Centmin Mod FAQ

If English isn't your first language, you can use dropdown menu translator to translate this page into your preferred language.




Centmin Mod was created and tested to work as standalone Nginx, PHP-FPM and MariaDB MySQL stack without the use of any control panels. The goal of the Centmin Mod menu based installation was to make it easier to manage without the aid of a control panel. Centmin Mod definitely doesn't work with WHM/Cpanel, Plesk or DirectAdmin. I am unsure if it will work with Webmin, ISPConfig or Kloxo. Reason is mainly due to custom source compiled versions for Nginx and PHP-FPM and how the configuration files and settings are structured and laid out are totally different from any CentOS YUM repository provided installs for Nginx and PHP-FPM and the fact that Centmin Mod LEMP stack uses MariaDB MySQL. If you do try this yourself, please do on a test server environment only and not your live production web servers.

Centmin Mod was born from extensive modification of the original Centmin script. As such there was never any intention of within the original Centmin or my Centmin Mod script for purposes of shared hosting with multiple end users using individual FTP usernames to manage sites and domains.

Centmin Mod like original Centmin script, was intended for a single root user/administrator to manage multiple or single web site domains on a VPS or dedicated server. By default, in current version of Centmin Mod there is no security in place to protect one site domain vhost account from access to another domain vhost account. As such, current Centmin Mod script isn't suited to shared hosting where you provide to admin users other than yourself with site ftp/ssh access. All users would be able to access each site account. Of course this doesn't prevent you from modifying Centmin Mod script and structure to support shared hosting yourself if you know what you're doing. Note: I won't be able to provide any help if you do such modifications though.

For future Centmin Mod script versions, I do plan to add such support eventually but it's definitely something planned way into the future. So not anything that will be available anytime soon. Centmin Mod is provided for free and as is, so I am only working on Centmin Mod in my free time.

For now most folks do not need to install FTP, instead just use native SFTP to upload to Centmin Mod installed servers using SFTP supported client i.e. Filezilla - documentation and google tutorials http://lmgtfy.com/?q=filezilla+sftp+connect+server+tutorial. A few example tutorials:

  1. http://wiki.filezilla-project.org/Using
  2. http://wiki.dreamhost.com/FileZilla_Setup
  3. http://kb.siteground.com/how_to_establish_sftp_connection_to_hosting_with_filezilla/
  4. http://kb.mediatemple.net/questions/880/Using+FileZilla+for+FTP%7B47%7DSFTP#gs
  5. http://psychologyit.rutgers.edu/helpdocs/filezilla.html
  6. http://blog.softlayer.com/2012/tips-and-tricks-how-to-use-sftp/

Update: Jan 19th, 2015 - Centmin Mod 1.2.3-eva2000.08 beta release has added basic isolated jailed FTP user support via pure-ftpd virtual FTP user features for beta testing. Virtual FTP user support is done via FTP with explicit TLS/SSL for encrypted transfers via a self-signed SSL certificate and PASV mode enabled. You'd want to disable PHP shell functions to further lock it down as per Getting Started Guide item 14.

Full install instructions here.

Upgrades in General

Centmin Mod 1.2.3-eva2000.08 and higher has changed the upgrade method for actual Centmin Mod code itself. You can read the full upgrade method on the Upgrade page. For upgading Nginx and PHP etc, it's still the same as outlined below.

Within same v1.2.2 branch or within same v1.2.3 upgrades

If you are upgrading a server which already previously had Centmin Mod installed of the same branch i.e. Centmin Mod v1.2.2-eva2000.** or within same v1.2.3-eva2000.** branch, you DO NOT need to run option #1 (in fact as of Centmin Mod v1.2.2-eva2000.14 it will be impossible to run option #1 as the script will detect previous install of Centmin Mod and abort the script). For the latest Centmin Mod code update instructions check out the newly added Centmin Mod upgrade page.

Once, Centmin Mod code is updated just run option #4 and then option #5 for upgrading Nginx web server and upgrading PHP. You only need to run these if you upgrading to new Nginx or PHP version. If your existing Centmin Mod install has the same versions for Nginx and PHP, there maybe no need to even run those menu options unless, new Nginx and/or PHP modules and extensions are added by the updated Centmin Mod code. Update: as of v1.2.3-eva2000.07+ and higher, there's a new centmin.sh menu option 22 which can upgrade Nginx, PHP-FPM and Siege benchmark versions to the versions set in centmin.sh. This means if you are upgrade Centmin Mod from say .07 to .08, you only have to run centmin.sh menu option #21 from .08 release, to automatically upgrade Nginx, PHP-FPM and Siege benchmark. Again, if between Centmin Mod releases, you upgraded Nginx and PHP-FPM versions to versions matching those in the new Centmin Mod releases's centmin.sh version number variables, then there is no need to run menu option #21.

v1.2.2 to v1.2.3+ upgrades

But if you are on the older, Centmin Mod v1.2.2-eva2000.** branch, and want to move to utilising the full 100% feature set of Centmin Mod v1.2.3 branch, you will need to use a fresh CentOS installed server and do fresh Centmin Mod v1.2.3 install rather than upgrade and transfer your old files to the new server. The reason is the Centmin Mod v1.2.3 branch has alot of new features that are installed at initial install time only and not via upgrade.

If you don't need 100% of the new features in Centmin Mod v1.2.3 branch and are only concerned with utilising v1.2.3 Nginx, PHP and MariaDB 5.5 improvements, then just running Nginx upgrade option #4 and PHP upgrade option #5 and MariaDB 5.2.x to 5.5.x upgrade option #12 will allow you to use all the new Nginx, PHP and MariaDB 5.5 features listed at Centmin Mod v1.2.3. So running Nginx upgrade option #4, you will always still get Google SPDY and ngx_pagespeed and other listed modules support on Nginx page. Same if you run PHP upgrade option #5, you will always still get all compiled extensions supported and listed on PHP page.

Nginx upgrade

Menu option #4 will upgrade Nginx web server by prompting you to enter the Nginx version you want to install. You may receive 404 Not Found errors on php pages after Nginx upgrade. If you do, run Menu option #5 to upgrade/reinstall PHP version. You will find the latest stable and development versions on Nginx.org. The Nginx upgrade routine will do a preliminary YUM update check to make sure any new Centmin Mod options have their required YUM installed software prior to the upgrade.

You can also use the menu option #4 to downgrade Nginx versions as well just by entering a Nginx version you want. For Centmin Mod, I would stick with the stable version Nginx v1.1.xx to v1.2.xx as there are changes to nginx.conf etc which Centmin Mod caters to in it's configuration files, which earlier Nginx versions won't support.

Nginx upgrade process will also backup your existing Nginx conf directory and file via 3 options in centmin.sh: NGINXBACKUP='y', NGINXCONFDIR='/usr/local/nginx/conf', NGINXBACKUPDIR='/usr/local/nginxbackup'. You will find backups of previous Nginx versions in timestamped directories located within /usr/local/nginxbackup.

PHP Upgrade

Menu option #5 will upgrade your PHP version to whatever version you enter at the prompt. You'll find latest PHP versions stable releases on the top right corner column on php.net.

Prior to Centmin Mod 1.2.3-eva2000.07 stable release, upgrading PHP involved some additional steps if you had installed any of the following PHP extensions, Xcache, APC, Suhosin, FFMPEG, Memcache or generally any extension which required you to manually load a *.so file into php.ini. The reason why is the PHP upgrade routine will backup your existing php.ini which is at /usr/local/lib/php.ini and save backup to /usr/local/lib/php.ini-oldversion_timestamp and then overwrite that php.ini file with latest php.ini supplied by PHP tarbal download package. However, with Centmin Mod 1.2.3-eva2000.07 and higher versions, this is usually no longer required as the upgrade routine automatically detects previously compiled PHP extensions and auto recompiles them on major PHP upgrades only i.e. PHP 5.4 to 5.5 or 5.6. It will skip auto recompiles for minor PHP upgrades i.e. PHP 5.5.16 to 5.5.17.

The PHP upgrade process will then do a DIFF comparison check between new /usr/local/lib/php.ini and saved backup at /usr/local/lib/php.ini-oldversion_timestamp and display all the changes and differences between the file. There's a 60 second delay on the screen so you can use that opportunity to copy or note the changes for your own records. Usually, the changes will highlight what PHP extensions were installed previously and what is missing in the new php.ini.

Prior to Centmin Mod 1.2.3-eva2000.07 stable release, all you had to do after PHP upgrade was to re-install those PHP extensions via menu options listed below - for Suhosin and FFMPEG install is fine. However, with Centmin Mod 1.2.3-eva2000.07 and higher versions, this is usually no longer required unless there are issues requiring manual recompile via menu options outlined below:

  • 6). XCache Re-install
  • 7). APC Cache Re-install
  • 10). Memcached Server Re-install (this also updates your libevent version)
  • 15). Install/Re-install imagick PHP Extension
  • 18). Suhosin PHP Extension install
  • 19). Install FFMPEG and FFMPEG PHP Extension

The PHP upgrade process also backs up and overwrites your existing php-fpm configuration file /usr/local/etc/php-fpm.conf to /usr/local/etc/php-fpm.conf-oldversion_timestamped. It will prompt you and ask if you want to overwrite and backup the php-fpm.conf file. This is to ensure updated php-fpm.conf changes make it into your server's php-fpm configuration.

MariaDB 5.5 MySQL ?

As at July 28th, 2015, latest Centmin Mod v1.2.3 and higher have MariaDB 10.0.x MySQL default support as outlined here.

For existing Centmin Mod users still on MariaDB 5.2, you'll find the new revised menu option #12 is for MariaDB 5.2.x update to MariaDB 5.5.x for folks wanting to test older Centmin Mod installs upgrade process to MariaDB 5.5

Since MariaDB 10.0.x uses YUM repository, future updates can be done via YUM:

yum update MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared

Before upgrading it is highly recommended to backup all your mysql databases using mysqldump

backup

mysqldump -Q -K --max_allowed_packet=256M --net_buffer_length=65536 --routines --events --triggers --hex-blob -u mysqlusername -p mysqldatabasename > /path/to/mysqldatabasename_backup_date.sql

restore

mysql -u mysqlusername -p mysqldatabasename < /path/to/mysqldatabasename_backup_date.sql

MariaDB 5.2.x upgrade

Menu option #11 will upgrade existing MariaDB 5.2.x MySQL server users only within MariaDB 5.2.x branch (follow above instructions if you want to move from MariaDB 5.2.x to MariaDB 5.5.x). But unlike Nginx and PHP upgrade routines, it will not prompt for MariaDB version. The version that is upgraded to is determined by what is set in centmin.sh for the following variables:

Set to version you want to upgrade to:

MDB_VERONLY='5.2.14'
MDB_BUILD='122'

Set to existing version you are already using:

MDB_PREVERONLY='5.2.12'
MDB_PREBUILD='115'

So centmin.sh will look like this for MariaDB 5.2.12 Build 115 upgrade to MariaDB 5.2.14 Build 122.

# Define current MariaDB version
MDB_VERONLY='5.2.14'
MDB_BUILD='122'
MDB_VERSION="${MDB_VERONLY}-${MDB_BUILD}"     # Use this version of MariaDB ${MDB_VERONLY}
 
# Define previous MariaDB version for proper upgrade
MDB_PREVERONLY='5.2.12'
MDB_PREBUILD='115'
MDB_PREVERSION="${MDB_PREVERONLY}-${MDB_PREBUILD}"     # Use this version of MariaDB ${MDB_VERONLY}

Please stick with only the latest MariaDB 5.2.x version tested and listed on official web site at changelog.html. I can not guarantee that higher versions which have not been tested by me to work 100%.

Before upgrading it is highly recommended to backup all your mysql databases using mysqldump

backup

mysqldump -u mysqlusername -p mysqldatabasename > /path/to/mysqldatabasename_backup_date.sql

restore

mysql -u mysqlusername -p mysqldatabasename < /path/to/mysqldatabasename_backup_date.sql

Centmin Mod 131.00stable or 140.00beta01 or higher releases are tested from fresh installs as well as upgrades with latest PHP (php-fpm) versions. For AlmaLinux/Rocky Linux 8, PHP 8.0 is the default and for AlmaLinux/Rocky Linux 9, PHP 8.1 is the default. Or you can use a different PHP default version Centmin Mod installer. Or you can switch between PHP versions via centmin.sh menu option 5 and entering your desired PHP version when prompted. Centmin Mod latest versions also support a SSH command line option: getphpver which will list the latest PHP version for each PHP major branch so you can be informed of latest PHP version to enter when prompted.

