Centmin Mod Configuration Files

For Centmin Mod a lot of the configuration file settings are dynamically configured based on the detected server hardware configuration like number of cpu cores, amount of memory installed and free/available and amount of disk space used as well as type of server environment detected - whether it by barebones dedicated or virtualized environments like OpenVZ, KVM and Xen.

With this in mind, if you're backing up or restoring configuration files to different servers, web hosts or different virtualization environments, you may need to adjust some configuration files yourself. Or backup the new environment Centmin Mod LEMP installed server's config files and do a side by side comparison of the new environment config files and your backed up copies. I use BeyondCompare for side by side file/directory comparisons.



Centmin Mod Command Shortcuts

As some of the configuration file paths are long, remembering them all can sometimes be a chore. So Centmin Mod has command line shortcuts for some. You can see a full list of command line shortcuts in FAQ item 16 on official site.

Nginx

Nginx server has many configuration files.

  • /etc/init.d/nginx - nginx service init.d file.
  • /usr/local/nginx/conf/nginx.conf - main Nginx configuration file for server itself. The nginx.conf worker_processes value is dynamically configured based on a formula to dynamically allocate a value based on number of cpu cores available and set it so that some cpu cores are left for non-nginx services. So worker_processes value will always be less than number of cpu cores available. However, Nginx relies on various directories and config files are located at /usr/local/nginx/conf which is auto backed up to time stamped directory at /usr/local/nginxbackup everytime you run centmin.sh menu option 4 to upgrade, downgrade or recompile Nginx server. The back up directory is set by centmin.sh variable NGINXBACKUPDIR='/usr/local/nginxbackup'.
  • /usr/local/nginx/conf/conf.d - directory where each Nginx vhost domain config file is located. These files are created when you use centmin.sh menu option 2 to add a new site domain or use new Centmin Mod .08 beta 03 and higher featured /usr/bin/nv command line approach to add a new site domain. Note: If moving servers, you can either backup and transfer these files to new server, or on new server recreate the Nginx vhosts and manually transpose your settings from backed up files to your new Nginx site domain vhost files at same directory on new server. Sometimes, if upgrading to newer Centmin Mod branch versions, new or revised Nginx vhost settings are added, so comparing the existing backed up versions with new server recreated versions maybe best.
  • /usr/local/nginx/conf/conf.d/virtual.conf - default main Nginx vhost config file for main hostname which is separate from your created site domain Nginx vhost config files. Getting Started Guide explains and illustrates the differences in step 1. The /usr/local/nginx/conf/conf.d/virtual.conf file has it's web root at /usr/local/nginx/html containing statistics and admin files as outlined here. These files are generally created with dynamically random prefixes so are unique to each Centmin Mod installation and as such the /usr/local/nginx/conf/conf.d/virtual.conf entries for password protection etc are set to unique specific location context matches for those dynamically generated files. So if you change name of those random prefix generated files in /usr/local/nginx/html, you will need to edit the associated location context matched values in /usr/local/nginx/conf/conf.d/virtual.conf
  • /usr/local/nginx/conf/ssl/ - directory where you should have installed your SSL certificates for your domain. If you used the new Centmin Mod .08 beta 03 and higher featured /usr/bin/nv command line approach to add a new site domain and set -s y option, the self-signed SSL certificates would be created in /usr/local/nginx/conf/ssl/yourdomain.com/ directory. Note: If moving servers, you would need to backup and transfer this /usr/local/nginx/conf/ssl/yourdomain.com/ directory and it's contents if they exists. This is where your SSL certificate files are located most of the time including for Letsencrypt free SSL certificates obtained in Centmin Mod 123.09beta01 and higher versions which include a new Letsencrypt addon called acmetool.sh which obtains, installs and saves Letsencrypt SSL certificates to /usr/local/nginx/conf/ssl/yourdomain.com/. Letsencrypt SSL certificates are only valid for 90 days, so while you may copy the existing Letsencrypt SSL certificates, on new server with , you would need to eventually need reinstall and resteup the acmetool.sh addon via either command line acmeinstall command or the acme-menu mode as outline here. Once reinstalled, you will need to do a one time task of using acmetool.sh to reissue or renewal of your moved site domain's Letsencrypt SSL certificates on new server you moved to. This registers your domain on the new server into the auto renewal cronjob so that Letsencrypt SSL certificates renew automatically near expiry date.
  • /usr/local/nginx/conf/staticfiles.conf - default static files include file which is included in each Nginx vhost config file i.e. /usr/local/nginx/conf/conf.d/yourdomain.com.conf
  • /usr/local/nginx/conf/php.conf - main Centmin Mod created PHP include file which is included in each Nginx vhost config file i.e. /usr/local/nginx/conf/conf.d/yourdomain.com.conf
  • Everytime you edit any of these Nginx config or include files, you need to restart nginx service.
  • The default main Nginx vhost config file has log file paths different from normal generated Nginx vhost log paths as they are located at /var/log/nginx with naming format of prefixed with localhost in front so access_log is at /var/log/nginx/localhost.access.log and error_log is at /var/log/nginx/localhost.error.log.

