Centmin Mod What's New


Centmin Mod 1.2.3-eva2000.08 forum discussion thread here.



The new Centmin Mod version 1.2.3-eva2000.08 (referred to .08 release or Github branch 123.08stable) is a full 12+ months worth of improvements over previous 1.2.3-eva2000.07 release and started official .08 beta testing back on July 10, 2014. Centmin Mod .08 release has over 840+ commits and 160+ file changes since 1.2.3-eva2000.07 release. Centmin Mod .08 release will also be the first release to solely be available for download via Centmin Mod Github hosted repository.

Centmin Mod version 1.2.3-eva2000.08 took an unusually long time to develop due to working and testing on CentOS 7 compatibility. CentOS 7.x was a drastic change in the way the system was setup and ran compared to CentOS 6.x especially with systemd replacing Init-V init.d method of controlling services etc and what that meant for Centmin Mod LEMP stack's source compiled Nginx and PHP-FPM software.

Centmin Mod .08 release has alot of new features and improvements in both the initial installation of Centmin Mod LEMP and Nginx and PHP-FPM's feature set. The change log below outlines the major changes. I'd just like to highlight a bit more on some of the specific changes.

Centmin Mod on Github

Centmin Mod .08 release will also be the first release to solely be available for download via Centmin Mod Github hosted repository. Being new to Git myself, it's been a long road of learning and getting use to using Git and Github. I use Windows for developing Centmin Mod, so use SourceTree App for Git and code management.

You can use Git to upgrade and manage your Centmin Mod version code as outlined here Upgrade - Working with git command line for updating Centmin Mod local copies | Centmin Mod Community.

For .08 stable release, the install instructions for Centmin Mod have changed slightly to a new base directory location at /usr/local/src/centminmod where centmin.sh would be located at /usr/local/src/centminmod/centmin.sh.

Manual Centmin Mod install method that existing Centmin Mod users are use to is now as follows:

branchname=123.08stable
wget -O /usr/local/src/${branchname}.zip https://github.com/centminmod/centminmod/archive/${branchname}.zip
cd /usr/local/src
unzip ${branchname}.zip
mv centminmod-${branchname} centminmod
cd centminmod
chmod +x centmin.sh
./centmin.sh

There's a new 3rd method of install that is faster - the one liner curl bash method. This method was added from Centmin Mod 1.2.3-eva2000.08+ onwards and is the easiest way to install Centmin Mod which allows for fully unattended installs. It's just one line you type in SSH session as root user on a fresh virgin CentOS 6 or CentOS 7 OS environment. Resource video also has an example install at Centmin Mod .08 beta SSH one liner install on CentOS 6 + CentOS 7 simultaneously.

curl -sL http://centmin.com/installer.sh | bash

Once install completes, you'll have some basic info including mysql root password, memcached password and a post-install check list of major software installed's version numbers and also some install time stats.

---------------------------------------------------------------------------
Total Curl Installer YUM Time: 92.0033 seconds
Total YUM Time: 43.166100082 seconds
Total YUM + Source Download Time: 58.0522
Total Nginx First Time Install Time: 135.9561
Total PHP First Time Install Time: 130.5067
Download Zip From Github Time: 4.1942
Total Time Other eg. source compiles: 206.9870
Total Centmin Mod Install Time: 531.5020
---------------------------------------------------------------------------
Total Install Time (curl yum + cm install + zip download): 627.6995 seconds
---------------------------------------------------------------------------

There's also a more convenient centmin.sh menu option 23 for updating Centmin Mod code via github repo.

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2, 5.5, 10, 10.1 Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Re-install ImageMagick PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 23
--------------------------------------------------------

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ]

submenu option 1 setup github local environment

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ] 1
--------------------------------------------------------

setup Centmin Mod git sourced install...

download github.com centmin mod 123.08beta03 branch repo
Cloning into 'centminmod-123.08beta03'...
Switched to a new branch '123.08beta03'
Branch 123.08beta03 set up to track remote branch 123.08beta03 from origin.