While the getphpver command lists PHP 5.5-7.1 versions, these are no longer supported in AlmaLinux or Rocky Linux 8/9 operating systems. AlmaLinux/Rocky Linux 8 minimum supported PHP version is PHP 7.2, while AlmaLinux/Rocky Linux 9 minimum supported PHP version is PHP 7.4 as Centmin Mod has backported patch support for PHP 7.4 and PHP 8.0 for EL9 operating systems as technically for EL9 operating systems, PHP 8.0 is minimum supported version due to PHP 7.4 and PHP 8.0 not natively supporting EL9's OpenSSL 3.0 crypto library.

getphpver

8.3.9
8.2.21
8.1.29
8.0.30
7.4.33
7.3.33
7.2.34
7.1.33
7.0.33
5.6.40
5.5.38

With getphpver command you can also narrow the latest PHP version output to just one PHP major version:

getphpver 83
8.3.9

getphpver 82
8.2.21

getphpver 81
8.1.29

getphpver 80
8.0.30

getphpver 74
7.4.33

getphpver 73
7.3.33

getphpver 72
7.2.34

You can also find latest PHP versions stable releases on the top right corner column on php.net.

Example centmin.sh menu option 5 upgrade switch to PHP 8.3.9 version below:

--------------------------------------------------------
     Centmin Mod Menu 140.00beta01 centminmod.com     
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  MySQL User Database Management
7).  Persistent Config File Management
8).  Option Being Revised (TBA)
9).  Option Being Revised (TBA)
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Data Transfer
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 5
--------------------------------------------------------

PHP Upgrade/Downgrade - Would you like to continue? [y/n] y

----------------------------------------------------------------
Install which version of PHP? (i.e. 7.3.33, 7.4.33, 8.0.30, 8.1.29, 8.2.21, 8.3.9, NGDEBUG)
PHP 7.x/7.1.x/7.2.x/7.3.x is GA Stable but still may have broken PHP extensions.
NGDEBUG is PHP 8.4 dev builds minus incompatible PHP extensions
----------------------------------------------------------------

Current PHP Version: 8.4.0alpha1
Can Not Determine Latest PHP Version Installable:
8.3.9
8.2.21
8.1.29
8.0.30
7.4.33
7.3.33
7.2.34
7.1.33
7.0.33
5.6.40
5.5.38

Enter PHP Version number you want to upgrade/downgrade to: 8.3.9

Do you still want to continue? [y/n] y

----------------------------------------------------------------
existing php.ini will be backed up at /usr/local/lib/php.ini-oldversion_170724-231417
----------------------------------------------------------------

-----------------------------------------------------------------------------------------
Detected PHP 8.3 branch.
You can compile Zend OPcache (Zend Optimizer Plus+) support
as an alternative to using APC Cache or Xcache cache.
But Zend OPcache only provides PHP opcode cache and
DOESN'T do data caching, so if your web apps such as Wordpress,
Drupal or vBulletin require data caching to APC or Xcache,
it won't work with Zend OPcache.

-----------------------------------------------------------------------------------------
Do you want to use Zend OPcache [y/n] ? y

You can do this via Centmin Mod menu options #2 & #3. Full details here.

Remember to check your domain name's DNS is properly configured at both your domain registrar & web server end (NSD) by running domain name through these 3 dns test sites

From Centmin Mod v1.2.2-eva2000.15 and onwards, logging is automatically done when you run centmin.sh. A log directory is defined by variable CENTMINLOGDIR='/root/centminlogs' in inc/centminlogs.inc. When run menu option, the entire process will be logged to a time stamped text log file named ${CENTMINLOGDIR}/centminmod_${SCRIPT_VERSION}_${DT}_*.log so you can review the logs for error messages etc

ls -lhrt /root/centminlogs/
 
total 7.3M
-rw-r--r-- 1 root root 4.3M Apr 14 17:14 centminmod_1.2.2-eva2000.15_140412-151749_install.log
-rw-r--r-- 1 root root 1.7M Apr 14 17:44 centminmod_1.2.2-eva2000.15_140412-173219_php_upgrade.log
-rw-r--r-- 1 root root  30K Apr 14 17:44 centminmod_1.2.2-eva2000.15_140412-173219_apc_reinstall.log
-rw-r--r-- 1 root root  89K Apr 14 17:45 centminmod_1.2.2-eva2000.15_140412-173219_memcached_reinstall.log
-rw-r--r-- 1 root root  24K Apr 14 17:46 centminmod_1.2.2-eva2000.15_140412-173219_suhosin_install.log
-rw-r--r-- 1 root root  17K Apr 14 17:49 centminmod_1.2.2-eva2000.15_140412-173219_ffmpeg_install.log
-rw-r--r-- 1 root root 1.3M Apr 14 18:02 centminmod_1.2.2-eva2000.15_140412-173219_nginx_upgrade.log
-rw-r--r-- 1 root root  23K Apr 14 18:31 centminmod_1.2.2-eva2000.15_140412-183136_nsd_reinstall.log

Old method (prior to v1.2.2-eva2000.15): If you're testing Centmin Mod installation on a test server and want to log the entire output of the process to a log file, you can use script command before running centmin.sh.

Type this command before running centmin.sh

script -f centminv122mod.log

Run centmin.sh which will invoke the full menu and select options you wan to run i.e. option #1

./centmin.sh

When you finished running centmin.sh hit exit option then at command prompt type exit command, this finishes the log and writes everything to centminv122mod.log which you can download and review.

exit

To change timezone before install, edit centmin.sh and find and change the ZONEINFO variable. For after install changes and more on ZONEINFO variable read the full guide here. Centmin Mod 1.2.3-eva2000.08+ and higher versions also added a convenient mytimes comand which outputs several timezones' relative times along with the server default timezone

mytimes
Sun Aug 23 15:10:31 UTC 2015    [UTC]
Mon Aug 24 01:10:31 AEST 2015   [Australia/Brisbane]
Sun Aug 23 08:10:31 PDT 2015    [America/Los_Angeles]
Sun Aug 23 10:10:31 CDT 2015    [America/Chicago]
Sun Aug 23 11:10:31 EDT 2015    [America/New_York]
Sun Aug 23 16:10:31 BST 2015    [Europe/London]

Time it takes varies depending on what software you opt to install, the server's network connectivity speed and the type of VPS or dedicated server you install it on. More powerful servers will take less time to install. The faster your server's network connectivity, the faster it downloads software (YUM/RPMs). On my local virtualbox test server (Xeon W3540 @3.5Ghz 2 cores allocated, 1.5GB memory, SATAII disk) for CentOS 5.5, 5.6 and 6.0, for full install for all prompted default options it takes roughly 20-22 minutes to install. On centminmod.com's cluster of 512MB / 1GB Burst OpenVZ based VPSes with 2 core Xeon E5520, the same full install took nearly 55 minutes. For Centmin Mod 1.2.3-eva2000.08+ and higher, the times have been relatively improved. From my local Virtualbox testing in 2015, install times were reduced from 1,300-1,800 seconds to 1,000-1,300 seconds. For OpenVZ testing on 4 cpu core VPS, times weere reduced from 1,000-1,300 seconds to 600-900 seconds. You may think that is a long time, but remember in most cases you'll be optimised post-install time ready to go as opposed to usual YUM/RPM install, you could spend hours post-install on getting everything optimised settings wise.

From 1.2.3-eva2000.08+ and higher versions, there's a one liner curl install method. This method provides additional statistics at end of install including the install times and a break down of download, yum, source compile and total install times. Example below:

---------------------------------------------------------------------------
Total Curl Installer YUM or DNF Time: 56.1786 seconds
Total YUM Time: 12.470224222 seconds
Total YUM or DNF + Source Download Time: 28.4158
Total Nginx First Time Install Time: 50.0480
Total PHP First Time Install Time: 150.4703
Download Zip From Github Time: 1.2459
Total Time Other eg. source compiles: 234.5482
Total Centmin Mod Install Time: 463.4823
---------------------------------------------------------------------------
Total Install Time (curl yum + cm install + zip download): 520.9068 seconds
---------------------------------------------------------------------------
                

Current versions of Centmin Mod Nginx auto installer has been tested on CentOS 7 (now end of life), AlmaLinux 8/9, Rocky Linux 8/9, Oracle Linux 8/9. However, as most web hosts offer only AlmaLinux or Rocky Linux, these are the recommended operating systems to install Centmin Mod on. For minimum and recommended memory and disk requirements which affect the choice of CentOS OS to use for Centmin Mod read official Centmin Mod Install page guide. Currently, only x86/x86_64 architecture is supported and ARMv7/8 based cpus isn't supported due to CentOS ARM compatibility with 3rd party YUM repositories that Centmin Mod uses. Hopefully, in future it maybe so keep an eye on Centmin Mod Community Forum's Beta Release forums for any updates.

Centmin Mod has tested on mainly on KVM and OpenVZ based VPS servers and dedicated servers with x86_64 architecture based CPU servers.

Currently, Centmin Mod is CentOS, AlmaLinux, Rocky Linux only - the focus is on developing all the planned features to be more mature before looking at other operating systems. There's a public official development dashboard roadmap for some of the planned features and wishlist features for Centmin Mod. But there's a definite possibility that in future, I'll write up a Debian version once I have Centmin Mod version settled in terms of features and stability. As for a FreeBSD Nginx auto installer script, there's no plans right now. But that can change.

Put simply, back when Centmin Mod was first developed in 2011 - MariaDB 5.2.x MySQL server had the best performance mix for both MyISAM and InnoDB storage engines in MySQL. You can read benchmarks I did on my blog Part 1 and Part 2. While it may not make as much difference for VPS and dedicated servers with low memory and cpu core count specifications, MariaDB 5.2.x uses Percona's XtraDB InnoDB engine so has same or somewhat better InnoDB performance as Percona but MariaDB is the only MySQL version which still focuses on MySQL core improvements as well as improvements to MyISAM engine.

MariaDB usage has continued since then. You can read about the differences and similarities between MariaDB Server vs Oracle MySQL vs Percona MySQL on the forums here.

yum -q -y install postfix
 
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package postfix.x86_64 2:2.6.6-2.2.el6_1 will be installed
--> Processing Dependency: mysql-libs for package: 2:postfix-2.6.6-2.2.el6_1.x86_64
--> Finished Dependency Resolution
Error: Package: 2:postfix-2.6.6-2.2.el6_1.x86_64 (base)
           Requires: mysql-libs
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

This is a problem with MariaDB 5.2 RPM packages on CentOS 6.x which usually provides mysql-libs but to install MariaDB 5.2 you have to uninstall mysql-libs which postfix requires. This is fixed with MariaDB 5.5 packages as it includes the dependencies that CentOS 6.x mysql-lib usually provide.

As at May 18th, 2013, latest Centmin Mod v1.2.3 beta has MariaDB 5.5 MySQL default support as outlined here.

Note: MariaDB 5.5.30 currently has a bug when a host is configured to have both ipv6 and ipv4 enabled you may get 'Error establishing a database connection' with your web apps i.e. wordpress when connecting via localhost. If you use 127.0.0.1 instead of localhost it works fine. This bug is fixed in next MariaDB 5.5.31 release (bug reported).

Centmin Mod will very soon be moving to MariaDB 5.5 base installs by default for this very reason as well as the better performing MariaDB 5.5 server. Testing is currently being done with MariaDB 5.5. For updates as to when MariaDB 5.5 support comes to Centmin Mod, please follow me on Twitter or via Centmin Mod Google+ Page.

