This guide will show you step by step how to install WordPress with Cache Enabler plugin’s advanced full HTML page caching configuration which bypasses PHP completely allowing the WordPress full HTML page cached files to be served 100% at Nginx server cache level.
This WordPress guide will also show you how Centmin Mod’s Cache Enabler advanced caching can optionally enable specific query string cache inclusions for query string trackers like ?fbclid, ?gclid and ?utm_*. WordPress will be installed via Centmin Mod 123.09beta01’s centmin.sh menu option 22 WordPress Nginx vhost installer which allows Cache Enabler’s advanced cache mode selection and will be behind Cloudflare CDN proxy for performance and security.
- Upcloud.com KVM VPS Server Creation With CentOS 7
- Cloudflare Configuration Setup
- Centmin Mod 123.09beta01 Advance Installation On Upcloud.com KVM VPS Server
- Enabling Centmin Mod’s free Letsencrypt SSL certificate issuance via Cloudflare DNS API validation
- WordPress Installation with Cache Enabler advance cache mode setup
- Final WordPress & Cloudflare Completion Tasks
- Testing Cache Enabler Full HTML Page Cache
- Notable Updates Since Initial Publication
Upcloud.com KVM VPS Server Creation With CentOS 7
To create Upcloud.com KVM VPS server, sign up for an account via affiliate link here (signees also get US$25 credits to use as well). Read the official Centmin Mod installation guide’s minimum and recommended memory and disk resource requirements. For the purpose of this guide, will create a 1 cpu, 1GB memory, 25GB disk US$5/month KVM VPS server in New York City datacenter location using CentOS 7 OS (CentOS 8 is currently not supported yet).
The chosen hostname for KVM VPS server is based on the official Getting Started Guide step 1 – main hostname setup guide. Where the main hostname is hostce.centminmod.com and the intended WordPress site domain name is cache-enabler.centminmod.com
Upcloud.com New York City data center is relatively new and is solely populated with newer AMD EPYC 7542 Rome based server processors.
lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 NUMA node(s): 1 Vendor ID: AuthenticAMD CPU family: 23 Model: 49 Model name: AMD EPYC 7542 32-Core Processor Stepping: 0 CPU MHz: 2894.560 BogoMIPS: 5789.12 Hypervisor vendor: KVM Virtualization type: full NUMA node0 CPU(s): 0 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm art rep_good nopl extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core retpoline_amd ssbd ibrs ibpb vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 arat umip spec_ctrl
Cloudflare Configuration Setup
Once, Upcloud KVM VPS server is created you will be assigned a public IP address. If you haven’t already done so, you need for your domain DNS to be on Cloudflare. You can follow Cloudflare’s Welcome setup wizard to guide you through the steps in adding your domain and DNS to Cloudflare at https://www.cloudflare.com/welcome-center. Note, you won’t be able to successfully pass the Cloudflare Healthcheck for your WordPress intended domain name until you complete the WordPress installation through the below outlined steps. You can skip the Cloudflare Welcome setup wizard if you already have your primary domain added to a Cloudflare account zone.
You will want to log into your Cloudflare account for the WordPress domain and create your desired DNS A record for the domain or subdomain i.e. cache-enabler.centminmod.com and also the hostname, hostce.centminmod.com. Example for cache-enabler.centminmod.com DNS A record (masked out for privacy here) – making sure that orange cloud Proxied is enabled for Cloudflare to CDN proxy your site.
Centmin Mod 123.09beta01 Advance Installation
The first step is installing Centmin Mod 123.09beta01 on Upcloud.com KVM VPS server – 1 cpu, 1GB, 25GB disk US$5/month VPS server in New York City data center location. The Centmin Mod Advance Installation method will be used. After the initial install, follow the official Getting Started Guide for the remaining steps to fully complete the setup. Throughout this guide, the centmin.sh menu options will be referred to. You can read how to run centmin.sh shell based menu here.
First set your desired notification email address in a variable, EMAIL. This is to be typed into your logged in SSH session as root user which will setup up the SSH session variable EMAIL which will be used later in this guide.
# set your email address you want to receive alerts and server emails EMAIL=youremail@address.com
Then set up the persistent configuration file which allows you to override Centmin Mod’s centmin.sh menu script’s default settings without modifying centmin.sh itself. The commands below are to be typed into your logged in SSH session as root user which will create the /etc/centminmod directory and then create the empty /etc/centminmod/custom_config.inc persistent config file.
# create initial persistent config file to override centmin.sh defaults # https://centminmod.com/upgrade.html#persistent mkdir -p /etc/centminmod touch /etc/centminmod/custom_config.inc
Next step is to populate the persistent configuration file with variables which enable advanced features in Centmin Mod LEMP stack. The echo commands below are to be typed into your logged in SSH session as root user and they populate the persistent config file at /etc/centminmod/custom_config.inc. Each advance enabled option has a comment linked to a Centmin Mod community forum thread/post explaining what the advance option does etc. You can choose which advance options if any or all to enable or skip the ones you don’t need. Note the last option listed for WPCLI_CE_QUERYSTRING_INCLUDED=’y’ is required to enable Cache Enabler’s optional query string cache inclusions.