list all available local branches
        git branch -a
* 123.08beta03
  master
  remotes/origin/123.06stable
  remotes/origin/123.07stable
  remotes/origin/123.08beta03
  remotes/origin/123.08centos7beta01
  remotes/origin/123.08centos7beta02
  remotes/origin/123.08livestats
  remotes/origin/123.08lua
  remotes/origin/123.08zerodown
  remotes/origin/HEAD -> origin/master
  remotes/origin/master

list git log last commit
        git log -a
commit 0a14b23ee0ec2c7787bdfc6befd58d5fb13475dd
Author: George Liu 
Date:   Sun May 31 14:40:29 2015 +1000

    add tools/gitsetup.sh to automate steps to switch to git updated code base
    https://community.centminmod.com/threads/working-with-git-command-line-for-updating-centmin-mod-local-copies.2150/

to update centmin mod 123.08beta03 branch repo via git
        cd /usr/local/src/centminmod-123.08beta03
        git stash
        git pull
        chmod +x centmin.sh

if you try submenu option 2 and you haven't done submenu option 1 yet

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ] 2
--------------------------------------------------------

Error: you do not have git environment setup for github based updates
       run submenu option 1 to setup github environment first

switching to a new github branch via submenu option 3

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ] 3
--------------------------------------------------------

Update Centmin Mod to newer branch via git
You need to input the name of the branch
List of current remote branches by descending date order

2015-05-31 16:54:41 +1000 4 minutes ago 123.08beta03updater
2015-05-31 14:40:29 +1000 2 hours ago   123.08beta03
2015-05-29 20:22:39 +1000 2 days ago    master
2015-05-29 20:22:39 +1000 2 days ago    master
2015-05-28 21:20:39 +1000 3 days ago    123.08livestats
2015-05-28 15:29:07 +1000 3 days ago    123.08lua
2015-05-27 15:54:13 +1000 4 days ago    123.08centos7beta02
2015-05-17 19:25:36 +1000 2 weeks ago   123.07stable
2015-05-12 00:44:49 +1000 3 weeks ago   123.08centos7mongodb
2015-05-08 03:36:57 +1000 3 weeks ago   123.08centos7setmisc
2015-04-13 12:00:17 +1000 7 weeks ago   123.08centos7beta02wp
2015-04-07 12:33:43 +1000 8 weeks ago   123.08centos6beta02redis
2015-04-04 05:50:25 +1000 8 weeks ago   123.07stable-fixes
2015-03-25 03:45:39 +1000 10 weeks ago  123.08zerodown
2015-03-10 16:52:48 +1000 3 months ago  123.08geoip
2015-03-10 16:52:37 +1000 3 months ago  123.08centos7beta01
2015-02-24 22:19:38 +1000 3 months ago  123.07stable_intel
2015-02-02 00:51:34 +1000 4 months ago  123.08slowfs
2014-06-23 17:08:44 +1000 11 months ago 123.06stable
        ->
Enter the branch name you want to switch to i.e. 123.08beta03 : 123.08beta03

download github.com centmin mod 123.08beta03 branch repo
Cloning into 'centminmod-123.08beta03'...

CentOS 7.0 and CentOS 7.1 Support

The reason why Centmin Mod .08 release took much longer than usual to reach stable release is due to CentOS 7.0/7.1 support. Alot of testing and feedback by Centmin Mod users for .08 beta allowed me to fix and improve Centmin Mod LEMP stack overall. Having to test for different virtualization technologies also complicated things - Xen and KVM played nicely. However, OpenVZ had a few issues to deal with for CentOS 7 support.

Nginx SSL Switched to LibreSSL

Nginx's support for SSL has switched from static compile of OpenSSL to using OpenSSL forked version, LibreSSL. LibreSSL also adds native support for chacha20_poly1305 ciphers. Centmin Mod Nginx still supports OpenSSL 1.02d and can switch between OpenSSL 1.02d and LibreSSL via centmin.sh variable LIBRESSL_SWITCH='y' for LibreSSL or LIBRESSL_SWITCH='n' for OpenSSL 1.02d.

LibreSSL was forked from the OpenSSL library starting with the 1.0.1g branch and will follow the security guidelines used elsewhere in the OpenBSD project.[9].