Example of successful install of postfix with test MariaDB 5.5 on Centmin Mod install

mysqladmin ver
mysqladmin  Ver 9.0 Distrib 5.5.25-MariaDB, for Linux on x86_64
Copyright 2000-2008 MySQL AB, 2008 Sun Microsystems, Inc,
2009 Monty Program Ab
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license
 
Server version          5.5.25-MariaDB
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /var/lib/mysql/mysql.sock
Uptime:                 5 sec
 
Threads: 1  Questions: 1  Slow queries: 0  Opens: 33  Flush tables: 1  Open tables: 26  Queries per second avg: 0.200

yum install postfix
 
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package postfix.x86_64 2:2.6.6-2.2.el6_1 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
=========================================================================
 Package                  Arch       Version                     Repository               Size
=========================================================================
Installing:
 postfix                    x86_64    2:2.6.6-2.2.el6_1       base                         2.0 M
 
Transaction Summary
=========================================================================
Install       1 Package(s)
 
Total download size: 2.0 M
Installed size: 9.7 M
Is this ok [y/N]: y
Downloading Packages:
postfix-2.6.6-2.2.el6_1.x86_64.rpm                                                                                          | 2.0 MB     00:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 2:postfix-2.6.6-2.2.el6_1.x86_64                                                                                                1/1 
 
Installed:
  postfix.x86_64 2:2.6.6-2.2.el6_1                                                                                                                 
 
Complete!

This depends on various factors including, what you choose to install software wise at installation time, opting to install Zend Opcache for php opcode caching, Memcached servers - choice between 1 or 2 instances and dependent on the operating systems minimum memory requirements. AlmaLinux and Rocky Linux 8/9 operating systems will generally use more memory than now end of life CentOS 7. For VPS based servers, it will also depend on what type of virtualization is implemented. OpenVZ based VPS out of box used more memory if left unchecked due to default stack sizes.

The minimum and recommended memory requirements have increased due to the base EL8 and EL9 memory requirements increasing.

  1. For AlmaLinux and Rocky Linux 8, the minimum system requirements are 1GB memory and 20GB disk. The recommended system requirements are at least 2GB memory and 40GB disk.
  2. For Centmin Mod on AlmaLinux & Rocky Linux 8, the minimum system requirements are 2GB memory + 4GB swap disk and 40GB disk. using a swap disk when there's not enough memory will still allow Centmin Mod to operate, but it will be a lot slower - as slow as the swap disk's underlying disk performance. Centmin Mod will auto detect if your do not have swap disk or not enough swap disk size and create a swap disk automatically. Recommended system requirements are at least 4GB memory + 4GB swap disk and 60GB disk. If you plan to install any type of Linux anti-malware/virus scanning software, you would want to add at least another 1-4GB of memory on top of those requirements. The optimal CPU core/threads is between 2-4. Though 1 CPU core is fine. The more CPU cores/threads, the faster the Centmin Mod source compiled routines will complete and the more concurrent workloads your server stack will generally be able to handle.

When I started modifying the original Centmin script for my own needs, the first thing I did was add command shortcuts to Centmin Mod. Normally, to edit server configuration files or start/stop/restart services in SSH2 telnet, you need to type in lengthy commands.

With command shortcuts, if you opted to install them at Centmin Mod installation time, you'll be able to type a one word command to perform the entire action. Of course, the software needs to be installed for command lines to work i.e. memcached or csf need to have been installed. The command shortcuts invokes the nano linux text editor, you can read up more about nano here and here.

Below are a list of command shortcuts:

  • Edit custom_config.inc persistent config file = customconfig ( /etc/centminmod/custom_config.inc )
  • mytimes = mytimes displays server date and time in multiple timezones (123.09beta01 only at /usr/bin/mytimes)
  • Edit php.ini = phpedit ( /usr/local/lib/php.ini )
  • Edit my.cnf = mycnf ( /etc/my.cnf )
  • Edit php-fpm.conf = fpmconf ( /usr/local/etc/php-fpm.conf )
  • Edit nginx.conf = nginxconf ( /usr/local/nginx/conf/nginx.conf )
  • Edit (nginx) virtual.conf = vhostconf - only edits /usr/local/nginx/conf/conf.d/virtual.conf not the additional vhost domain.com.conf files added later
  • Edit (nginx) php.conf = phpinc ( /usr/local/nginx/conf/php.conf )
  • Edit (nginx) drop.conf = dropinc ( /usr/local/nginx/conf/drop.conf )
  • Edit (nginx) staticfiles.conf = statfilesinc ( /usr/local/nginx/conf/staticfiles.conf )
  • nginx stop/start/restart = ngxstop/ngxstart/ngxrestart
  • php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart
  • mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart
  • nginx + php-fpm stop/start/restart = npstop/npstart/nprestart
  • memcached stop/start/restart = memcachedstop/memcachedstart/memcachedrestart
  • csf stop/start/restart = csfstop/csfstart/csfrestart

Example of mytimes output:

mytimes
Sun Oct  2 14:17:21 UTC 2016    [UTC]
Mon Oct  3 00:17:21 AEST 2016   [Australia/Brisbane]
Sun Oct  2 07:17:21 PDT 2016    [America/Los_Angeles]
Sun Oct  2 09:17:21 CDT 2016    [America/Chicago]
Sun Oct  2 10:17:21 EDT 2016    [America/New_York]
Sun Oct  2 15:17:21 BST 2016    [Europe/London]

Setting shortcut to centmin.sh directory

Centmin Mod command shortcuts use hard coded files in /usr/bin/shortcutname as they are known paths etc. But for normal short cuts you might want to use more common alias command via /root/.bashrc file.

  1. backup contents of /root/.bashrc
  2. then edit /root/.bashrc to add aliases which are short cuts to command line statements you commonly run. One alias line per command. So to change to Centmin Mod centmin.sh directory if it's installed at /usr/local/src/centminmod/ (change directory path for below commands accordingly if you downloaded to different directory) you would type these 2 commands as root user in SSH telnet session.

  alias cmod='pushd /usr/local/src/centminmod/'

  echo "alias cmod='pushd /usr/local/src/centminmod/'" >> /root/.bashrc

Second command adds the alias command (first command) to /root/.bashrc.

I used pushd instead of cd command to change to directory as pushd along with popd are very useful. Read about their usage at http://www.eriwen.com/bash/pushd-and-popd/ and http://linux.101hacks.com/cd-command/dirs-pushd-popd/

To see all your listed and active alias commands type the command below. By default CentOS already has some alias commands set which will also be listed:

  alias

Unfortunately, I haven't gotten my head around rewrite rules and regex as yet. Best place to ask for help for Apache rewrite/htaccess conversions to equivalent Nginx rewrite rule would be on Nginx's official forums at http://forum.nginx.org/. I am actively looking at compiling a list of standard working Nginx rewrite rules for various software like, wordpress & drupal perma links, vBulletin, xenforo, IPB forums and other software. Appropiate credit/linking to contributor and their site will be given on the compiled list page. So if you'd like to contribute to such a list, feel free to contact me.

When I started modifying the original Centmin script for my own needs, I had a very specific configuration in mind for Nginx, PHP-FPM, and MariaDB. They would be custom tuned settings wise from out of the box installations - ready to hit the ground running with optimised specific settings. The source install method for common software also allows using more recent versions that what CentOS YUM repositories can provide and also lessen Centmin Mod user's reliance on the developer when new versions of software are released. The end user can just run centmin.sh menu options 4 and 5 to upgrade to newer Nginx and PHP versions without any delay in waiting for YUM repo based RPMs to be released or built. So with source compiles for Nginx and PHP, there is a shorter time between when the Nginx and PHP developers announce a new version release on their web site and the time you get to install that newer version on your server. For YUM repo installs, that more lengthy delay can be days or weeks even between Nginx and PHP developer announced new version and time you get to install the new version on your server.

RPM/YUM while faster for installation, wouldn't satisfy my goals in that you'd spend alot more time after installation trying to customise each and every software. I also use Amazon EC2, Rackspace Cloud, GoGrid based cloud server hosting for testing as well for my Apache equivalent bash auto install script which I wrote from ground up prior to finding Centmin (alot of the Centmin Mod functions were ported over from my Apache bash auto installer sript - including the above command shortcut feature).

The Apache version like Centmin Mod, aimed at reducing the amount of post-install time in customising settings for all software. Afterall, cloud server hosting charges by the hour, so less time post-install configuring equals less costs incurred. So basically, some software is source compiled for this reason - weighing up a more lengthy install process for nearly zero time post-install custom configuration process. The other reason for source compile for Nginx, PHP-FPM, Xcache, APC, Memcached etc is that these are constantly updated with new versions and rather than be reliant on and waiting for YUM REPO/RPM binary updates which always lag behind the new releases, source compilation allowed much more timely updates. This is also important for Nginx to be able to add and update additional Nginx modules in a timely manner i.e. ngx_pagespeed module.

Nginx and PHP source installs also allow Centmin Mod to provide features and enhancements that not many other LEMP/LAMP stacks provide including. These are some features available optionally in latest Centmin mod 123.09beta01 and newer releases:

Some of Centmin Mod's installed software will have their own access and error logs which maybe useful for diagnosing errors or give info, notes, or warning notices.

Note: There's no support provided by me for diagnosing such errors which may occur for various reasons including misconfiguration of installed php/mysql scripts or applications.

In SSH2 telnet you can use tail command to view the last X number of lines in the file.

For example for viewing last 10 lines in the file for:

For Nginx access and error logs:

  tail -10 /usr/local/nginx/logs/access.log
  tail -10 /usr/local/nginx/logs/error.log

For specific domainname.com access and error log:

  tail -10 /home/nginx/domains/domainname.com/log/access.log
  tail -10 /home/nginx/domains/domainname.com/log/error.log

For other system error logs located at /var/log:

list /var/log files in ascending time order so the most recently modified files are at the bottom

  ls -lhrt /var/log
 
total 2.7M
-rw------- 1 root  root    0 Aug 29 15:33 tallylog
-rw------- 1 root  root    0 Aug 29 15:33 spooler
drwx------ 3 root  root 4.0K Aug 29 15:35 samba
drwxr-xr-x 2 root  root 4.0K Aug 29 15:35 mail
-rw-r--r-- 1 root  500     0 Oct  8 18:13 dmesg.old
-rw------- 1 root  500     0 Oct  8 18:13 boot.log
-rw-r--r-- 1 root  500     0 Oct  8 18:14 dmesg
drwx------ 2 root  root 4.0K Oct  8 18:14 httpd
drwxr-xr-x 2 root  root 4.0K Oct  8 19:08 php-fpm
-rw-rw---- 1 mysql root 2.3K Oct  9 12:38 mysqld.log
-rw------- 1 root  root 9.2K Oct 26 10:48 yum.log
-rw------- 1 root  utmp  94K Nov  7 22:59 btmp
drwxr-xr-x 2 root  root 4.0K Nov  8 00:00 sa
-rw------- 1 root  root 269K Nov  8 21:39 messages
-rw------- 1 root  root 110K Nov  8 23:08 secure
-rw-rw-r-- 1 root  utmp  43K Nov  8 23:08 wtmp
-rw-r--r-- 1 root  root 144K Nov  8 23:08 lastlog
-rw------- 1 root  root  69K Nov  8 23:08 lfd.log
-rw------- 1 root  root 332K Nov  8 23:08 maillog
-rw------- 1 root  500  1.6M Nov  8 23:10 cron
 

For PHP-FPM error log:

  tail -10 /var/log/php-fpm/www-error.log 

and/or

  /var/log/php-fpm/www-php.error.log

For CentOS 7 systemd has it's own logging system via command:

  journalctl -u php-fpm --no-pager

For MySQL / MariaDB error log:

For CentOS 6 only.

  tail -10 /var/lib/mysql/YOURHOSTNAME.err

or

  tail -10 /var/log/mysqld.log 

For CentOS 7 systemd has it's own logging system via command:

  journalctl -u mariadb --no-pager

For CSF firewall LFD log:

  tail -10 /var/log/lfd.log

For Mail log:

  tail -10 /var/log/maillog

For Cron job logs:

  tail -10 /var/log/cron

You need to edit /usr/local/nginx/conf/conf.d/virtual.conf and find the very first instance of these lines

include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;