# dynamically tune nginx ssl_session_cache in /usr/local/nginx/conf/ssl_include.conf based on system detected memory # https://community.centminmod.com/posts/76615/ echo "NGINX_SSLCACHE_ALLOWOVERRIDE='y'" >> /etc/centminmod/custom_config.inc # override Nginx default OCSP response cache refresh time 1h (3600 seconds) to 24hrs (86400 seconds) # https://community.centminmod.com/threads/19515/ echo "NGINX_STAPLE_CACHE_OVERRIDE='y'" >> /etc/centminmod/custom_config.inc echo "NGINX_STAPLE_CACHE_TTL='86400'" >> /etc/centminmod/custom_config.inc # SET_DEFAULT_MYSQLCHARSET='utf8mb4' to override MariaDB MySQL # default characterset and collation from default utf8 to utf8mb4 # https://community.centminmod.com/threads/17949/ echo "SET_DEFAULT_MYSQLCHARSET='utf8mb4'" >> /etc/centminmod/custom_config.inc # enable nginx backlog override https://community.centminmod.com/threads/17620/ echo "AUTOHARDTUNE_NGINXBACKLOG='y'" >> /etc/centminmod/custom_config.inc # enable zstd compressed logrotation for nginx & php-fpm https://community.centminmod.com/threads/16374/ echo "ZSTD_LOGROTATE_NGINX='y'" >> /etc/centminmod/custom_config.inc echo "ZSTD_LOGROTATE_PHPFPM='y'" >> /etc/centminmod/custom_config.inc # enable letsencrypt ssl certificate + dual RSA+ECDSA ssl certs https://centminmod.com/acmetool/ echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc echo "DUALCERTS='y'" >> /etc/centminmod/custom_config.inc # enable ECC 256bit ECDSA self-signed SSL certificate generation https://community.centminmod.com/posts/82177/ echo "SELFSIGNEDSSL_ECDSA='y'" >> /etc/centminmod/custom_config.inc # enable nginx zero downtime on the fly nginx binary upgrades https://community.centminmod.com/threads/8000/ #echo "NGINX_ZERODT='y'" >> /etc/centminmod/custom_config.inc # enable brotli compression https://community.centminmod.com/threads/10688/ echo "NGINX_LIBBROTLI='y'" >> /etc/centminmod/custom_config.inc echo "NGXDYNAMIC_BROTLI='y'" >> /etc/centminmod/custom_config.inc # boost PHP 7 performance by enabling Profile Guided Optimisation flag # https://centminmod.com/perf/ # will dramatically increase PHP-FPM compile/install times but result in # 5-20% faster PHP 7+ performance. PHP_PGO='y' only works with servers with # 2+ or more cpu threads. However, you can force PHP PGO optimisations with # 1 cpu thread servers via PHP_PGO_ALWAYS='y' echo "PHP_PGO_ALWAYS='y'" >> /etc/centminmod/custom_config.inc echo "PHP_PGO='y'" >> /etc/centminmod/custom_config.inc # php compression extensions https://community.centminmod.com/posts/70777/ echo "PHP_BROTLI='y'" >> /etc/centminmod/custom_config.inc echo "PHP_LZFOUR='y'" >> /etc/centminmod/custom_config.inc echo "PHP_LZF='y'" >> /etc/centminmod/custom_config.inc echo "PHP_ZSTD='y'" >> /etc/centminmod/custom_config.inc # php file info echo "PHPFINFO='y'" >> /etc/centminmod/custom_config.inc # enable centmin.sh menu option 22 WordPress Cache Enabler Query String inclusions # https://community.centminmod.com/posts/85927/ echo "WPCLI_CE_QUERYSTRING_INCLUDED='y'" >> /etc/centminmod/custom_config.inc
Once persistent config file /etc/centminmod/custom_config.inc is populated, it should look something like this. If you have second thoughts about enabling a specific advanced option, you can comment it out with a hash # in front of the variable before proceeding with the actual Centmin Mod installation in the next step.
NGINX_SSLCACHE_ALLOWOVERRIDE='y' NGINX_STAPLE_CACHE_OVERRIDE='y' NGINX_STAPLE_CACHE_TTL='86400' SET_DEFAULT_MYSQLCHARSET='utf8mb4' AUTOHARDTUNE_NGINXBACKLOG='y' ZSTD_LOGROTATE_NGINX='y' ZSTD_LOGROTATE_PHPFPM='y' LETSENCRYPT_DETECT='y' DUALCERTS='y' SELFSIGNEDSSL_ECDSA='y' NGINX_LIBBROTLI='y' NGXDYNAMIC_BROTLI='y' PHP_PGO_ALWAYS='y' PHP_PGO='y' PHP_BROTLI='y' PHP_LZFOUR='y' PHP_LZF='y' PHP_ZSTD='y' PHPFINFO='y' WPCLI_CE_QUERYSTRING_INCLUDED='y'
Centmin Mod Installation
The actual Centmin Mod LEMP stack install command to run in your logged in SSH session as root user using latest betainstaller73.sh script so PHP (php-fpm) 7.3 latest version is default installed.