MariaDB 10 MySQL Default

Default version of MySQL used in Centmin Mod .08 release has been updated from MariaDB 5.5 to MariaDB 10 MySQL. MariaDB 10 is basically a merge of the best stuff from MariaDB 5.5, MySQL 5.6 and Percona 5.6. You can read the following for more info:

Pure-ftpd virtual FTP Users

Centmin Mod LEMP initially being a fork of the original Centmin project was never intended for shared hosting with individual user accounts that where isolated. I planned to do full jailed/chrooted user SFTP/SSH support in future. However, as a stop gap workaround for now, I have implemented Pure-ftpd virtual FTP user support for FTP over forced TLS with PASV enabled requirements for each Nginx vhost you add via centmin.sh menu option 2.

Wordpress Nginx Vhost + Wordpress Installer

Added a new centmin.sh menu option 22 to auto install Wordpress + WP Super Cache and other WP Plugins + also auto setup and create the Nginx vhost specifically for Wordpress and WP Super Cache support. As part of centmin.sh menu option 22 routine, it will auto create a cronjob script to auto update all Wordpress Plugins every 8 hours and email you a status update for all WP Plugins and their current status. Also the script will setup wp-login.php with password protection as an additional layer of security.

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Re-install ImageMagick PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Exit
--------------------------------------------------------
Enter option [ 1 - 23 ] 22
--------------------------------------------------------

cminfo

cminfo command shortcut gives you a full summary overview of your Centmin Mod LEMP stack state - including software versions, and Nginx vhost, pure-ftpd virtual FTP and MySQL databases etc.

PHP 7.0 support

Centmin Mod .08 release has native support for the next version of PHP = PHP 7.0 (PHPNG). PHP 7.0 is considered alpha state so not ready for production live use as not all PHP extensions are supported yet i.e. memcache/memcached, igbinary, imagick PHP extensions are not yet supported in PHP 7.0. However, I am running a test Wordpress blog on CentOS 7.1 with PHP 7.0 right now at http://wordpress7.centminmod.com/. With Centmin Mod .08 release, you can also play with PHP 7.0 if you want just by using centmin.sh menu option 5 and upgrading PHP by specifying version 7.0.0 when prompted.

New Nginx Modules Added

Centmin Mod's source compiled Nginx server has new Nginx modules added which are equivalent to the ones in Nginx's commercial paid Nginx Plus server and more.

New Centmin Mod Official Addons

New maldet.sh addon for Linux Malware Detect + ClamAV antivirus scanner support. When installed, your Centmin Mod server has automatic daily malware and antivirus scans of the system and auto email notifies you when malware or viruses are detected.

New Centmin Mod Default Index Page

New Centmin Mod logo makes up the new Default Index Page.

Added Remi YUM Repo

Remi YUM repo added as a replacement for dead CentALT Yum Repo. With Remi YUM repo in place, this also allowed Centmin Mod LEMP stack to default to a newer version of ImageMagick for the system at version 6.9.x.

Added ATrpms YUM Repo

ATrpms YUM repo was added to fix ffmpeg and ffmpeg-devel missing required dependency packages on CentOS 7.

Added Redis & MongoDB PHP Extension

Redis PHP extension and MongoDB PHP extension support has been added.

CSF Firewall IPSET Support

CSF Firewall IPSET support has been added when non-OpenVZ systems are detected. IPSET support allow hashing of ips to reduce the overhead involved in blocking and managing large number of IP addresses in CSF Firewall which interfaces with IPTables. Without IPSET support, blocking or managing a large number of IP addresses will slow down and reduce network and system performance of your server.

Nginx + OpenSSL 1.0.2d default

Centmin Mod Nginx is source compiled against static version of OpenSSL and that version has been updated to default to OpenSSL 1.0.2d. Centmin Mod Nginx still supports OpenSSL 1.02d and can switch between OpenSSL 1.02d and LibreSSL via centmin.sh variable LIBRESSL_SWITCH='y' for LibreSSL or LIBRESSL_SWITCH='n' for OpenSSL 1.02d.

Persistent Settings via custom_config.inc

Added support for a separate and persistent custom_config.inc file to place custom centmin.sh settings/variables in which override centmin.sh defaults. This comes in handy when updating Centmin Mod but wanting your custom settings in centmin.sh to be untouched.