Uncomment and enable by remove # hash in front of phpstatus.conf

So this

#include /usr/local/nginx/conf/phpstatus.conf;

becomes

include /usr/local/nginx/conf/phpstatus.conf;

save /usr/local/nginx/conf/conf.d/virtual.conf, then restart Nginx

service nginx restart

or if you installed centmin mod shortcuts http://centmin.com/faq.html#commandshortcuts you can use this command

ngxrestart

then install lynx via yum

yum -q -y install lynx

then run this command whenever you want to see php-fpm usage stats

lynx --dump  http://127.0.0.1/phpstatus

You'll get output like below

pool:                 www
process manager:      static
start time:           28/Jun/2012:21:24:51 +0400
start since:          75
accepted conn:        196
listen queue:         0
max listen queue:     0
listen queue len:     0
idle processes:       4
active processes:     1
total processes:      5
max active processes: 1
max children reached: 0

PHP Status explained:

  • pool - the name of the pool that is listening on the connected socket, as defined in the php-fpm config.
  • process manager - the method used by the process manager to control the number of child processes - either ondemand, dynamic or static - set on a per pool basis (in the php-fpm config) by the pm parameter.
  • start time - the date, time, and UTC offset corresponding to when the PHP-FPM server was started.
  • start since - the number of seconds that have elapsed since the PHP-FPM server was started (i.e. uptime).
  • accepted conn - the number of incoming requests that the PHP-FPM server has accepted; when a connection is accepted it is removed from the listen queue (displayed in real time).
  • listen queue - the current number of connections that have been initiated, but not yet accepted. If this value is non-zero it typically means that all the available server processes are currently busy, and there are no processes available to serve the next request. Raising pm.max_children (provided the server can handle it) should help keep this number low. This property follows from the fact that PHP-FPM listens via a socket (TCP or file based), and thus inherits some of the characteristics of sockets.
  • max listen queue - the maximum value the listen queue has reached since the server was started.
  • listen queue len - the upper limit on the number of connections that will be queued Once this limit is reached, subsequent connections will either be refused, or ignored. This value is set by the php-fpm per pool configuration option 'listen.backlog', which defaults to -1 (unlimited). However, this value is also limited by the system (sysctl) value 'net.core.somaxconn', which defaults to 128 on many Linux systems.
  • idle processes - the number of servers in the 'waiting to process' state (i.e. not currently serving a page). This value should fall between the pm.min_spare_servers and pm.max_spare_servers values when the process manager is dynamic. (updated once per second)
  • active processes - the number of servers current processing a page - the minimum is 1 (so even on a fully idle server, the result will be not read 0). (updated once per second)
  • total processes - the total number of server processes currently running; the sum of idle processes + active processes. If the process manager is static, this number will match pm.max_children. (updated once per second)
  • max active processes - the highest value that 'active processes' has reached since the php-fpm server started. This value should not exceed pm.max_children.
  • max children reached - the number of times that pm.max_children has been reached since the php-fpm server started (only applicable if the process manager is ondemand or dynamic)

To increase or decrease Memcached server's allocated memory size, you will need to edit /etc/init.d/memcached start up file's MEMSIZE=8 variable. The variable assigns memory in MegaBytes (MB), so MEMSIZE=8 is equal to 8MB. If you want to allocate 256MB to Memcached server(s), then edit and change variable to MEMSIZE=256 and then restart memcached server:

  service memcached restart

or via command shortcut

  memcachedrestart

Since Centmin Mod v1.2.2-eva2000.09, installation automatically sets up a /etc/cron.daily/diskalert daily cron job script to monitor your disk space usage. By default the script will alert you to when disk space usage is >90% on any one partition on your server and sends email to root user unless you edit the script at /etc/cron.daily/diskalert to set the EMAIL='[email protected]' address. You can also change the preset warning percentage threshold by editing /etc/cron.daily/diskalert and changing ALERT='90' to different percentage.

It is important to monitor disk space usage - to be able to see how much free disk space you have left. It is sometimes one of the more commonly overlooked metrics on VPS or dedicated servers.

Centmin Mod additional PHP compiled extensions such as APC Cache, Xcache, Memcache/Memcached, ImagicK, igbinary, FFMPEG and Suhosin are usually loaded separately from php.ini for ease of management via the menu options. As such these PHP compiled extensions are loaded individually into their own respective *.ini files in the directory defined in centmin.sh script, CONFIGSCANBASE='/root/centminmod'. For Centmin Mod v1.2.3-eva2000.07+ and higher, this path will change to CONFIGSCANBASE='/etc/centminmod'

So if you need to edit settings or manually disable a PHP extension, you can do so at the following locations (provided you have actually installed the listed PHP extension):

  • /root/centminmod/apc.ini (edit APC memory allocation here)
  • /root/centminmod/xcache.ini (edit Xcache memory allocation here)
  • /root/centminmod/igbinary.ini
  • /root/centminmod/imagick.ini
  • /root/centminmod/memcache.ini
  • /root/centminmod/memcached.ini
  • /root/centminmod/suhosin.ini (older installs will have ffmpeg.so directory loaded via (/usr/local/lib/php.ini)
  • /root/centminmod/ffmpeg.ini (older installs will have suhosin.so directory loaded via (/usr/local/lib/php.ini)

Common errors you may come across while installing or using Centmin Mod on CentOS operating system:

Problem: If you forget to make centmin.sh script executable via chmoding it or setting it's permissions to 755 via FTP/SFTP you'll get permission denied message for centmin.sh. Make sure you are running centmin.sh as root administrative user.

./centmin.sh: Permission denied

Solution: in SSH2 telnet as root admin user chmod centmin.sh or via FTP/SFTP set 755 permissions on centmin.sh

chmod +x centmin.sh


Problem: Nginx upgrade option fails - nginx tarball file not found.

Compiling nginx...
--2011-10-07 14:48:5-- http://nginx.org/download/nginx-.tar.gz
Resolving nginx.org... 206.251.255.63
Connecting to nginx.org|206.251.255.63|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2011-10-07 14:48:53 ERROR 404: Not Found.
 
tar: nginx-.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
./centmin.sh: line 1789: cd: nginx-: No such file or directory
make: *** No rule to make target 'clean'. Stop.
Would you like to compile nginx with IPv6 support? [y/n]

Solution: You didn't enter the correct nginx version number when prompted when you ran nginx upgrade option.

ie. enter 1.0.8 or 1.1.5 at prompt

--------------------------------------------------------
Centmin 1.2.2-eva2000.02 - http://centminmod.com
Menu/Mods Author: eva2000 (vbtechsupport.com)
Centmin Original Author: BTCentral (btcentral.org.uk)
--------------------------------------------------------
                   Centmin Menu                   
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade
5).  PHP Upgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2 Upgrade
12). Install ioping.sh vbtechsupport.com/1239/
13). SELinux disable
14). Setup Logrotate for Nginx
15). Setup Logrotate for PHP-FPM
16). Change SSHD Port Number
17). Exit
--------------------------------------------------------
Enter option [ 1 - 17 ] 4
--------------------------------------------------------
**********************************************************************
* Nginx Update script - Included in Centmin Extras
* Version: 1.2.2-eva2000.02 - Date: 08/10/2011 - Copyright 2011 BTCentral
**********************************************************************
  
This software comes with no warranty of any kind. You are free to use
it for both personal and commercial use as licensed under the GPL.
  
Nginx Upgrade - Would you like to continue? [y/n] y
Install which version of Nginx? (version i.e. 1.0.6): 1.1.5


Problem: MySQL server not starting up, I get the following error message:

Starting MySQL................................ ERROR! Manager of pid-file quit without updating file.

Solution: Run the following commands:

Check mysql error log for unsupported mysql variable options you may have added or changed in /etc/my.cnf after Centmin Mod initial installation

Command to run in ssh2 telnet as root user:

tail -30 /var/lib/mysql/`hostname`.err | sed -e "s/`hostname`/yourserverhostname/g"

Also check:

tail -30 /var/log/mysqld.log | sed -e "s/`hostname`/yourserverhostname/g"

Check MySQL server status to see if it's running or stopped

Command to run in ssh2 telnet as root user:

service mysql status

If MySQL status says stopped but there's still mysql* processes showing up in first command below, run the second command to kill any lingering mysql processes preventing mysql to start up properly

1st command

ps aux |grep mysql |awk '{print $2, $7, $8, $9, $10, $11, $12}' | grep -Ev grep

2nd command

kill -9 `ps aux |grep mysql |awk '{print $2}'`

Restart MySQL server

Command to run in ssh2 telnet as root user:

service mysql restart


Problem: I can't connect to the installed Memcached server instance on 127.0.0.1 port 11211 ?

Solution: Steps to follow:

1. Check if memcached server is running and that php was successfully compiled with memcache extension (which it would of been when you said YES to memcached server install prompt).

Command to check memcached server running:

  ps ax | grep memcached | grep -Ev grep

output showing memcached server running:

  ps ax | grep memcached | grep -Ev grep
 3210 ?        Ssl    0:00 /usr/local/bin/memcached -d -m 8 -l 127.0.0.1 -p 11211 -c 2048 -t 4 -n 48 -f 1.05 -u nobody

Command to check memcache extension loaded with phpinfo:

  php -i | grep memcache

output showing memcache php extension loaded and installed:

  php -i | grep memcache
memcache
memcache support => enabled
memcache.allow_failover => 1 => 1
memcache.chunk_size => 32768 => 32768
memcache.compress_threshold => 20000 => 20000
memcache.default_port => 11211 => 11211
memcache.hash_function => crc32 => crc32
memcache.hash_strategy => consistent => consistent
memcache.lock_timeout => 15 => 15
memcache.max_failover_attempts => 20 => 20
memcache.protocol => ascii => ascii
memcache.redundancy => 1 => 1
memcache.session_redundancy => 2 => 2
Registered save handlers => files user sqlite memcache

2. If you installed CSF firewall when prompted, the default memcached 11211 port would of been set to allow the memcached server through CSF firewall. If you didn't install CSF firewall, then you may have ip tables enabled running and it is blocking 11211 port so need to add a rule to allow memcached port 11211 through iptables.

Confirm if iptables is blocking 11211 port, by temporarily shutting down iptables service with command

  service iptables stop

Now check if you can connet to your memcached server on default 127.0.0.1 and port 11211. If you can connect when iptables is stopped, then you need to allow port 11211 through iptables with either command or iptables file edit.

Start iptables service again

  service iptables start

Command for iptables to allow port 11211

  iptables -A INPUT -p tcp --dport 11211 -j ACCEPT

or edit /etc/sysconfig/iptables and add after the default port 22 line

  -A INPUT -m state --state NEW -m tcp -p tcp --dport 11211 -j ACCEPT

restart iptables

  service iptables restart


Problem: Tried upgrading MariaDB MySQL and it's still stuck on MariaDB 5.2.10 ?.

rpm -qa | grep MariaDB
MariaDB-devel-5.2.10-107.el5.x86_64
MariaDB-client-5.2.10-107.el5.x86_64
MariaDB-server-5.2.10-107.el5.x86_64
MariaDB-shared-5.2.10-107.el5.x86_64
MariaDB-test-5.2.10-107.el5.x86_64

Solution: For a bried period during Centmin Mod's early versions, I used a YUM repo for MariaDB 5.2.x installs, but it never gets updated in timely manner and latest version was MariaDB 5.2.10. So I switched back to manual install and updates via RPM binaries. If you have MariaDB 5.2.10 still showing up after trying to run menu option to upgrade MariaDB 5.2.10, please follow below suggestions

1. Edit centmin.sh file and find these 3 settings and edit it to which ever MariaDB version and build you are stuck on. In this case 5.2.10 and build 107

# Define previous MariaDB version for proper upgrade 
MDB_PREVERONLY='5.2.10'      
MDB_PREBUILD='107'
MDB_PREVERSION="${MDB_PREVERONLY}-${MDB_PREBUILD}"     # Use this version of MariaDB ${MDB_VERONLY}

2. Then run MariaDB upgrade menu option #11

--------------------------------------------------------
Centmin 1.2.2-eva2000.15 - http://centminmod.com
--------------------------------------------------------
                   Centmin Menu                   
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade
5).  PHP Upgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2 Upgrade
12). Install ioping.sh vbtechsupport.com/1239/
13). SELinux disable
14). Setup Logrotate for Nginx
15). Setup Logrotate for PHP-FPM
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Exit
--------------------------------------------------------
Enter option [ 1 - 21 ] 11
--------------------------------------------------------

3. When prompted for path to save downloads, enter /svr-setup to keep your version inline for future updates and reinstalls.