# install centmin mod latest beta with php-fpm 7.3 default # https://community.centminmod.com/threads/centmin-mod-09-beta-branch-testing.4128/ yum -y update; curl -O https://centminmod.com/betainstaller73.sh && chmod 0700 betainstaller73.sh && bash betainstaller73.sh
Or you can use the latest betainstaller74.sh script so PHP (php-fpm) 7.4 latest version is default installed.
# install centmin mod latest beta with php-fpm 7.4 default # https://community.centminmod.com/threads/centmin-mod-09-beta-branch-testing.4128/ yum -y update; curl -O https://centminmod.com/betainstaller74.sh && chmod 0700 betainstaller74.sh && bash betainstaller74.sh
For this guide, I will use PHP 7.4 default installer. Note, you can only run the installer once. If you want to later downgrade or upgrade PHP-FPM versions, you can do that via centmin.sh menu option 5 PHP upgrade/downgrade shell based menu option after the initial Centmin Mod installation.
At the end of Centmin Mod LEMP stack installation, the initial install times for various components are displayed including the total installation time. As Nginx and PHP-FPM are source compiled, time to install is dependent on the speed of your server – including cpu clock speed and number of cpu threads available. The higher the cpu clock speed and the more cpu threads available, the faster the installation. You can basically use the Centmin Mod LEMP stack installer as a benchmark to evaluate the performance of your server.
Usually, the times are a fairly accurate representation of the performance of your server for Centmin Mod LEMP purposes. Enabling PHP Profile Guided Optimizations (PGO) in this advance guide will also further increase the duration for PHP-FPM compilation by approximately 2x. But PHP PGO will give up between 5-20% faster PHP performance. So you can weigh up the added PHP-FPM compile time versus resulting PHP-FPM performance you gain. Without PHP PGO, the PHP install time below of 1106 seconds would have been halved to around 450-500 seconds.
This Centmin Mod install took ~2206 seconds or just under 37 minutes on 1 cpu core VPS. If you had chosen 2 cpu core, it would be ~25-45% faster and 4 cpu core would be 30-60% faster.
--------------------------------------------------------------------------- Total Curl Installer YUM or DNF Time: 102.2205 seconds Total YUM Time: 9.969806311 seconds Total YUM or DNF + Source Download Time: 36.2631 Total Nginx First Time Install Time: 502.3685 Total PHP First Time Install Time: 1106.8022 Download From Github Time: 0.8572 Total Time Other eg. source compiles: 458.2096 Total Centmin Mod Install Time: 2103.6433 --------------------------------------------------------------------------- Total Install Time (curl yum + cm install + zip download): 2206.7210 seconds --------------------------------------------------------------------------- 1 AMD EPYC 7542 32-Core Processor 1 2894.560 ---------------------------------------------------------------------------
Nginx latest mainline version installed where the version build tag of 050920-055953-centos7-kvm-19b44b9-br-25f86f0 refers to the following: day/month/year-seconds-centos7-virtualization type-Centmin Mod git commit tag at time of install-brotli-brotli-git-tag at time of install.