Nginx Site Domain

  • /home/nginx/domains/yourdomain.com/ - is directory structure and web root (/home/nginx/domains/yourdomain.com/public) where yourdomain.com is your site domain you setup when you use centmin.sh menu option 2 to add a new site domain or use new Centmin Mod .08 beta 03 and higher featured /usr/bin/nv command line approach to add a new site domain. Details in Getting Started Guide step 2.
  • /usr/local/nginx/conf/conf.d/yourdomain.com.conf - http Nginx vhost configuration file for your site. Note: If moving servers, you can either backup and transfer these files to new server, or on new server recreate the Nginx vhosts and manually transpose your settings from backed up files to your new Nginx site domain vhost files at same directory on new server. If you did the above outlined step of backing up /usr/local/nginx/conf/conf.d directory, you would of already backed up this Nginx vhost config file.
  • /usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf - https Nginx vhost configuration file for your site if you elected to setup self-signed SSL certificate at Nginx vhost creation time via centmin.sh menu option 2 outlined here. Note: If moving servers, you can either backup and transfer these files to new server, or on new server recreate the Nginx vhosts and manually transpose your settings from backed up files to your new Nginx site domain vhost files at same directory on new server. If you did the above outlined step of backing up /usr/local/nginx/conf/conf.d directory, you would of already backed up this Nginx vhost config file.
  • /home/nginx/domains/yourdomain.com/log - directory where your site's nginx specific access.log and error.log are located for troubleshooting site specific errors like site specific 404, 502, 504, 500 and other errors.
  • /usr/local/nginx/conf/pre-staticfiles-global.conf - only exists in Centmin Mod 123.09beta01 and higher. Allows you to add custom Nginx rules within your Nginx vhost between the default web root location / {} context and /usr/local/nginx/conf/staticfiles.conf which applies globally to all Nginx vhost domain sites.
  • /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf - only exists in Centmin Mod 123.09beta01 and higher. Allows you to add custom Nginx rules within your Nginx vhost between the default web root location / {} context and /usr/local/nginx/conf/staticfiles.conf which applies locally to the specific Nginx vhost domain site i.e. domain.com.

PHP-FPM

PHP-FPM also have a few configuration files.

  • /etc/init.d/php-fpm - php-fpm service init.d file.
  • /usr/local/etc/php-fpm.conf - main PHP-FPM configuration file. Has dynamically configured values for some settings depending on Centmin Mod initial install time detected server resources available i.e. amount of installed memory and free available memory. Everytime you edit this, you need to restart php-fpm service.
  • FAQ 19 lists your log files and there's one for PHP-FPM process /var/log/php-fpm/www-error.log and one for PHP apps /var/log/php-fpm/www-php.error.log.

MariaDB MySQL

  • /root/.my.cnf - MySQL client credentials for MySQL root user's password entered here. Whenever, you change your MySQL root user password via SSH, afterwards also add the new MySQL root user's password to this file so that you can run MySQL client's without needing the password i.e. mysql, mysqldump etc. Some Centmin Mod Addons and features rely on having a set with MySQL root password i.e. dbbackup.sh MySQL backup script.
  • /etc/my.cnf - MariaDB MySQL main mysql settings file. Has dynamically configured values for some settings depending on Centmin Mod initial install time detected server resources available i.e. amount of installed memory and free available memory. Everytime you edit this, you need to restart mysql service.
  • /var/lib/mysql - directory where your MySQL databases reside. You CAN NOT just backup these files, touching them this way will corrupt your database data. You need to properly backup MySQL databases using mysqldump command which is the safest and most reliable way to backup MySQL databases. PHP or web based tools like phpmyadmin are unreliable for larger MySQL databases as they risk timing out and thus resulting in incomplete backups.
  • /var/log/mysqld.log (before Mariadb 10.0.29/10.1.21) or /var/lib/mysql/YOURHOSTNAME.err (after Mariadb 10.0.29/10.1.21) - MariaDB MySQL server error log. There maybe an initial error log at /var/lib/mysql/YOURHOSTNAME.err which might get populated before Centmin Mod's custom /etc/my.cnf templates are initialised and kicks in for the custom error log path.

CSF Firewall

  • /etc/csf/csf.conf - main CSF Firewall config file. Has server environment specific settings so be careful some server environments like OpenVZ do not support some of the settings that are dynamically configured on Centmin Mod install for non-OpenVZ servers. Everytime you edit this you need to restart csf service.
  • /etc/csf/ directory also contains other config files that /etc/csf/csf.conf relies on. Everytime you edit any of those files in /etc/csf/, you need to restart csf service.
  • /var/log/lfd.log log file is for CSF Firewall's Login Failure Daemon (lfd) entries. Example of the last 2 *Blocked in csf* log entries related to CSF Firewall auto banning IPs that do distributed SSHD brute force attacks and SSHD login failure attempts:

    grep Blocked /var/log/lfd.log | tail -2
    Sep  9 21:09:27 host lfd[30532]: 119.249.54.88 (CN/China/-), 6 distributed sshd attacks on account [root] in the last 3600 secs - *Blocked in csf* [LF_DISTATTACK]
    Sep 10 04:56:25 host lfd[27736]: (sshd) Failed SSH login from 119.249.54.86 (CN/China/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
    

Memcached Server

  • /etc/init.d/memcached - Memcached server's config settings are located within the init.d startup file itself. Everytime you edit this you need to restart memcached service.

NSD DNS

  • /etc/nsd/nsd.conf - NSD main config file if you chose to setup domain DNS on your server locally via centmin.sh menu option 3. Example posted on forums here. If you did not setup NSD DNS locally but used a 3rd party DNS nameservers for your domains, then you do not need to be concerned with NSD.
  • /etc/nsd/ - directory for other related NSD config files and DNS zone files.
  • Everytime you edit any of those files in /etc/nsd/, you need to restart nsd service.