Where do you want the downloads stored ? Enter path to download directory (i.e. /usr/local/src) 
 
/svr-setup

4. After upgrade process you will be return to Centmin Mod menu, exit it and run the command to check your MariaDB MySQL server has been updated to latest version.

rpm -qa | grep MariaDB

rpm -qa | grep MariaDB
 
MariaDB-shared-5.2.12-115.el5.i386
MariaDB-test-5.2.12-115.el5.i386
MariaDB-client-5.2.12-115.el5.i386
MariaDB-server-5.2.12-115.el5.i386
MariaDB-devel-5.2.12-115.el5.i386

For Centmin Mod it's all or nothing only. However, from 1.2.3-eva2000.08+ and higher for fresh initial installs you can enable some settings in centmin.sh to disable services after they are initially installed. This allows for such services to be re-enabled later down the track if needed following the same manual steps outlined for Memcached server re-enabling. In centmin.sh set these variables to =y before initial Centmin Mod install

change from

# When set to =y, will disable those listed installed services
# by default. The service is still installed but disabled
# by default and can be re-enabled with commands:
# service servicename start; chkconfig servicename on
NSD_DISABLED=n                # when set to =y, NSD disabled by default with chkconfig off
MEMCACHED_DISABLED=n          # when set to =y,  Memcached server disabled by default via chkconfig off
PHP_DISABLED=n                # when set to =y,  PHP-FPM disabled by default with chkconfig off
MYSQLSERVICE_DISABLED=n       # when set to =y,  MariaDB MySQL service disabled by default with chkconfig off
PUREFTPD_DISABLED=n           # when set to =y, Pure-ftpd service disabled by default with chkconfig off                    
                

to

# When set to =y, will disable those listed installed services
# by default. The service is still installed but disabled
# by default and can be re-enabled with commands:
# service servicename start; chkconfig servicename on
NSD_DISABLED=y                # when set to =y, NSD disabled by default with chkconfig off
MEMCACHED_DISABLED=y          # when set to =y,  Memcached server disabled by default via chkconfig off
PHP_DISABLED=y                # when set to =y,  PHP-FPM disabled by default with chkconfig off
MYSQLSERVICE_DISABLED=y       # when set to =y,  MariaDB MySQL service disabled by default with chkconfig off
PUREFTPD_DISABLED=y           # when set to =y, Pure-ftpd service disabled by default with chkconfig off                    
                

This will stop and disable NSD, Memcached server, PHP-FPM, MariaDB MySQL and Pure-FTPD services.

Centmin Mod 1.2.3-eva2000.08+ and higher have open_basedir enabled in /usr/local/nginx/conf/php.conf include file. This file is included in each created Nginx vhost config file i.e. /usr/local/nginx/conf/conf.d/newdomain.com.conf. The relevant line is the 9th line in /usr/local/nginx/conf/php.conf

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;
    fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

This line locks you to each Nginx vhost's document web root i.e. /home/nginx/domains/newdomain.com/public.

    fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

You can disable this globally across all Nginx vhosts, by commenting out the line and restarting Nginx and PHP-FPM services.

    #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

Or you can disable it for a specific Nginx vhost domain only, leaving all other domains enabled with open_basedir protection. To disable it for a specific Nginx vhost domain only, you need to make a copy of the /usr/local/nginx/conf/php.conf include file and change the php.conf include line within that specific Nginx vhost i.e. /usr/local/nginx/conf/conf.d/newdomain.com.conf.

Make a copy of the /usr/local/nginx/conf/php.conf include file called /usr/local/nginx/conf/php_disable_openbasedir.conf.

    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_disable_openbasedir.conf

Then in your /usr/local/nginx/conf/conf.d/newdomain.com.conf, change the include line for /usr/local/nginx/conf/php.conf to /usr/local/nginx/conf/php_disable_openbasedir.conf

    #include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/php_disable_openbasedir.conf;

Then restart Nginx and PHP-FPM services

    nprestart

Owning a VPS or dedicated server means you're responsible for keeping the server up to date software wise. I suggest you sign up for pushover.net service and download appropriate pushover mobile app client to your mobile or tablet device. This will allow you to use your pushover userkey email for notifications for backups or updates i.e. [email protected]. Then setup automatic nightly YUM updates via yum-cron and also setup persistent settings that survive auto updates and as added precautiion install the Centmin Mod Addon for an anti-virus malware scanner - Linux Malware Detect (maldet) + ClamAV scanner.

The default php.ini location is at /usr/local/lib/php.ini. However, PHP upgrades via centmin.sh menu option 5 can overwrite that. So it's best to set aside your php.ini level customisations in a separate *.ini file. Centmin Mod by default has a custom file at /etc/centminmod/php.d/a_customphp.ini which has some tweaks to PHP settings already added by default. You can add custom settings to /etc/centminmod/php.d/a_customphp.ini however, they can be also overwritten if future Centmin Mod updates adjust or add tweaks which are automated on PHP-FPM upgrades. So you can instead create a second custom file with naming convention alphabetically below that of /etc/centminmod/php.d/a_customphp.ini i.e. /etc/centminmod/php.d/b_customphp.ini.

Default /etc/centminmod/php.d/a_customphp.ini contents. Note ;always_populate_raw_post_data=-1 is auto uncommented (remove semi-colon ;) when PHP 5.6+ is detected only.

date.timezone = UTC
max_execution_time = 60
short_open_tag = On
realpath_cache_size = 1024k
realpath_cache_ttl = 14400
upload_max_filesize = 40M
memory_limit = 160M
post_max_size = 40M
expose_php = Off
mail.add_x_header = Off
max_input_nesting_level = 128
max_input_vars = 2000
mysqlnd.net_cmd_buffer_size = 16384
;always_populate_raw_post_data=-1

You can add your own custom settings to a newly created file at /etc/centminmod/php.d/b_customphp.ini i.e. double default max_execution_time from 60 to 120. PHP-FPM will process those in a specific alpha-numeric order where later ini files override the former.

max_execution_time = 120

Then restart PHP-FPM service via either command shortcut or full service restart command

fpmrestart

or

service php-fpm restart

Confirming changes are in effect by looking at phpinfo file. Centmin Mod sets this up on main hostname with randomised prefix unqiue to each Centmin Mod install. You can rename this file, delete it or password protect or IP address restrict it if you want. In below example, the install created phpinfo file at /usr/local/nginx/html/417911c9_phpi.php which would be accesible online via yourmainhostname.com/417911c9_phpi.php or localhost/417911c9_phpi.php.

ls -lah /usr/local/nginx/html | grep phpi                          
-rw-r--r-- 1 nginx nginx   20 Jul 28 11:31 417911c9_phpi.php

You don't need to move out of SSH session to do a simple check - use lynx command grep can confirm the changes.

before

lynx -dump localhost/417911c9_phpi.php | grep max_execution_time    
   max_execution_time 60 60

after

lynx -dump localhost/417911c9_phpi.php | grep max_execution_time    
   max_execution_time 120 120

Typing the command php --ini, will output the list of *.ini files PHP-FPM has detected and the order in which they are processed.

php --ini

default before custom /etc/centminmod/php.d/b_customphp.ini file added

php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File:         /usr/local/lib/php.ini
Scan for additional .ini files in: /etc/centminmod/php.d
Additional .ini files parsed:      /etc/centminmod/php.d/a_customphp.ini,
/etc/centminmod/php.d/curlcainfo.ini,
/etc/centminmod/php.d/geoip.ini,
/etc/centminmod/php.d/igbinary.ini,
/etc/centminmod/php.d/imagick.ini,
/etc/centminmod/php.d/memcache.ini,
/etc/centminmod/php.d/memcached.ini,
/etc/centminmod/php.d/mongodb.ini,
/etc/centminmod/php.d/redis.ini,
/etc/centminmod/php.d/zendopcache.ini

after custom /etc/centminmod/php.d/b_customphp.ini file added and PHP-FPM service restarted

php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File:         /usr/local/lib/php.ini
Scan for additional .ini files in: /etc/centminmod/php.d
Additional .ini files parsed:      /etc/centminmod/php.d/a_customphp.ini,
/etc/centminmod/php.d/b_customphp.ini,
/etc/centminmod/php.d/curlcainfo.ini,
/etc/centminmod/php.d/geoip.ini,
/etc/centminmod/php.d/igbinary.ini,
/etc/centminmod/php.d/imagick.ini,
/etc/centminmod/php.d/memcache.ini,
/etc/centminmod/php.d/memcached.ini,
/etc/centminmod/php.d/mongodb.ini,
/etc/centminmod/php.d/redis.ini,
/etc/centminmod/php.d/zendopcache.ini

Nginx officially released their first Nginx HTTP/2 alpha version 1 patch on August 5, 2015 and version 2 patch on August 14, 2015. These patches are for testing and not production site usage. However, Centmin Mod 1.2.3-eva2000.09 beta01 has integrated the Nginx HTTP/2 patches into the Nginx install routine, so you will always get the latest Nginx HTTP/2 patch with each Nginx recompile via centmin.sh menu option 4. You can check out the Centmin Mod Nginx HTTP/2 benchmarks and info page for more details as well as dedicated Centmin Mod 1.2.3-eva2000.09 beta01 thread on the forums for the latest updates.

Centmin Mod compiled and installed Nginx server has additional official and third party Nginx modules added to extend Nginx server's feature set. These additional modules are outlined on official Nginx page. If you do not need these additional Nginx modules installed you can disable them. To do this you can either directory edit centmin.sh Nginx module's corresponding variable. But these edits can be overidden on Centmin Mod code updates. To allow such changes to persist, you can setup a persistent configuration file as outlined here. Create a persistent config file at /etc/centminmod/custom_config.inc and add the corresponding centmin.sh variables to the file. Then recompile Nginx via centmin.sh menu option 4.

Recommended modules you can disable for a minimal Nginx install for Centmin Mod 1.2.3-eva2000.08 stable would be:

NGINX_STREAM=n               # http://nginx.org/en/docs/stream/ngx_stream_core_module.html
NGINX_RTMP=n                 # Nginx RTMP Module support https://github.com/arut/nginx-rtmp-module
NGINX_FLV=n                  # http://nginx.org/en/docs/http/ngx_http_flv_module.html
NGINX_MP4=n                  # Nginx MP4 Module http://nginx.org/en/docs/http/ngx_http_mp4_module.html
NGINX_AUTHREQ=n              # http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
NGINX_SECURELINK=n           # http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
NGINX_FANCYINDEX=n           # http://wiki.nginx.org/NgxFancyIndex
NGINX_VHOSTSTATS=n           # https://github.com/vozlt/nginx-module-vts
NGINX_PAGESPEED=n            # Install ngx_pagespeed
NGINX_PASSENGER='n'          # Install Phusion Passenger requires installing addons/passenger.sh before hand
NGINX_WEBDAV=n               # Nginx WebDAV and nginx-dav-ext-module
NGINX_UPSTREAMCHECK='n'      # nginx upstream check https://github.com/yaoweibin/nginx_upstream_check_module
NGINX_OPENRESTY='n'            # Agentzh's openresty Nginx modules
LUAJIT_GITINSTALL='n'        # opt to install luajit 2.1 from dev branch http://repo.or.cz/w/luajit-2.0.git/shortlog/refs/heads/v2.1
ORESTY_LUANGINX='n'             # enable or disable or ORESTY_LUA* nginx modules below 

Recommended modules you can disable for a minimal Nginx install for Centmin Mod 1.2.3-eva2000.09 beta would be (.09 betas have additional Nginx module variables to fine tune what is installed):