nginx -V
nginx version: nginx/1.19.2 (050920-055953-centos7-kvm-19b44b9-br-25f86f0)
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: –with-ld-opt=’-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib -flto=1 -fuse-ld=gold’ –with-cc-opt=’-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=x86-64 -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto=1 -fuse-ld=gold –param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-error=pointer-sign -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations’ –sbin-path=/usr/local/sbin/nginx –conf-path=/usr/local/nginx/conf/nginx.conf –build=050920-055953-centos7-kvm-19b44b9-br-25f86f0 –with-compat –with-http_stub_status_module –with-http_secure_link_module –with-libatomic –with-http_gzip_static_module –add-dynamic-module=../ngx_brotli –with-http_sub_module –with-http_addition_module –with-http_image_filter_module=dynamic –with-http_geoip_module –with-stream_geoip_module –with-stream_realip_module –with-stream_ssl_preread_module –with-threads –with-stream –with-stream_ssl_module –with-http_realip_module –add-dynamic-module=../ngx-fancyindex-0.4.2 –add-module=../ngx_cache_purge-2.5.1 –add-dynamic-module=../ngx_devel_kit-0.3.0 –add-dynamic-module=../set-misc-nginx-module-0.32 –add-dynamic-module=../echo-nginx-module-0.62 –add-module=../redis2-nginx-module-0.15 –add-module=../ngx_http_redis-0.3.7 –add-module=../memc-nginx-module-0.19 –add-module=../srcache-nginx-module-0.32 –add-dynamic-module=../headers-more-nginx-module-0.33 –with-pcre-jit –with-zlib=../zlib-cloudflare-1.3.0 –with-http_ssl_module –with-http_v2_module –with-openssl=../openssl-1.1.1g
PHP-FPM 7.4 latest installed
php -v PHP 7.4.10 (cli) (built: Sep 5 2020 06:23:22) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.10, Copyright (c), by Zend Technologies
MariaDB MySQL 10.3 latest installed
mysqladmin ver mysqladmin Ver 9.1 Distrib 10.3.24-MariaDB, for Linux on x86_64 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Server version 10.3.24-MariaDB Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 5 min 52 sec Threads: 4 Questions: 1 Slow queries: 0 Opens: 17 Flush tables: 1 Open tables: 11 Queries per second avg: 0.002
and PHP extensions loaded
php -m [PHP Modules] bcmath brotli bz2 calendar Core ctype curl date dom enchant exif FFI fileinfo filter ftp gd geoip gettext gmp hash iconv igbinary imagick imap intl json ldap libxml lz4 lzf mailparse mbstring mcrypt memcache memcached mysqli mysqlnd openssl pcntl pcre PDO pdo_mysql pdo_sqlite Phar posix pspell readline redis Reflection session shmop SimpleXML snmp soap sockets sodium SPL sqlite3 standard sysvmsg sysvsem sysvshm tidy timezonedb tokenizer xml xmlreader xmlrpc xmlwriter xsl Zend OPcache zip zlib zstd [Zend Modules] Zend OPcache
Running cminfo command, can also give you an overview of the Centmin Mod installation.
cminfo ------------------------------------------------------------------ Centmin Mod Quick Info: ------------------------------------------------------------------ Server Location Info ip: xxx.xxx.xxx.xxx city: New York City region: New York country: US timezone: America/New_York Processors physical = 1, cores = 1, virtual = 1, hyperthreading = no 1 2894.560 1 AMD EPYC 7542 32-Core Processor 1 512 KB System Up Since: 2020-09-05 04:44:41 System Uptime: up 2 hours, 10 minutes MySQL Server Started 2020-09-05 06:29:44 MySQL Uptime: 25 min 19 sec MySQL Uptime (secs): 1519 Server Type: kvm CentOS Version: 7.8 Centmin Mod: 123.09beta01.b582 Nginx PageSpeed: OFF Nginx Version: 1.19.2 (050920-055953-centos7-kvm-19b44b9-br-25f86f0) PHP-FPM Version: 7.4.10 MariaDB Version: 10.3.24 CSF Firewall: v14.04 Memcached Server: 1.6.5 NSD Version: - Siege Version: 4.0.4 Maldet Version: not installed ClamAV Version: not installed ElasticSearch: not installed ------------------------------------------------------------------ Site Nginx Vhost Accounts: ------------------------------------------------------------------ * demodomain.com: /home/nginx/domains/demodomain.com ├── backup ├── log ├── private └── public ------------------------------------------------------------------ Site Nginx Vhost Config Files: ------------------------------------------------------------------ * /usr/local/nginx/conf/conf.d/demodomain.com.conf * /usr/local/nginx/conf/conf.d/virtual.conf ------------------------------------------------------------------ MySQL Databases: ------------------------------------------------------------------ * mysql [idx: 0.17 MB data: 0.55 MB] * pgo_train [idx: 0.00 MB data: 0.11 MB]
Then you can pre-create Nginx HTTPS site’s dhparam file beforehand to speed up subsequent Nginx vhost creation routines. On slow systems, this command will take a few minutes to complete.
openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
Then optional extra features you can choose to enable after Centmin Mod LEMP stack has been installed for Auditd.
# install and configure auditd https://community.centminmod.com/posts/37680/ echo "AUDITD_ENABLE='y'" >> /etc/centminmod/custom_config.inc /usr/local/src/centminmod/tools/auditd.sh setup
Then setup disk space usage alerts making use of EMAIL variable you set up as an SSH session variable you populated at the start of this guide.
# setup email alerts for diskalert cronjob /etc/cron.daily/diskalert # https://community.centminmod.com/posts/59973/ sed -i "s|EMAIL=.*|EMAIL='$EMAIL'|" /etc/cron.daily/diskalert
Lastly, if you intend to use Cloudflare in front of your Centmin Mod LEMP stack’s Nginx server, you can setup csfcf.sh cronjob to automatically manage Cloudflare’s IPs in CSF Firewall and Nginx real IP address detection. Latest 123.09beta01 should already have the csfcf.sh cronjob installed.
You can check via crontab -l command
crontab -l 13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1 0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null 22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
If csfcf.sh doesn’t show up, you can create it manually via the following commands run in SSH session as root user.
