The initial Centmin Mod install guide and the Getting Started guide outline the normal way of installing Centmin Mod LEMP stack on CentOS 7.x 64bit based server. However, there’s additional steps you can do to further customise your Centmin Mod LEMP default out of the box configuration and to enable additional optional features.
The following outlined SSH commands are to be run within the same SSH session window.
First set your desired notification email address in variable, EMAIL
# set your email address you want to receive alerts and server emails EMAIL=youremail@address.com
Then setup the persistent configuration file which allows you to override Centmin Mod’s centmin.sh menu script’s default settings without modifying centmin.sh itself.
# create initial persistent config file to override centmin.sh defaults # https://centminmod.com/upgrade.html#persistent mkdir -p /etc/centminmod touch /etc/centminmod/custom_config.inc
Populate the persistent configuration file with variables which enable advanced features in Centmin Mod LEMP stack
# dynamically tune nginx ssl_session_cache in /usr/local/nginx/conf/ssl_include.conf based on system detected memory # https://community.centminmod.com/posts/76615/ echo "NGINX_SSLCACHE_ALLOWOVERRIDE='y'" >> /etc/centminmod/custom_config.inc # override Nginx default OCSP response cache refresh time 1h (3600 seconds) to 24hrs (86400 seconds) # https://community.centminmod.com/threads/19515/ echo "NGINX_STAPLE_CACHE_OVERRIDE='y'" >> /etc/centminmod/custom_config.inc echo "NGINX_STAPLE_CACHE_TTL='86400'" >> /etc/centminmod/custom_config.inc # SET_DEFAULT_MYSQLCHARSET='utf8mb4' to override MariaDB MySQL # default characterset and collation from default utf8 to utf8mb4 # https://community.centminmod.com/threads/17949/ echo "SET_DEFAULT_MYSQLCHARSET='utf8mb4'" >> /etc/centminmod/custom_config.inc # enable nginx backlog override https://community.centminmod.com/threads/17620/ echo "AUTOHARDTUNE_NGINXBACKLOG='y'" >> /etc/centminmod/custom_config.inc # enable zstd compressed logrotation for nginx & php-fpm https://community.centminmod.com/threads/16374/ echo "ZSTD_LOGROTATE_NGINX='y'" >> /etc/centminmod/custom_config.inc echo "ZSTD_LOGROTATE_PHPFPM='y'" >> /etc/centminmod/custom_config.inc # enable letsencrypt ssl certificate + dual RSA+ECDSA ssl certs https://centminmod.com/acmetool/ echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc echo "DUALCERTS='y'" >> /etc/centminmod/custom_config.inc # enable ECC 256bit ECDSA self-signed SSL certificate generation https://community.centminmod.com/posts/82177/ echo "SELFSIGNEDSSL_ECDSA='y'" >> /etc/centminmod/custom_config.inc # enable nginx zero downtime on the fly nginx binary upgrades https://community.centminmod.com/threads/8000/ #echo "NGINX_ZERODT='y'" >> /etc/centminmod/custom_config.inc # enable brotli compression https://community.centminmod.com/threads/10688/ echo "NGINX_LIBBROTLI='y'" >> /etc/centminmod/custom_config.inc echo "NGXDYNAMIC_BROTLI='y'" >> /etc/centminmod/custom_config.inc # boost PHP 7 performance by enabling Profile Guided Optimisation flag # https://centminmod.com/perf/ # will dramatically increase PHP-FPM compile/install times but result in # 5-20% faster PHP 7+ performance. PHP_PGO='y' only works with servers with # 2+ or more cpu threads. However, you can force PHP PGO optimisations with # 1 cpu thread servers via PHP_PGO_ALWAYS='y' echo "PHP_PGO_ALWAYS='y'" >> /etc/centminmod/custom_config.inc echo "PHP_PGO='y'" >> /etc/centminmod/custom_config.inc # php compression extensions https://community.centminmod.com/posts/70777/ echo "PHP_BROTLI='y'" >> /etc/centminmod/custom_config.inc echo "PHP_LZFOUR='y'" >> /etc/centminmod/custom_config.inc echo "PHP_LZF='y'" >> /etc/centminmod/custom_config.inc echo "PHP_ZSTD='y'" >> /etc/centminmod/custom_config.inc # php file info echo "PHPFINFO='y'" >> /etc/centminmod/custom_config.inc # enable centmin.sh menu option 22 WordPress Cache Enabler Query String inclusions # https://community.centminmod.com/posts/85927/ echo "WPCLI_CE_QUERYSTRING_INCLUDED='y'" >> /etc/centminmod/custom_config.inc
The actual Centmin Mod LEMP stack install command using latest betainstaller73.sh script so PHP (php-fpm) 7.3 latest version is default installed.