NGINX_STREAM='n'               # http://nginx.org/en/docs/stream/ngx_stream_core_module.html
NGINX_STREAMGEOIP='n'          # nginx 1.11.3+ option http://hg.nginx.org/nginx/rev/558db057adaa
NGINX_STREAMREALIP='n'         # nginx 1.11.4+ option http://hg.nginx.org/nginx/rev/9cac11efb205
NGINX_STREAMSSLPREREAD='n'     # nginx 1.11.5+ option https://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html
NGINX_RTMP='n'                 # Nginx RTMP Module support https://github.com/arut/nginx-rtmp-module
NGINX_FLV='n'                  # http://nginx.org/en/docs/http/ngx_http_flv_module.html
NGINX_MP4='n'                  # Nginx MP4 Module http://nginx.org/en/docs/http/ngx_http_mp4_module.html
NGINX_AUTHREQ='n'              # http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
NGINX_SECURELINK='n'           # http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
NGINX_FANCYINDEX='n'           # http://wiki.nginx.org/NgxFancyIndex
NGINX_VHOSTSTATS='n'           # https://github.com/vozlt/nginx-module-vts
NGINX_PAGESPEED='n'            # Install ngx_pagespeed
NGINX_PASSENGER='n'            # Install Phusion Passenger requires installing addons/passenger.sh before hand
NGINX_WEBDAV='n'               # Nginx WebDAV and nginx-dav-ext-module
NGINX_UPSTREAMCHECK='n'        # nginx upstream check https://github.com/yaoweibin/nginx_upstream_check_module
NGINX_OPENRESTY='n'            # Agentzh's openresty Nginx modules
LUAJIT_GITINSTALL='n'          # opt to install luajit 2.1 from dev branch http://repo.or.cz/w/luajit-2.0.git/shortlog/refs/heads/v2.1
ORESTY_LUANGINX='n'            # enable or disable or ORESTY_LUA* nginx modules below

NGINX_STUBSTATUS=y             # http://nginx.org/en/docs/http/ngx_http_stub_status_module.html required for nginx statistics
NGINX_SUB='n'                  # http://nginx.org/en/docs/http/ngx_http_sub_module.html
NGINX_ADDITION='n'             # http://nginx.org/en/docs/http/ngx_http_addition_module.html
NGINX_IMAGEFILTER='n'          # http://nginx.org/en/docs/http/ngx_http_image_filter_module.html
NGINX_CACHEPURGE='y'           # https://github.com/FRiCKLE/ngx_cache_purge/
NGINX_ACCESSKEY='n'            #
NGINX_HTTPCONCAT='n'           # https://github.com/alibaba/nginx-http-concat
NGINX_THREADS='y'              # https://www.nginx.com/blog/thread-pools-boost-performance-9x/
ORESTY_HEADERSMORE='y'         # openresty headers more https://github.com/openresty/headers-more-nginx-module

After Nginx recompile, the end result for Nginx configuration would look more like

nginx -V
nginx version: nginx/1.9.5
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.3
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_http_redis-0.3.7 --add-module=../headers-more-nginx-module-0.261 --with-openssl=../libressl-2.2.3 --with-libatomic --with-threads --with-pcre=../pcre-8.37 --with-pcre-jit

as opposed to the default with additional Nginx modules added by default

nginx version: nginx/1.9.5
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.2.3
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_secure_link_module --with-http_realip_module --with-http_geoip_module --with-openssl-opt=enable-tlsext --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.3 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --add-module=../openresty-memc-nginx-module-4f6f78f --add-module=../openresty-srcache-nginx-module-ffa9ab7 --add-module=../ngx_devel_kit-0.2.19 --add-module=../set-misc-nginx-module-0.29 --add-module=../echo-nginx-module-0.58 --add-module=../redis2-nginx-module-0.12 --add-module=../ngx_http_redis-0.3.7 --add-module=../lua-nginx-module-0.9.16 --add-module=../lua-upstream-nginx-module-0.03 --add-module=../lua-upstream-cache-nginx-module-0.1.1 --add-module=../nginx_upstream_check_module-0.3.0 --add-module=../nginx-module-vts --add-module=../headers-more-nginx-module-0.261 --with-openssl=../libressl-2.2.3 --with-libatomic --with-threads --with-stream --with-stream_ssl_module --with-pcre=../pcre-8.37 --with-pcre-jit --add-module=../ngx_pagespeed-release-1.9.32.6-beta

Centmin Mod LEMP stack comes with various third party YUM repositories of which one is REMI YUM repo. This repo has the latest Redis Server version available for install via YUM command. You can read up on how to install Redis server on the official forum thread located here.

Most CDN providers are setup as pull orgin based and would require some changes at your web application level to use the CDN provided urls or your custom CNAME based CDN url i.e. cdn.domain.com. You can utilise Centmin Mod Nginx installed and enabled ngx_http_sub_module compiled with --with-http_sub_module to Nginx level find and replacement of specific CDN served content. So you do not need to change your web application itself. Example below is for Wordpress upload folder changing domain from domain.com to cdn.domain.com in web root in your nginx vhost file at /usr/local/nginx/conf/conf.d/domain.com.conf and if SSL eanabled at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf.

Replacing source code specific url instances in location context other than root /

location ~ /directory {
    sub_filter '<a href="http://domain.com/wp-content/uploads/'  '<a href="http://cdn.domain.com/wp-content/uploads/';
    sub_filter '<img src="http://domain.com/wp-content/uploads/' '<img src="http://cdn.domain.com/wp-content/uploads/';
    sub_filter_last_modified on;
    sub_filter_once off;
}

Or more general find and replace subsitution in location context other than root /

location ~ /directory {
    sub_filter 'http://domain.com/wp-content/uploads/'  'http://cdn.domain.com/wp-content/uploads/';
    sub_filter_last_modified on;
    sub_filter_once off;
}

Or server{} context find and replace subsitution if location context is root /, it seems you can't have it in root / and needs to be on it's own in server{} context

server {
    sub_filter http://domain.com/wp-content/uploads/  http://cdn.domain.com/wp-content/uploads/;
    sub_filter_last_modified on;
    sub_filter_once off;
}

restart Nginx afterwards

service nginx restart

or

ngxrestart

If you server has IPv6 enabled, then you need to compile Centmin Mod Nginx with IPv6 support if you use Centmin Mod 123.08stable and lower, to enable Nginx with IPv6 support, set in variable NGINX_IPV='y' via persistent config setting. So create file /etc/centminmod/custom_config.inc and add to it and then recompile Nginx via centmin.sh menu option 4. However, if you are using Centmin Mod 123.09beta01 or newer, then you do not need to do this recompile step as Nginx 1.11.5+ versions have enabled IPv6 support natively:

NGINX_IPV='y'

Then you need to update your domains' DNS and also add a AAAA DNS record pointing to your IPv6 address i.e. 2604:180:1::fd2c:e4xx. Then you can test if it resolves via SSH command below:

host -t AAAA yourdomain.com
yourdomain.com has IPv6 address 2604:180:1::fd2c:e4xx

Also use ping6 command

ping6 -c4 yourdomain.com

Or you can do IPv6 testing at ip6.nl

Then you need to change every Nginx vhost domain's /usr/local/nginx/conf/conf.d/youdomain.com.conf or /usr/local/nginx/conf/conf.d/youdomain.com.ssl.conf file's listen directive within the server{} context. Note from Nginx 1.3.4 and above, ipv6only listen directive option is no longer needed as it defaults to ipv6only=on in newer Nginx versions.

from

server {
    listen 80;

to

server {
    listen 80;
    listen [::]:80;

for SSL and listening on all IPv6 addresses, you would use

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

or if you want to assign a specific IPv6 address to a particular Nginx vhost you would pick one IPv6 address that your web host provided (i.e. 2604:180:1::fd2c:e4xx) and use it like this. Note for Nginx versions less than 1.3.4, you should only set the ipv6only directive once per listen port number regardless of the number of Nginx vhost sites you have [example]. However, Nginx versions 1.3.4 and higher no longer need the ipv6only listen directive option.

server {
listen 80;
listen [2604:180:1::fd2c:e4xx]:80;

for SSL and a specific IPv6 address (i.e. 2604:180:1::fd2c:e4xx) you would use

server {
  listen 443 ssl http2;
  listen [2604:180:1::fd2c:e4xx]:443 ssl http2;

To find all Nginx vhost config files with listen 80 or listen 443 needing replacement, you can use these grep commands in SSH

grep -R ' 80;' /usr/local/nginx/conf/*
grep -R ' 443;' /usr/local/nginx/conf/*

example for listen 80 grepped output

/usr/local/nginx/conf/conf.d/virtual.conf:#         listen   80;
/usr/local/nginx/conf/conf.d/mydomain.com.conf:#            listen   80;
/usr/local/nginx/conf/conf.d/demodomain.com.conf:            listen   80;
/usr/local/nginx/conf/conf.d/demodomain.com.conf:            listen   80;
/usr/local/nginx/conf/nginx.conf.default:        listen       80;

Then restart Nginx and PHP-FPM

nprestart

To reset MySQL root password you can follow official MySQL documented instructions.

Step 1. Properly stop MySQL server. I usually stop Nginx too unless you want all visitors to your site(s) to see MySQL connection error as opposed to site down message - the later is better.

Stop Nginx and wait 30 seconds gives any existing MySQL activity time to complete before shutting down MySQL server

ngxstop && sleep 30

Then stop MySQL server

mysqlstop

Step 2. Restart MySQL server manually with --skip-grant-tables option and --skip-networking

mysqld_safe --skip-grant-tables --skip-networking &

hit enter to return to prompt for next step

Step 3. Set the new MySQL root user password using command - changing NEWROOTPASS to your actual new MySQL root user password:

mysql -e "UPDATE mysql.user SET Password=PASSWORD('NEWROOTPASS') WHERE User='root'; FLUSH PRIVILEGES;" mysql

Step 4. Stop MySQL server and restart it again along with Nginx start

mysqlrestart
ngxstart

Step 5. Then update /root/.my.cnf with your new MySQL root user's password

[client]
user=root
password=NEWROOTPASS

The minimum system requirements are 256MB memory (128MB with variable tweak) for CentOS 6.x and 1GB memory for CentOS 7.x and 20GB disk space for OpenVZ VPS virtualization & 30GB for KVM and Xen virtualisation. Recommended memory & disk requirements are double the mininum for CentOS 6/7 respectively at CentOS 6.x 512MB memory and CentOS 7.x 64bit at 2GB memory and disk space of 40GB for OpenVZ and 60GB for KVM/Xen virtualisation. However, it's possible to install Centmin Mod LEMP stack on a minimum 128MB low memory VPS (and at least 64MB swap file). You would only want to do this with CentOS 6.x 32bit OS as 64bit have higher memory requirements.

So with CentOS 6.x 32bit OS, there's a minor Centmin Mod tweak needed prior to actual install of Centmin Mod. Prior to actual Centmin Mod install (via centmin.sh menu option #1), find and edit inc/memcheck.inc and find ISLOWMEM variable and change it's value from 262144 KB to 131072 KB. Then run centmin.sh and select menu option #1. It is still recommended for best performance to have a minimum 256MB of memory, but at least with this updated change you can suffice with a 128MB Low End Box VPS.

If you don't use PHP, MySQL, Memcached server or Pure-FTPD server on the 128MB VPS server you can disable those services with these 4 commands:

service php-fpm stop
service mysql stop
service memcached stop
service pure-ftpd stop
chkconfig memcached off
chkconfig php-fpm off
chkconfig mysql off
chkconfig pure-ftpd off

To renable them:

service php-fpm start
service mysql start
service memcached start
service pure-ftpd start
chkconfig memcached on
chkconfig php-fpm on
chkconfig mysql on
chkconfig pure-ftpd on

Example CentOS 6.7 32bit 128MB OpenVZ VPS with 64MB swap with Centmin Mod LEMP stack installed for static file serving with mysql, memcached, pure-ftpd stopped:

free -m
             total       used       free     shared    buffers     cached
Mem:           128         26        101         59          0         18
-/+ buffers/cache:          8        119 
Swap:           64         38         25

PHP-FPM is source compiled with the most commonly used PHP extension modules already installed out of the box by default. You can use the following commands in SSH session as root user to check.