# cloudflare cronjob # https://community.centminmod.com/threads/6241/ crontab -l > cronjoblist sed -i '/csfcf.sh/d' cronjoblist echo "22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1" >> cronjoblist crontab cronjoblist
Enabling Centmin Mod’s free Letsencrypt SSL certificate issuance via Cloudflare DNS API validation
Centmin Mod 123.09beta01 has integrated support for free Letsencrypt SSL certificates via addons/acmetool.sh addon which uses Neil Pang’s acme.sh shell bash based client as the underlying Letsencrypt client for obtaining Letsencrypt SSL certificates. The integration is enabled when you set LETSENCRYPT_DETECT=’y’ is set in your persistent config file /etc/centminmod/custom_config.inc as we did in above Centmin Mod advance install steps in populating the persistent config file. The default method of domain validation is via webroot authentication for a generated file at yourdomain.com/.well-known. However, as of September 6th, 2020 addons/acmetool.sh addon has added support for Cloudflare DNS domain validation as well via Cloudflare DNS API support in the underlying acme.sh client.
As the intended WordPress site will be using Cloudflare for DNS and CDN proxy, we will leverage the newly added Cloudflare DNS API support for our free Letsencrypt SSL certificate issuance as well. Cloudflare SSL will be configured to switch from Flexible SSL to Full (non-strict) SSL mode so that the connection between Cloudflare edge servers and Centmin Mod’s origin Nginx server is done over an encryption connection. For the encrypted connection to occur under Cloudflare Full (non-strict) SSL mode, Centmin Mod’s Nginx based WordPress site needs to have it’s own SSL certificate and HTTPS configuration. Once set up, Cloudflare edge servers will connect with Centmin Mod’s origin Nginx server over an encrypted HTTPS TLSv1.3 connection as Centmin Mod Nginx uses OpenSSL 1.1.1 with TLSv1.3 protocol support.
To setup Cloudflare DNS API support for Centmin Mod Letsencrypt SSL certificate issuance, you’ll need to log into your Cloudflare account and create your Cloudflare API Token at https://dash.cloudflare.com/profile/api-tokens. Cloudflare API Tokens require
- Create your Cloudflare Token API with permissions for read access to Zone.Zone, and edit/write access to Zone.DNS, across all Zones.
- Grab your Cloudflare Account ID from any of your Cloudflare domain’s main dashboard’s right side column listing
You can set up the following variables in the persistent config file at /etc/centminmod/custom_config.inc that you previously created. Replacing YOUR_CF_TOKEN with your API token you created and replacing YOUR_CF_ACCOUNT_ID with your Cloudflare Account ID.
CF_DNSAPI_GLOBAL='y' CF_Token="YOUR_CF_TOKEN" CF_Account_ID="YOUR_CF_ACCOUNT_ID"
The persistent config file will now look something like below:
CF_DNSAPI_GLOBAL='y' CF_Token="YOUR_CF_TOKEN" CF_Account_ID="YOUR_CF_ACCOUNT_ID" NGINX_SSLCACHE_ALLOWOVERRIDE='y' NGINX_STAPLE_CACHE_OVERRIDE='y' NGINX_STAPLE_CACHE_TTL='86400' SET_DEFAULT_MYSQLCHARSET='utf8mb4' AUTOHARDTUNE_NGINXBACKLOG='y' ZSTD_LOGROTATE_NGINX='y' ZSTD_LOGROTATE_PHPFPM='y' LETSENCRYPT_DETECT='y' DUALCERTS='y' SELFSIGNEDSSL_ECDSA='y' NGINX_LIBBROTLI='y' NGXDYNAMIC_BROTLI='y' PHP_PGO_ALWAYS='y' PHP_PGO='y' PHP_BROTLI='y' PHP_LZFOUR='y' PHP_LZF='y' PHP_ZSTD='y' PHPFINFO='y' WPCLI_CE_QUERYSTRING_INCLUDED='y' MARCH_TARGETNATIVE='n' AUDITD_ENABLE='y'
Once you have populated persistent config file at /etc/centminmod/custom_config.inc, you can verify if your Cloudflare API Token is working by installing addons/acmetool.sh which will install the underlying acme.sh client and running check_cfapi option to verify the CF API Token. This step is optional, as addons/acmetool.sh is automatically installed the first time you run an Nginx vhost creation routine via centmin.sh menu option 2, 22 or nv command line when LETSENCRYPT_DETECT=’y’ is set in your persistent config file /etc/centminmod/custom_config.inc.
echo y | /usr/local/src/centminmod/addons/acmetool.sh acmeinstall echo y | /usr/local/src/centminmod/addons/acmetool.sh check_cfapi
acmeinstall
echo y | /usr/local/src/centminmod/addons/acmetool.sh acmeinstall ----------------------------------------------------- check acme auto renew cronjob setup: ----------------------------------------------------- 32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null ----------------------------------------------------- acme.sh installed -----------------------------------------------------
check_cfapi option only verifies that CF API Token works but not necessarily verifies if it works with CF DNS API itself as that is permission dependent.
echo y | /usr/local/src/centminmod/addons/acmetool.sh check_cfapi ------------------------------------------------- acmetool.sh is in beta testing phase please read & provide bug reports & feedback for this tool via the forums https://centminmod.com/acmetool ------------------------------------------------- Verifying working Cloudflare DNS API Credentials CF API Tokens detected Ok: CF API Token works
WordPress Installation with Cache Enabler advance cache mode setup
The final step is the actual WordPress installation with Cache Enabler done using centmin.sh menu option 22 where at WordPress caching selection, you will select Cache Enabler for automatic advance cache mode configuration.