# install centmin mod latest beta with php-fpm 7.3 default # https://community.centminmod.com/threads/centmin-mod-09-beta-branch-testing.4128/ yum -y update; curl -O https://centminmod.com/betainstaller73.sh && chmod 0700 betainstaller73.sh && bash betainstaller73.sh
Then you can pre-create Nginx HTTPS site’s dhparam file before hand to speed up subsequent Nginx vhost creation routines. On slow systems, this command will take a few minutes to complete.
openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
Then optional extra features you can choose to enable after Centmin Mod LEMP stack has been installed for Auditd and CSF Firewall advance blocklists
# install and configure auditd https://community.centminmod.com/posts/37680/ echo "AUDITD_ENABLE='y'" >> /etc/centminmod/custom_config.inc /usr/local/src/centminmod/tools/auditd.sh setup # setup extended CSF Firewall blocklists https://community.centminmod.com/posts/50060/ /usr/local/src/centminmod/tools/csf-advancetweaks.sh
Optionally enable CSF Firewall native fail2ban like rules
# enable CSF Firewall native fail2ban like support # https://community.centminmod.com/posts/62343/ csf --profile backup backup-b4-customregex cp -a /usr/local/csf/bin/regex.custom.pm /usr/local/csf/bin/regex.custom.pm.bak egrep 'CUSTOM1_LOG|CUSTOM2_LOG|CUSTOM3_LOG|CUSTOM4_LOG' /etc/csf/csf.conf sed -i "s|CUSTOM1_LOG = .*|CUSTOM1_LOG = \"/home/nginx/domains/\*/log/access.log\"|" /etc/csf/csf.conf sed -i "s|CUSTOM2_LOG = .*|CUSTOM2_LOG = \"/home/nginx/domains/\*/log/error.log\"|" /etc/csf/csf.conf sed -i "s|CUSTOM3_LOG = .*|CUSTOM3_LOG = \"/var/log/nginx/localhost.access.log\"|" /etc/csf/csf.conf sed -i "s|CUSTOM4_LOG = .*|CUSTOM4_LOG = \"/var/log/nginx/localhost.error.log\"|" /etc/csf/csf.conf egrep 'CUSTOM1_LOG|CUSTOM2_LOG|CUSTOM3_LOG|CUSTOM4_LOG' /etc/csf/csf.conf wget -O /usr/local/csf/bin/regex.custom.pm https://gist.github.com/centminmod/f5551b92b8aba768c3b4db84c57e756d/raw/regex.custom.pm csf -ra
Then setup disk space usage alerts making use of EMAIL variable you populated at the start of this guide.
# setup email alerts for diskalert cronjob /etc/cron.daily/diskalert # https://community.centminmod.com/posts/59973/ sed -i "s|EMAIL=.*|EMAIL='$EMAIL'|" /etc/cron.daily/diskalert
Lastly, if you intend to use Cloudflare in front of your Centmin Mod LEMP stack’s Nginx server, you can setup csfcf.sh cronjob to automatically manage Cloudflare’s IPs in CSF Firewall and Nginx real IP address detection.
# cloudflare cronjob # https://community.centminmod.com/threads/6241/ crontab -l > cronjoblist sed -i '/csfcf.sh/d' cronjoblist echo "23 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1" >> cronjoblist crontab cronjoblist
End result is an optimised Centmin Mod LEMP stack installation
With Nginx mainline version with OpenSSL 1.1.1 branch with HTTP/2 HTTPS TLS 1.3 support and built using GCC 8.3.1 compiler
nginx -V
nginx version: nginx/1.17.1 (120719-190938-centos7-kvm)
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 1.1.1c 28 May 2019
TLS SNI support enabled
configure arguments: –with-ld-opt=’-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib’ –with-cc-opt=’-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=x86-64 -mavx -mavx2 -mpclmul -msse4 -msse4.1 -msse4.2 -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -fuse-ld=gold –param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2′ –sbin-path=/usr/local/sbin/nginx –conf-path=/usr/local/nginx/conf/nginx.conf –build=120719-190938-centos7-kvm –with-compat –with-http_stub_status_module –with-http_secure_link_module –with-libatomic –with-http_gzip_static_module –with-http_sub_module –with-http_addition_module –with-http_image_filter_module=dynamic –with-http_geoip_module –with-stream_geoip_module –with-stream_realip_module –with-stream_ssl_preread_module –with-threads –with-stream –with-stream_ssl_module –with-http_realip_module –add-dynamic-module=../ngx-fancyindex-0.4.2 –add-module=../ngx_cache_purge-2.5 –add-dynamic-module=../ngx_devel_kit-0.3.0 –add-dynamic-module=../set-misc-nginx-module-0.32 –add-dynamic-module=../echo-nginx-module-0.61 –add-module=../redis2-nginx-module-0.15 –add-module=../ngx_http_redis-0.3.7 –add-module=../memc-nginx-module-0.18 –add-module=../srcache-nginx-module-0.31 –add-dynamic-module=../headers-more-nginx-module-0.33 –with-pcre-jit –with-zlib=../zlib-cloudflare-1.3.0 –with-http_ssl_module –with-http_v2_module –with-openssl=../openssl-1.1.1c
PHP 7.3 latest php-fpm build
php -v PHP 7.3.7 (cli) (built: Jul 14 2019 19:51:27) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.7, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.7, Copyright (c) 1999-2018, by Zend Technologies
MariaDB MySQL 10.3 server
mysqladmin ver mysqladmin Ver 9.1 Distrib 10.3.16-MariaDB, for Linux on x86_64 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Server version 10.3.16-MariaDB Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 2 days 5 hours 55 min 16 sec Threads: 5 Questions: 385311 Slow queries: 12 Opens: 44 Flush tables: 1 Open tables: 36 Queries per second avg: 1.984
Then check out the following:
- The official Getting Started Guide to get all your sites and configuration working.
- The official Centmin Mod configuration overview to learn how Centmin Mod configuration is structured.
- The Guide to learning about Centmin Mod tips.
- Join the official Centmin Mod community forums to ask questions and share your Centmin Mod experience. Any and all severe security and bug related announcements will be first posted on the official Centmin Mod community forum.