Check PHP version

php -v

php -v
PHP 5.6.17 (cli) (built: Jan 11 2016 03:25:15) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies

Check where the custom source compiled PHP extension's respective *.ini settings files are:

php --ini

php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File:         /usr/local/lib/php.ini
Scan for additional .ini files in: /etc/centminmod/php.d
Additional .ini files parsed:      /etc/centminmod/php.d/a_customphp.ini,
/etc/centminmod/php.d/curlcainfo.ini,
/etc/centminmod/php.d/geoip.ini,
/etc/centminmod/php.d/igbinary.ini,
/etc/centminmod/php.d/imagick.ini,
/etc/centminmod/php.d/mailparse.ini,
/etc/centminmod/php.d/memcache.ini,
/etc/centminmod/php.d/memcached.ini,
/etc/centminmod/php.d/mongodb.ini,
/etc/centminmod/php.d/redis.ini,
/etc/centminmod/php.d/zendopcache.ini

Check which PHP extension modules are currently installed and loaded by PHP:

php -m

php -m
[PHP Modules]
bcmath
bz2
calendar
Core
ctype
curl
date
dom
enchant
ereg
exif
filter
ftp
gd
geoip
gettext
gmp
hash
iconv
igbinary
imagick
imap
intl
json
libxml
mailparse
mbstring
mcrypt
memcache
memcached
mhash
mongodb
mysql
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
pspell
readline
redis
Reflection
session
shmop
SimpleXML
snmp
soap
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tidy
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

Check specific details of a particular PHP extension. For example to check Redis PHP extension - where name you check for is the name listed in the above php -m output:

php --ri redis

php --ri redis

redis

Redis Support => enabled
Redis Version => 2.2.7

Check PHP configuration options:

php-config

php-config
Usage: /usr/local/bin/php-config [OPTION]
Options:
  --prefix            [/usr/local]
  --includes          [-I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib]
  --ldflags           []
  --libs              [-lcrypt  -lc-client  -lz -lexslt -ltidy -lcrypt -ledit -lncurses -laspell -lpspell -lrt -lmcrypt -lltdl -lstdc++ -lcrypt -lpam -lgmp -lt1 -lX11 -lXpm -lpng -lz -ljpeg -lvpx -lenchant -lcurl -lbz2 -lz -lrt -lm -ldl -lnsl  -lrt -lxml2 -lz -lm -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lcurl -lxml2 -lz -lm -lssl -lcrypto -lfreetype -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -licui18n -licuuc -licudata -lm -licuio -lxml2 -lz -lm -lnetsnmp -lxml2 -lz -lm -lcrypt -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lxml2 -lz -lm -lxslt -lxml2 -lz -lm -lssl -lcrypto -lcrypt ]
  --extension-dir     [/usr/local/lib/php/extensions/no-debug-non-zts-20131226]
  --include-dir       [/usr/local/include/php]
  --man-dir           [/usr/local/php/man]
  --php-binary        [/usr/local/bin/php]
  --php-sapis         [ cli fpm cgi]
  --configure-options [--enable-fpm --enable-intl --enable-pcntl --with-mcrypt --with-snmp --with-mhash --with-zlib --with-gettext --enable-exif --enable-zip --with-bz2 --enable-soap --enable-sockets --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-shmop --with-pear --enable-mbstring --with-openssl --with-mysql=mysqlnd --with-libdir=lib64 --with-mysqli=mysqlnd --with-mysql-sock=/var/lib/mysql/mysql.sock --with-curl --with-gd --with-xmlrpc --enable-bcmath --enable-calendar --enable-ftp --enable-gd-native-ttf --with-freetype-dir=/usr --with-jpeg-dir=/usr --with-png-dir=/usr --with-xpm-dir=/usr --with-vpx-dir=/usr --with-t1lib=/usr --enable-pdo --with-pdo-sqlite --with-pdo-mysql=mysqlnd --enable-inline-optimization --with-imap --with-imap-ssl --with-kerberos --with-readline --with-libedit --with-gmp --with-pspell --with-tidy --with-enchant --with-fpm-user=nginx --with-fpm-group=nginx --disable-fileinfo --with-config-file-scan-dir=/etc/centminmod/php.d --with-xsl CC=/usr/bin/gcc CFLAGS=-O3 -m64 -mtune=native CXX=/usr/bin/g++ CXXFLAGS=-O3 -m64 -mtune=native]
  --version           [5.6.17]
  --vernum            [50617]

If you only need to temporarily disable some of the source compiled PHP extensions, just move their individual *.ini settings files out of php config scan directory at /etc/centminmod/php.d.

Check which source compiled PHP extensions are loaded via their individual *.ini settings files in the php config scan directory at /etc/centminmod/php.d using this command in SSH.

php --ini

Sample output:

php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File:         /usr/local/lib/php.ini
Scan for additional .ini files in: /etc/centminmod/php.d
Additional .ini files parsed:      /etc/centminmod/php.d/a_customphp.ini,
/etc/centminmod/php.d/curlcainfo.ini,
/etc/centminmod/php.d/geoip.ini,
/etc/centminmod/php.d/igbinary.ini,
/etc/centminmod/php.d/imagick.ini,
/etc/centminmod/php.d/mailparse.ini,
/etc/centminmod/php.d/memcache.ini,
/etc/centminmod/php.d/memcached.ini,
/etc/centminmod/php.d/mongodb.ini,
/etc/centminmod/php.d/redis.ini,
/etc/centminmod/php.d/zendopcache.ini

Move all the *.ini files out of the php config scan directory except a_customphp.ini and curlcainfo.ini

ls -lah /etc/centminmod/php.d | egrep -v 'a_customphp|curlcainfo'
total 68K
drwxr-xr-x. 2 root root 4.0K Jan  7 05:35 .
drwxr-xr-x. 3 root root   18 Dec 29 12:10 ..
-rw-r--r--. 1 root root   59 Dec 29 12:34 geoip.ini
-rw-r--r--. 1 root root  253 Dec 29 12:34 igbinary.ini
-rw-r--r--. 1 root root   21 Dec 29 12:34 imagick.ini
-rw-r--r--. 1 root root   23 Jan  3 19:40 mailparse.ini
-rw-r--r--. 1 root root  334 Dec 29 12:34 memcached.ini
-rw-r--r--. 1 root root   78 Dec 29 12:34 memcache.ini
-rw-r--r--. 1 root root   21 Dec 29 12:34 mongodb.ini
-rw-r--r--. 1 root root   19 Dec 29 12:34 redis.ini
-rw-r--r--. 1 root root  695 Jan  7 05:35 zendopcache.ini

You can create a directory at /etc/centminmod/php.d-disabled and move them to there and restart php-fpm to unload them from php

mkdir -p /etc/centminmod/php.d-disabled
cd /etc/centminmod/php.d
mv geoip.ini igbinary.ini imagick.ini mailparse.ini memcached.ini memcache.ini mongodb.ini redis.ini zendopcache.ini /etc/centminmod/php.d-disabled
fpmrestart

Then when you want to move them back and re-enable/reload them into php just move them back.

cd /etc/centminmod/php.d-disabled
mv geoip.ini igbinary.ini imagick.ini mailparse.ini memcached.ini memcache.ini mongodb.ini redis.ini zendopcache.ini /etc/centminmod/php.d
fpmrestart

Now if you want to disable them from centmin.sh menu option 5 php upgrade/downgrades completely for Centmin Mod 123.08stable or 123.09beta01 add to or manually create the persistent config /etc/centminmod/custom_config.inc if it doesn't exist and set to =n the ones you want to disable and then run centmin.sh menu option 5 to recompile php. Note Centmin Mod 123.08stable has less options to control than 123.09beta01.

These are the defaults for Centmin Mod 123.08stable

IGBINARY_INSTALL='y'
PHPREDIS='y'
PHPMONGODB=n              # MongoDB PHP extension install
PHPFINFO=n                   # Disable or Enable PHP File Info extension
PHPPCNTL=y                   # Disable or Enable PHP Process Control extension
PHPINTL=y                    # Disable or Enable PHP intl extension
PHPRECODE=n                  # Disable or Enable PHP Recode extension
PHPSNMP=y                    # Disable or Enable PHP SNMP extension

To disable them all Centmin Mod 123.08stable, set them all to =n - add to or manually create the persistent config /etc/centminmod/custom_config.inc if it doesn't exist and then run centmin.sh menu option 5 to recompile php.

IGBINARY_INSTALL=n
PHPREDIS=n
PHPMONGODB=n              # MongoDB PHP extension install
PHPFINFO=n                   # Disable or Enable PHP File Info extension
PHPPCNTL=n                   # Disable or Enable PHP Process Control extension
PHPINTL=n                    # Disable or Enable PHP intl extension
PHPRECODE=n                  # Disable or Enable PHP Recode extension
PHPSNMP=n                    # Disable or Enable PHP SNMP extension

These are the defaults for Centmin Mod 123.09beta01

IGBINARY_INSTALL='y'
PHPREDIS='y'  
PHPMONGODB='n'              # MongoDB PHP extension install
PHP_FTPEXT='y' # ftp PHP extension
PHP_MEMCACHE='y' # memcache PHP extension
PHP_MEMCACHED='y' # memcached PHP extension
PHPGEOIP_ALWAYS=y            # GeoIP php extension is always reinstalled on php recompiles
PHPFINFO=n                   # Disable or Enable PHP File Info extension
PHPPCNTL=y                   # Disable or Enable PHP Process Control extension
PHPINTL=y                    # Disable or Enable PHP intl extension
PHPRECODE=n                  # Disable or Enable PHP Recode extension
PHPSNMP=y                    # Disable or Enable PHP SNMP extension
PHPIMAGICK=y                 # Disable or Enable PHP ImagicK extension
PHPMAILPARSE=y               # Disable or Enable PHP mailparse extension
PHP_EXTRAOPTS=" --with-xsl"

To disable them all Centmin Mod 123.09beta01, set them all to =n ( and set this variable to empty for PHP_EXTRAOPTS="") - add to or manually create the persistent config /etc/centminmod/custom_config.inc if it doesn't exist and then run centmin.sh menu option 5 to recompile php.

IGBINARY_INSTALL=n
PHPREDIS=n
PHPMONGODB=n              # MongoDB PHP extension install
PHP_FTPEXT=n # ftp PHP extension
PHP_MEMCACHE=n # memcache PHP extension
PHP_MEMCACHED=n # memcached PHP extension
PHPGEOIP_ALWAYS=n            # GeoIP php extension is always reinstalled on php recompiles
PHPFINFO=n                   # Disable or Enable PHP File Info extension
PHPPCNTL=n                   # Disable or Enable PHP Process Control extension
PHPINTL=n                    # Disable or Enable PHP intl extension
PHPRECODE=n                  # Disable or Enable PHP Recode extension
PHPSNMP=n                    # Disable or Enable PHP SNMP extension
PHPIMAGICK=n                 # Disable or Enable PHP ImagicK extension
PHPMAILPARSE=n               # Disable or Enable PHP mailparse extension
PHP_EXTRAOPTS=""

Only Centmin Mod 123.09beta01 and higher stable/betas have added Nginx dynamic module support which was introduced in Nginx 1.9.11 and is supported and tested in Centmin Mod default installed Nginx 1.11.1+ and higher versions. Nginx dynamic modules as opposed to statically compiled Nginx modules tend to use less memory and offer more flexible control over enabling or disabling a module. In future Nginx modules could offer modules which you can drop into the dynamic module directory just to enable a particular Nginx module. Until that time, you still will need to source compile dynamic module flags to get such support as with Centmin Mod 123.09beta01+ and higher versions out of the box do already.

To enable Nginx dynamic modules, you need to enable variable switches for them by placing them in persistent config file you create or append to existing file at /etc/centminmod/custom_config.inc and then recompile Nginx via centmin.sh menu option 4. This will override the default variables contained within centmin.sh. The list below are the currently supported Nginx dynamic module variables you can enable or disable.