Below I will run centmin.sh menu option 22 to auto install WordPress and create Nginx vhost site for subdomain = cache-enabler.centminmod.com. I have checked that I have set up Cloudflare DNS A record for the subdomain to point to Upcloud.com server’s allocated public IP address. Checking dig DNS A record for subdomain will show Cloudflare CDN proxy’s public IP addresses as intended as Cloudflare CDN proxy hides your real server IP address.
dig +short A cache-enabler.centminmod.com 104.18.11.170 104.18.10.170
curl -s https://ipinfo.io/104.18.11.170 { "ip": "104.18.11.170", "city": "Atlantic City", "region": "New Jersey", "country": "US", "loc": "39.3642,-74.4231", "org": "AS13335 Cloudflare, Inc.", "postal": "08404", "timezone": "America/New_York", "readme": "https://ipinfo.io/missingauth" }
To run centmin.sh shell based menu on subsequent SSH logs other than initial Centmin Mod install login, you can run command = centmin. If you’re still in initial Centmin Mod install SSH login, you can run:
cd /usr/local/src/centminmod ./centmin.sh
Then on centmin.sh menu select and type menu option 22 to start Nginx WordPress auto installer routine which will have a wizard prompt style question where you answer a few questions and the installer will create an Nginx vhost for your site and auto install WordPress and configure it for your desired WordPress caching method.
-------------------------------------------------------- Centmin Mod Menu 123.09beta01 centminmod.com -------------------------------------------------------- 1). Centmin Install 2). Add Nginx vhost domain 3). NSD setup domain name DNS 4). Nginx Upgrade / Downgrade 5). PHP Upgrade / Downgrade 6). XCache Re-install 7). APC Cache Re-install 8). XCache Install 9). APC Cache Install 10). Memcached Server Re-install 11). MariaDB MySQL Upgrade & Management 12). Zend OpCache Install/Re-install 13). Install/Reinstall Redis PHP Extension 14). SELinux disable 15). Install/Reinstall ImagicK PHP Extension 16). Change SSHD Port Number 17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2 18). Suhosin PHP Extension install 19). Install FFMPEG and FFMPEG PHP Extension 20). NSD Install/Re-Install 21). Data Transfer (TBA) 22). Add WordPress Nginx vhost + Cache Plugin 23). Update Centmin Mod Code Base 24). Exit -------------------------------------------------------- Enter option [ 1 - 24 ] 22 --------------------------------------------------------
The first time it will install WP-CLI command line too which is used to install and configure WordPress. On subsequent centmin.sh menu option 22 runs, it will auto update WP-CLI to the latest version before proceeding.
------------------------------------------------------------ Installing wpcli.sh ------------------------------------------------------------ installing... Error: /usr/bin/wp not found !!! Downloading now...... 2020-09-06 00:19:26 URL:https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar [5568133/5568133] -> "/usr/bin/wp" [1] Download done. Error: /root/wpcli/wp-completion.bash not found !!! Downloading now...... 2020-09-06 00:19:26 URL:https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash [495/495] -> "/root/wpcli/wp-completion.bash" [1] Download done. ------------------------------------------------------------- wp-cli info OS: Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 Shell: /bin/bash PHP binary: /usr/local/bin/php PHP version: 7.4.10 php.ini used: /usr/local/lib/php.ini WP-CLI root dir: phar://wp-cli.phar/vendor/wp-cli/wp-cli WP-CLI vendor dir: phar://wp-cli.phar/vendor WP_CLI phar path: /usr/local/src/centminmod/addons WP-CLI packages dir: /root/.wp-cli/packages/ WP-CLI global config: WP-CLI project config: WP-CLI version: 2.4.0 ------------------------------------------------------------- ------------------------------------------------------------- wp-cli install completed Read http://wp-cli.org/ for full usage info ------------------------------------------------------------- Please log out of SSH session and log back in You can then call wp-cli via command: wp i.e. wp --info --allow-root -------------------------------------------------------------
Then the actual Nginx vhost creation process starts with an information message related to additional Centmin Mod WordPress security features which may cause 403 permission denied errors as you may need to whitelist WordPress plugins.