Supports 2 locations for custom_config.inc

  1. inc/custom_config.inc where centmin.sh base directory resides
  2. at ${CONFIGSCANBASE}/custom_config.inc which defaults to /etc/centminmod/custom_config.inc

To override centmin.sh settings and allow them to persist on centmin mod code updates, create a custom_config.inc at one of the 2 locations mentioned above and add the centmin.sh option to the custom_config.inc file.

i.e. to set PHP 5.6.11 and Zend Opcache as default place in manually created file at /etc/centminmod/custom_config.inc the following variables which are in centmin.sh to override centmin.sh ones

PHP_VERSION='5.6.11'
ZOPCACHEDFT='y'

Finer Grain Nginx Module Control

You'll also have finer grain control over which additional Nginx modules are added to Centmin Mod. An example with centmin.sh variables set to no to disable Nginx module additions. These variables set to no will give you a bare minimum recommended Nginx configuration if you do not require such modules.

NGINX_STREAM=n               # http://nginx.org/en/docs/stream/ngx_stream_core_module.html
NGINX_RTMP=n                 # Nginx RTMP Module support https://github.com/arut/nginx-rtmp-module
NGINX_FLV=n                  # http://nginx.org/en/docs/http/ngx_http_flv_module.html
NGINX_MP4=n                  # Nginx MP4 Module http://nginx.org/en/docs/http/ngx_http_mp4_module.html
NGINX_AUTHREQ=n              # http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
NGINX_SECURELINK=n           # http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
NGINX_FANCYINDEX=n           # http://wiki.nginx.org/NgxFancyIndex
NGINX_VHOSTSTATS=n           # https://github.com/vozlt/nginx-module-vts
NGINX_PAGESPEED=n            # Install ngx_pagespeed
NGINX_PASSENGER='n'          # Install Phusion Passenger requires installing addons/passenger.sh before hand
NGINX_WEBDAV=n               # Nginx WebDAV and nginx-dav-ext-module
NGINX_UPSTREAMCHECK='n'      # nginx upstream check https://github.com/yaoweibin/nginx_upstream_check_module
NGINX_OPENRESTY='n'            # Agentzh's openresty Nginx modules
LUAJIT_GITINSTALL='n'        # opt to install luajit 2.1 from dev branch http://repo.or.cz/w/luajit-2.0.git/shortlog/refs/heads/v2.1
ORESTY_LUANGINX='n'             # enable or disable or ORESTY_LUA* nginx modules below

nginx -V
nginx version: nginx/1.9.3
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.1
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../headers-more-nginx-module-0.25 --with-openssl=../portable-2.2.0 --with-libatomic --with-threads --with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module    

for m in $(nginx -V 2>&1 | grep configure); do echo $m; done
configure
arguments:
--with-ld-opt='-lrt
-ljemalloc
-Wl,-z,relro'
--with-cc-opt='-m64
-mtune=native
-g
-O2
-fstack-protector
--param=ssp-buffer-size=4
-Wformat
-Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2
-Wno-deprecated-declarations
-Wno-unused-parameter
-Wno-unused-const-variable
-Wno-conditional-uninitialized
-Wno-mismatched-tags
-Wno-c++11-extensions
-Wno-sometimes-uninitialized
-Wno-parentheses-equality
-Wno-tautological-compare
-Wno-self-assign
-Wno-deprecated-register
-Wno-deprecated
-Wno-invalid-source-encoding
-Wno-pointer-sign
-Wno-parentheses
-Wno-enum-conversion'
--sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf
--with-http_ssl_module
--with-http_gzip_static_module
--with-http_stub_status_module
--with-http_sub_module
--with-http_addition_module
--with-http_image_filter_module
--with-http_realip_module
--with-http_geoip_module
--with-openssl-opt=enable-tlsext
--add-module=../ngx_cache_purge-2.3
--add-module=../nginx-accesskey-2.0.3
--add-module=../nginx-http-concat-master
--add-module=../headers-more-nginx-module-0.25
--with-openssl=../portable-2.2.0
--with-libatomic
--with-threads
--with-pcre=../pcre-8.37
--with-pcre-jit
--with-http_spdy_module    