The default values are:

# Nginx Dynamic Module Switches
NGXDYNAMIC_NJS='n'
NGXDYNAMIC_XSLT='n'
NGXDYNAMIC_PERL='n'
NGXDYNAMIC_IMAGEFILTER='y'
NGXDYNAMIC_GEOIP='n'
NGXDYNAMIC_STREAM='y'
NGXDYNAMIC_STREAMGEOIP='n'  # nginx 1.11.3+ option http://hg.nginx.org/nginx/rev/558db057adaa
NGXDYNAMIC_STREAMREALIP='n' # nginx 1.11.4+ option http://hg.nginx.org/nginx/rev/9cac11efb205
NGXDYNAMIC_HEADERSMORE='n'
NGXDYNAMIC_SETMISC='n'
NGXDYNAMIC_ECHO='n'
NGXDYNAMIC_LUA='n'          # leave disabled due to bug https://github.com/openresty/lua-nginx-module/issues/715
NGXDYNAMIC_SRCCACHE='n'
NGXDYNAMIC_DEVELKIT='n'     # leave disabled as it requires lua nginx module as dynamic but it has a bug in lua nginx
NGXDYNAMIC_MEMC='n'
NGXDYNAMIC_REDISTWO='n'
NGXDYNAMIC_NGXPAGESPEED='n'
NGXDYNAMIC_BROTLI='y'
NGXDYNAMIC_FANCYINDEX='y'
NGXDYNAMIC_HIDELENGTH='y'

You can enable them with 'y' values:

# Nginx Dynamic Module Switches
NGXDYNAMIC_NJS='n'
NGXDYNAMIC_XSLT='y'
NGXDYNAMIC_PERL='n'
NGXDYNAMIC_IMAGEFILTER='y'
NGXDYNAMIC_GEOIP='n'
NGXDYNAMIC_STREAM='y'
NGXDYNAMIC_STREAMGEOIP='y'  # nginx 1.11.3+ option http://hg.nginx.org/nginx/rev/558db057adaa
NGXDYNAMIC_STREAMREALIP='y' # nginx 1.11.4+ option http://hg.nginx.org/nginx/rev/9cac11efb205
NGXDYNAMIC_HEADERSMORE='y'
NGXDYNAMIC_SETMISC='y'
NGXDYNAMIC_ECHO='y'
NGXDYNAMIC_LUA='n'          # leave disabled due to bug https://github.com/openresty/lua-nginx-module/issues/715
NGXDYNAMIC_SRCCACHE='y'
NGXDYNAMIC_DEVELKIT='n'     # leave disabled as it requires lua nginx module as dynamic but it has a bug in lua nginx
NGXDYNAMIC_MEMC='y'
NGXDYNAMIC_REDISTWO='y'
NGXDYNAMIC_NGXPAGESPEED='y'
NGXDYNAMIC_BROTLI='y'
NGXDYNAMIC_FANCYINDEX='y'
NGXDYNAMIC_HIDELENGTH='y'

NGINX_LIBBROTLI=y
NGINX_PAGESPEED=y

The last two variables NGINX_LIBBROTLI and NGINX_PAGESPEED are Nginx module variables needed to be enabled before you can enable ngx_brotli and ngx_pagespeed as Nginx dynamic modules.

With Nginx dynamic modules that are compiled, you can then dynamically enable or disable the nginx module simply be commenting (adding hash # in front) or uncommenting (removing hash # in front) the Nginx dynamic module's load_module line entry within Nginx include file at /usr/local/nginx/conf/dynamic-modules.conf and then restarting Nginx service to take effect.

Example /usr/local/nginx/conf/dynamic-modules.conf contents:

load_module "modules/ngx_http_brotli_filter_module.so";
load_module "modules/ngx_http_brotli_static_module.so";
load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_headers_more_filter_module.so";
load_module "modules/ngx_http_memc_module.so";
load_module "modules/ngx_http_srcache_filter_module.so";
load_module "modules/ngx_http_set_misc_module.so";
load_module "modules/ngx_http_echo_module.so";
load_module "modules/ngx_http_redis2_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_pagespeed.so";
load_module "modules/ngx_stream_module.so";

Actual compiled Nginx dynamic module files are located at /usr/local/nginx/modules:

ls -lAhrt /usr/local/nginx/modules
total 22M
-rwxr-xr-x 1 root root 143K Jun 18 19:02 ngx_http_image_filter_module.so
-rwxr-xr-x 1 root root 106K Jun 18 19:02 ngx_http_brotli_static_module.so
-rwxr-xr-x 1 root root 208K Jun 18 19:02 ngx_http_brotli_filter_module.so
-rwxr-xr-x 1 root root  17M Jun 18 19:02 ngx_pagespeed.so
-rwxr-xr-x 1 root root 149K Jun 18 19:02 ngx_http_fancyindex_module.so
-rwxr-xr-x 1 root root 751K Jun 18 19:02 ngx_http_set_misc_module.so
-rwxr-xr-x 1 root root 657K Jun 18 19:02 ngx_http_echo_module.so
-rwxr-xr-x 1 root root 279K Jun 18 19:02 ngx_http_redis2_module.so
-rwxr-xr-x 1 root root 396K Jun 18 19:02 ngx_http_memc_module.so
-rwxr-xr-x 1 root root 395K Jun 18 19:02 ngx_http_srcache_filter_module.so
-rwxr-xr-x 1 root root 280K Jun 18 19:02 ngx_http_headers_more_filter_module.so
-rwxr-xr-x 1 root root 555K Jun 18 19:02 ngx_stream_module.so

End result is Nginx compiled with the following Nginx static + dynamic modules:

nginx -V
nginx version: nginx/1.11.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) 
built with LibreSSL 2.3.6
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --with-openssl-opt=enable-tlsext --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../ngx_pagespeed-release-1.11.33.2-beta --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.30 --add-dynamic-module=../echo-nginx-module-0.59 --add-dynamic-module=../redis2-nginx-module-0.13 --add-module=../ngx_http_redis-0.3.7 --add-module=../lua-nginx-module-0.10.5 --add-dynamic-module=../memc-nginx-module-0.17 --add-dynamic-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.30 --with-pcre=../pcre-8.38 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.3.6

If you have multiple desktop, laptop and mobile devices on your local LAN which share the same ISP IP address with simultaneous connections and/or if you are using FTP client which is set to a massive amount of simultaneous connections and try to connect them to Centmin Mod LEMP stack server via Pure-FTPD virtual ftp user, you may trigger CSF Firewall to block that ISP IP address. This is due to the default security setting in CSF Firewall config file at /etc/csf/csf.conf related to LF_DISTFTP which is set to a value of 1. You can raise that value and restart CSF Firewall service via SSH command csf -r.

Distributed FTP Logins. This option will keep track of successful FTP logins. If the number of successful logins to an individual account is at least LF_DISTFTP in LF_DIST_INTERVAL from at least LF_DISTFTP_UNIQ IP addresses, then all of the IP addresses will be blocked This option can help mitigate the common FTP account compromise attacks that use a distributed network of zombies to deface websites. A sensible setting for this might be 5, depending on how many different IP addresses you expect to an individual FTP account within LF_DIST_INTERVAL To disable set to "0"

As such it's advisable that in your FTP client application, you set more appropriate max simultaenous and concurrent user connections and transfer limits and don't go overboard or raise the Pure-FTPD default MaxClients and MaxClientsPerIP limits if you need to. Example, below for default Filezilla settings:

filezilla

Pure-FTPD defaults to a maximum of 500 simultaneous user connections with max 200 simultaneous connections from same IP address in pure-ftpd.conf config file at /etc/pure-ftpd/pure-ftpd.conf.

grep -C3 MaxClients /etc/pure-ftpd/pure-ftpd.conf
# Maximum number of simultaneous users
MaxClientsNumber            500
--
# Maximum number of sim clients with the same IP address
MaxClientsPerIP             200

You can count how many connections are being made from the same IP address using this command in a separate SSH window while you're actively connected and using FTP via Pure-FTPD user login details.

netstat -plantu | grep YOURISP_IPADDRESS | wc -l

CSF Firewall is essential to securing your Centmin Mod LEMP stack server. However, at times maybe due to misconfiguration or situations outside of your control, you may block legit visitors. There are a few legit cases for this to happen:

  • The user shares an IP address with a distributed/brute force attacker i.e. sshd brute force attacks on your server will automatically be blocked via CSF Firewall for better security.
  • You enabled CSF Firewall block list at /etc/csf/csf.blocklists which can automatically communicate with known spam, abuse etc lists like SPAMHAUS, ProjectHoney Pot, Maxmind anonymous proxies list, Stopforumspam, and Dshield. So when a visitor with an IP listed in any of these known spam blacklists visits the server, CSF Firewall would block them. The CSF block lists are disabeld by default unless you enable them in /etc/csf/csf.blocklists.

If you run into this problem, double check the visitor's IP address is not listed in those ban lists or disable the /etc/csf/csf.blocklists if you enabled them and restart CSF Firewall service to confirm if it's the culprit. You can check IP addresses via web sites listed in /etc/csf/csf.blocklists.

You can also temporarily enable CSF Fireall's WATCH_MODE via the config file at /etc/csf/csf.conf for watching IP addresses and logging the IP via /var/log/messages. You can read up on watching IP addresses via CSF Firewall via the readme.txt documentation section 19 titled 'Watching IP Addresses' here or below.

19. Watching IP Addresses
#########################

The CLI option csf --watch [ip] (csf -w [ip]) and configuration option
WATCH_MODE logs TCP connection initiation (SYN) packets from a specified source
as they traverse the iptables chains.

This can be extremely useful in tracking where that IP address is being DROPed
or ACCEPTed by iptables.

WATCH_MODE should be used when watching IP addresses, although the csf -w [ip]
option will still work without it but won't necessarily provide conclusive
information on the final destination of the packet.

WATCH_MODE is disabled by default and should be left as such unless actively
watching an IP address as it will add an overhead to all accepted iptables
traffic and increase overall iptables kernel logging through syslog.

WATCH_MODE disables: DROP_NOLOG, PS_INTERVAL, DROP_ONLYRES
WATCH_MODE enabled: DROP_LOGGING, DROP_IP_LOGGING, DROP_PF_LOGGING
WATCH_MODE also logs iptables ACCEPT for watched IP addresses

You should only watch a very small number of IP addresses at a time and for a
very short period of time, otherwise the kernel log (usually /var/log/messages)
will become flooded with entries. Also, any IP address rules added during the
time of the watch will not necessarily be included in the logging rules for the
watched IP addresses.

IP address watches do not survive a csf (iptables) restart.

You can use either an IP address or a CIDR address for csf -w [ip].

Recommended method to use this function:

1. Enable WATCH_MODE

2. Restart csf

3. Restart lfd

4. Use the following to watch an IP:

csf -w 11.22.33.44

5. Watch the kernel iptables log for hits from the watched IP address

Once you have finished watching an IP address you should:

1. Disable WATCH_MODE

2. Restart csf (which will also remove the watched ip rules)

3. Restart lfd

The kernel iptables log lines for watching an IP (usually in /var/log/messages)
contain the direction of the packet in the chain and the chain name, e.g.
I:INPUT is Incoming to the chain INPUT, O:LOCALINPUT is Outgoing from chain
LOCALINPUT.

The following is a trimmed down example log watch of 192.168.254.4 connecting
to port 22:

Firewall: I:INPUT SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: I:LOCALINPUT SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: I:GDENYIN SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: O:GDENYIN SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: I:DSHIELD SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: O:DSHIELD SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: I:SPAMHAUS SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: O:SPAMHAUS SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: O:LOCALINPUT SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: I:INVALID SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: O:INVALID SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22
Firewall: I:LOGACCEPT SRC=192.168.254.4 DST=192.168.254.71 PROTO=TCP DPT=22

While still in WATCH_MODE, you should also grep the problem IP addresses via command:

csf -g IPADDRESS

To park a 2nd domain name on top of an existing Nginx vhost site domain name involves editing your Nginx vhost site domain files. You can see full instructions on the forums here.

For example if you want to password protect /admin.php and /install directory. You would need to use Nginx's ngx_http_auth_basic_module feature and Nginx vhost syntax within your site's server{} context would be something like below where /usr/local/nginx/conf/htpasswd_admin_php contains the username and encrypted format of the username's password.

You can use different file names for /usr/local/nginx/conf/htpasswd_admin_php for different directories you protect just make sure the auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php; definition in there is changed accordingly

The include line for php.conf is required to serve php files.

location /admin.php {
    auth_basic "Private";
    auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
    include /usr/local/nginx/conf/php.conf;
}

location /install/ {
    auth_basic "Private";
    auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
    include /usr/local/nginx/conf/php.conf;
}

Then to create and setup the auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php and set your own USERNAME and PASSWORD for htaccess password protection you type in SSH the command using htpasswd.sh script written to generate the /usr/local/nginx/conf/htpasswd_admin_php and USERNAME and PASSWORD (in encrypted format). Re-running the create command will wipe previous entries in the file so you can change usernames and passwords via create command too.

/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_admin_php USERNAME PASSWORD

If you need additional usernames and passwords added use htpasswd.sh with append option instead of create:

/usr/local/nginx/conf/htpasswd.sh append /usr/local/nginx/conf/htpasswd_admin_php USERNAME2 PASSWORD2

.

Site FAQ


Forums FAQ