI php 7.0.7 is latest version not 7.0.0

    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).
     
  6. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    eva2000, I trust myself as the admin, but I l don't trust whole Internet, so it's important to protect aginst potencial attacks. When hacker will grant access to cli on server, he will replace/delete/infect all resources he has access to. If there is no way to isolate web apps, I'm unable to use centmini mod, sorry.
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Understandable but any out of box nginx based lemp stack suffers from the same lack of isolation. May I ask what Nginx based lemp stack you're currently use that has jailed/chrooted user account based isolation ? Or you add chroot/jailed isolation yourself ?

    Centmin Mod doesn't have such out of box, but you are welcome to add chroot/jailed user isolation yourself to Centmin Mod if you know how as it can be done just very very very and I mean very involved amount of work ! And can limit what you'd be able to run on an Nginx LEMP based web stack for certain web app/technologies like node.js based web apps.

    Jailed chroot user I have planned on my to do list for Centmin Mod way into the future and should in theory limit this as each Nginx vhost and associated jailed chrooted user account will run on it's own user and group and be locked to within it's own account directory which would be in either /home/chroot_sftp/home/username or/home/chroot_shell/home/username structure.

    Then each Nginx vhost user will also have their own PHP-FPM pools and config files i.e. /usr/local/nginx/conf/phpfpmd/phpfpm_user1.conf each running on their own user and group unique from other jailed chrooted users.

    See very old working preview at Previews - Jailed / chrooted SFTP & SSH user Nginx vhost menu | Centmin Mod Community of what can be done manually yourself.
     
    Last edited: Jun 15, 2016
  8. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    I'm trying to find replacement for multiple web hostings for my friend. He has about 30 WordPress instances and every one on separate hosting.
    I found plenty references for NGINX/chroot topics on Internet but didn't tried it by myselfe. I use puppets/p assenger in big enviroment.
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah unfortunately no free nginx lemp stack based self hosted/installed solutions I know of have user jailed/chrooted protection and certainly not with what Centmin Mod's wide range of supported web apps/technologies and nginx module capabilities anyway. Centmin Mod centmin.sh option 22 wordpress auto installer is pretty much locked down time with rate limiting, http authenticated login protection, auto wordpress plugin (option core) updater cronjob and wpsecure include file that locks down wp-content and subdirectories. So your wordpress installs would be much more secure than if you manually did a wordpress install from various nginx + wordpress basic how to guides online :)

    Especially if you use 123.09beta01 beta branches version of centmin.sh menu option 22 - details Wordpress Nginx Auto Installer (WP Super Cache)

    Centmin Mod 123.09beta01 also has tools/autoprotect.sh cron setup per nginx vhost to auto protect and convert all detected 'deny from all' based .htaccess files to nginx location match deny all syntax contexts Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community which protects more than just wordpress but any web app where developer wrote for apache .htaccess based servers and included .htaccess 'deny from all' bundled in their web scripts with intention of securing and not making public such directories.

    Any other nginx based lemp stack would ignore such web developer included .htaccess files and leave open to all public internet the private directories that were never meant to be made public IF you didn't add a specific nginx location match context with deny all ! You don't need multiple wordpress or sites on nginx to suffer from nginx ignoring 'deny form all' .htaccess files when you do not add a specific location match context deny all in your nginx vhost. If you overlook to add a specific nginx location match context for .htaccess equivalent 'deny all' within your web app or web app's addons/plugins (wordpress plugins) and their included .htaccess 'deny from all', you are also potentially at risk.
     
    Last edited: Jun 15, 2016
  10. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    If you have working preview of jailed vhosts environment it should be added at present state in every next alpha/beta versions of centmin mod. I would love to test it.
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately outdated and never kept up with massive amount of improvements and code changes in 123.09beta01 now so needs alot of work and testing which i currently don't have time for :)

    just the free ssl certificates integration from letsencrypt coming soon to 123.09beta01 is enough to invalid the old jailed user code Letsencrypt - Welcome to acmetool.sh - new letsencrypt addon for Centmin Mod LEMP stacks | Centmin Mod Community

    check out change log for 123.09beta01 changes to come Change Log - CentminMod.com LEMP Nginx web stack for CentOS
     
    Last edited: Jun 16, 2016
  12. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    It's painfull, when you have really powerfull tool, but you're unable to use it because of lack of one but important feature. Hope You'll decide to get Your hands on it soon.
    Thanks, Tom.
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Understandable, but being one person need to prioritise and make best use of my spare time i dedicate to Centmin Mod. Jailed user support under Nginx/PHP-FPM will 100% break alot of the features and future features being developed for Centmin Mod and will restrict what you can run properly on Centmin Mod LEMP stack and require end users probably to understand how to keep Jailed user environment up to date every time you update software on the server - which can't really be automated as there's no way to know what end users install by themselves on their servers. I also wouldn't be able to free support for troubleshooting and guidance for such.

    Also in Jailed environment, server resources especially disk and memory usage will increase dramatically due to each jailed user having to have a jailed copy of all server binaries you want the jailed user to have access to.

    If you're already using separate VPS for each site already, you can still use Centmin Mod LEMP stack anyway just to test the waters :)
     
  14. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    Ok, so maybe there is a redy to go solution for using containers (Docker) for separation Centmini mod LEMP stacks?
     
  15. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately, not right now. If there's any news I'd post it in Centmin Mod Docker development subforums or if folks more familiar with Docker contribute they can post it there too.
     
  16. Kyvaith

    Kyvaith New Member

    10
    1
    3
    Jun 14, 2016
    Ratings:
    +2
    Local Time:
    11:43 AM
    Is there already a oneliner script for letsencrypt branch?
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:43 PM
    Nginx 1.13.x
    MariaDB 5.5
    Not publicly available.. acmetool.sh will be it once public beta testing staging comes. That will be after i do internal testing and adding more features and perfecting it privately :)

    @Brian King did ask how to do it manually on Centmin Mod for now and i posted some steps at Letsencrypt - Centmin Mod Letsencrypt Branch testing discussions | Page 3 | Centmin Mod Community be sure to read disclaimer in that post too.