Nginx SPDY SSL Vhost Generation Support

Centmin Mod's centmin.sh menu option 2 has added support for auto generating a self-signed SPDY SSL Nginx vhost to accompany your non-SSL Nginx vhost so your domains have basic https and non-https support. Then it's just a matter of replacing your SPDY SSL Nginx vhost yourdomain.com.ssl.conf Nginx vhost with your paid commercial SSL certificates if you want as per outline here.Also added SSH command line support for creating new Nginx vhosts with SPDY SSL vhost auto generation support

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu 
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2, 5.5, 10, 10.1 Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Re-install ImageMagick PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 2
--------------------------------------------------------    

---------------------------------------------
Enter vhost domain name you want to add (without www. prefix): domain4.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: y

Create FTP username for vhost domain (enter username): ftpssl4
Do you want to auto generate FTP password (recommended) [y/n]: y

FTP username you entered: ftpssl4
FTP password auto generated: BTH2Psh33rJAYgb3bG2Xc

Password:
Enter it again:

---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------

---------------------------------------------------------------
Generating self signed SSL certificate...
Generating a 2048 bit RSA private key
..............................+++
.................................................+++
writing new private key to 'domain4.com.key'
-----
Signature ok
subject=/C=US/ST=Los Angeles/L=California/O=domain4.com/CN=domain4.com
Getting Private key
---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.............+......................................................................................................................................................................................+..........................................................................................................................................................................+...................++*++*

-------------------------------------------------------------
service nginx reload
Reloading nginx configuration (via systemctl):  [  OK  ]
systemctl restart pure-ftpd.service    

-------------------------------------------------------------
FTP hostname : ipaddress
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for domain4.com : ftpssl4
FTP password created for domain4.com : BTH2Psh33rJAYgb3bG2Xc
-------------------------------------------------------------    

vhost for domain4.com created successfully
domain: http://domain4.com
vhost conf file for domain4.com created: /usr/local/nginx/conf/conf.d/domain4.com.conf

vhost ssl for domain4.com created successfully
domain: https://domain4.com
vhost ssl conf file for domain4.com created: /usr/local/nginx/conf/conf.d/domain4.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created

upload files to /home/nginx/domains/domain4.com/public
vhost log files directory is /home/nginx/domains/domain4.com/log    

Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
Jun 1   19:23   1.1K   demodomain.com.conf
Jun 1   19:23   845    ssl.conf
Jun 1   19:34   1.4K   virtual.conf
Jun 2   07:08   2.8K   newdomain1.com.conf
Jun 2   07:36   2.8K   newdomain2.com.conf
Jun 2   07:41   2.8K   newdomain3.com.conf
Jun 21  11:00   1.6K   domain3.com.conf
Jun 21  11:00   3.2K   domain3.com.ssl.conf
Jun 21  11:04   1.6K   domain4.com.conf
Jun 21  11:04   3.2K   domain4.com.ssl.conf
-------------------------------------------------------------    

contents of /usr/local/nginx/conf/conf.d/domain4.com.ssl.conf

# Centmin Mod Getting Started Guide
# must read http://centmin.com/getstarted.html
# For SPDY SSL Setup
# read http://centmin.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#   server_name domain4.com www.domain4.com;
#    return 302 https://$server_name$request_uri;
# }

server {
  listen 443 ssl spdy;
  server_name domain4.com www.domain4.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain4.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain4.com/domain4.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain4.com/domain4.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain4.com/domain4.com-trusted.crt;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain4.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain4.com/log/error.log;

  root /home/nginx/domains/domain4.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centmin.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}    

contents of /usr/local/nginx/conf/ssl_include.conf

ssl_session_cache      shared:SSL:10m;
ssl_session_timeout    60m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;    

Basic Multiple PHP-FPM Pool Support

Added basic multiple PHP-FPM pools support. Full details here.

multiple PHP-FPM Pools

Add Optional Custom Curl 7.43 RPM Support

CentOS 6 defaults to curl 7.19 and CentOS 7 defaults to curl 7.29 while latest curl is 7.43. Added optional routine and standalone /addons/customcurl.sh addon to update to curl 7.43 Beta Branch - Centmin Mod .08 beta 03 addon - curl 7.43 custom rpms.

Centmin Mod 1.2.3-eva2000.08 Change Log