------------------------------------------------------------- Setup full Nginx vhost + WordPress + WP Plugins ------------------------------------------------------------- --------------------------------------------------------------- Important Information --------------------------------------------------------------- You are about to create an WordPress based Nginx vhost site with or without HTTPS/SSL support. Also read the continually updated Getting Started Guide at centminmod.com/getstarted.html if you haven't already --------------------------------------------------------------- 403 Permission denied message handling if after vhost site setup you encounter 403 permission denied errors, check https://community.centminmod.com/threads/11215/ to see if your site needs tools/autoprotect.sh tweaking & whitelisting ---------------------------------------------------------------
Next, it will prompt you if you want to proceed with Nginx vhost site creation and ask you for desired WordPress Nginx site domain or subdomain name. Leave off www and only enter the domain as www. will be auto added. If you have Letsencrypt mode enabled, it will also prompt you for Letsencrypt SSL certificate issuance type where you can choose between HTTP + HTTPS or HTTPS default only and choose from staging untrusted Letsencrypt SSL certificates or browser trusted Letsencrypt SSL certificates. Here we choose option 4 for HTTPS default only live browser trusted Letsencrypt SSL certificate issuance for Nginx vhost domain = cache-enabler.centminmod.com. Option 4 will automatically configure the non-HTTPS to HTTPS default redirects at Nginx server level.
Do you want to continue with Nginx vhost site creation ? [y/n] y Enter vhost domain name you want to add (without www. prefix): cache-enabler.centminmod.com Create a self-signed SSL certificate Nginx vhost? [y/n]: y Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y You have 4 options: 1. issue staging test cert with HTTP + HTTPS (untrusted) 2. issue staging test cert with HTTPS default (untrusted) 3. issue live cert with HTTP + HTTPS (trusted) 4. issue live cert with HTTPS default (trusted) Enter option number 1-4: 4
Next are some WordPress site setup questions which you answer to configure your desired WordPress install. If you operate a member log in based WordPress site, make sure to disable wp-login.php password protection when prompted to do so. The entered email address will be your WordPress site administrator’s login email address.
Theme Setup: Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]: n Wordpress Setup: Not a fan of Gutenberg Editor ? You can switch to Classic Editor If you run into Gutenberg Editor issues, you can later switch to the Classic Editor https://wordpress.org/plugins/classic-editor/ Install Classic Editor WordPress Plugin ? [y/n]: y Autoptimize WP Plugin is installed by default. Do you want to install companion Autoptimize Gzip Plugin to precompresses js/css optimized files details at https://community.centminmod.com/threads/15314/ Install Autoptimize Gzip Companion WordPress Plugin ? [y/n]: y Google Native LazyLoad Plugin https://wordpress.org/plugins/native-lazyload/ Install Google Native LazyLoad Plugin ? [y/n]: y Set custom WP Admin Display Name ? [y/n]: y Enter Custom WP Admin Display Name: George Install WordPress in subdirectory /blog ? [y/n]: n Disable Auto Generated WP Admin Username / Password ? [y/n]: n Disable wp-login.php password protection ? (less security) [y/n]: y Enter email address for Admin User for WordPress Installation: youremail@yourdomain.com
Next up is prompt to select the method of WordPress caching Centmin Mod will automatically configure for your WordPress site. There are three methods to choose from my default with a fourth option for PHP-FPM fastcgi_cache in development. The three methods are KeyCDN’s Cache Enabler, Redis Nginx level caching and WordPress Super Cache. All three methods do guest full HTML page caching where Cache Enabler and Redis Nginx level caching are only ones to completely bypass PHP-FPM to serve caching via Nginx. You can read up more about them here in official Centmin Mod community forum sticky thread titled: Differences between WordPress regular install vs centmin.sh menu option 22 install
For this guide, we are choosing KeyCDN Cache Enabler option 1 which is configured with advanced caching at Nginx level bypassing PHP-FPM completely.
Default is to install KeyCDN WP Cache Enabler Plugin as it's more stable and reliable than WP Super Cache. Redis cache may have issues with caching due to long 6hr cache TTL You can select which caching method to use below: -------------------------------------------------------- Wordpress Caching -------------------------------------------------------- 1) KeyCDN Cache Enabler 2) Redis Nginx Level Caching 3) WordPress Super Cache -------------------------------------------------------- Enter option [ 1 - 3 ] 1 you selected option 1 (KeyCDN Cache Enabler) [wpscache=n]
Next is prompt for your Pure-FTP virtual FTP username and auto generated FTP password
Create FTP username for vhost domain (enter username): YOUR_FTPUSERNAME Do you want to auto generate FTP password (recommended) [y/n]: y FTP username you entered: YOUR_FTPUSERNAME FTP password auto generated: YOUR_FTPPASSWORD Password: Enter it again:
Next centmin.sh menu routine will create your Cache Enabler included map file /usr/local/nginx/conf/wpcacheenabler_map.conf which is inserted into /usr/local/nginx/conf/nginx.conf and is responsible for controlling whether mobile/tablet devices are cached or not and which advanced query string cache inclusions are included in Cache Enabler’s cache detection logic. The Cloudflare Authenticated Origin Pull certificate is also automatically downloaded to /usr/local/nginx/conf/ssl/cloudflare/cache-enabler.centminmod.com/origin.crt path but not enabled by default and finally, self-signed SSL certificate is generated which is a fallback SSL certificate if Letsencrypt SSL certificate issuance and domain validation fails.
include file /usr/local/nginx/conf/wpcacheenabler_map.conf add to nginx.conf --------------------------------------------------------------- SSL Vhost Setup... --------------------------------------------------------------- --2020-09-06 00:21:13-- https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem Resolving support.cloudflare.com... 104.18.7.251, 104.18.6.251 Connecting to support.cloudflare.com|104.18.7.251|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Saving to: ‘/usr/local/nginx/conf/ssl/cloudflare/cache-enabler.centminmod.com/origin.crt’ 0K .. 24.7M=0s 2020-09-06 00:21:14 (24.7 MB/s) - ‘/usr/local/nginx/conf/ssl/cloudflare/cache-enabler.centminmod.com/origin.crt’ saved [2155] --------------------------------------------------------------- Generating self signed SSL certificate... CSR file can also be used to be submitted for paid SSL certificates If using for paid SSL certificates be sure to keep both private key and CSR safe creating CSR File: cache-enabler.centminmod.com.csr creating private key: cache-enabler.centminmod.com.key creating self-signed SSL certificate: cache-enabler.centminmod.com.crt Signature ok subject=/C=US/ST=California/L=Los Angeles/O=cache-enabler.centminmod.com/OU=cache-enabler.centminmod.com/CN=cache-enabler.centminmod.com Getting Private key Certificate: Data: Version: 3 (0x2) Serial Number: f1:50:3f:45:85:40:52:e0 Signature Algorithm: ecdsa-with-SHA256 Issuer: C=US, ST=California, L=Los Angeles, O=cache-enabler.centminmod.com, OU=cache-enabler.centminmod.com, CN=cache-enabler.centminmod.com Validity Not Before: Sep 6 00:21:23 2020 GMT Not After : Aug 13 00:21:23 2120 GMT Subject: C=US, ST=California, L=Los Angeles, O=cache-enabler.centminmod.com, OU=cache-enabler.centminmod.com, CN=cache-enabler.centminmod.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:3b:f4:35:92:b1:4c:c5:9e:a6:d5:de:57:af:2b: cd:2e:5d:70:85:20:41:a0:9d:ba:7f:cd:ad:11:99: 3a:87:09:1a:f4:6b:46:3e:cc:16:c4:c9:32:bf:55: 0f:cb:d0:81:f7:34:08:0b:f7:ef:46:86:50:5e:79: c5:08:85:e4:59 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: DirName:/C=US/ST=California/L=Los Angeles/O=cache-enabler.centminmod.com/OU=cache-enabler.centminmod.com/CN=cache-enabler.centminmod.com serial:F1:50:3F:45:85:40:52:E0 X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Subject Alternative Name: DNS:cache-enabler.centminmod.com, DNS:www.cache-enabler.centminmod.com Signature Algorithm: ecdsa-with-SHA256 30:46:02:21:00:e9:44:95:8f:de:99:74:17:63:1a:7b:09:b1: 07:75:ce:e0:e1:d2:38:7a:f9:c5:0e:eb:05:76:aa:11:51:2a: ff:02:21:00:95:0e:42:de:06:bc:b8:ba:19:a7:34:70:6c:85: 2f:fc:0b:12:54:61:14:c8:7b:a6:6d:dd:cd:6f:3c:fb:b8:a8 ---------------------------------------------------------------
Next is prompt to whether you want Cache Enabler to include or exclude mobile and tablet devices from caching. Some WordPress mobile theme plugins may not be fully responsive in design so may have issues with caching. For this example, will exclude mobile/tablet devices from caching.
------------------------------------------------------------ Setup WordPress + Cache Enabler for cache-enabler.centminmod.com ------------------------------------------------------------ Using full static page caching may cause problems for mobile & tablet device visitors depending on your WP themes used so you may want to exclude those Do you want to exclude mobile/tablet devices from full page caching ? [y/n]: y
If in future you want to include mobile/tablet devices in Cache Enabler’s caching, you can edit the generated include file at /usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpcacheenabler_cache-enabler.centminmod.com.conf and modifying the following
from
# exclude mobile devices from redis caching if ($cmwpcache_device = mobile) { set $cache_uri 'nullcache'; }
to below with hash # in front of the 2nd line to disable cache exclusion
# exclude mobile devices from redis caching #if ($cmwpcache_device = mobile) { set $cache_uri 'nullcache'; }
Next is the actual WordPress core site install routine done via WP-CLI command line tool including the cronjob auto configuration and display of cronjobs at time of WordPress install.
Downloading WordPress 5.5.1 (en_US)... md5 hash verified: 72c6f56b4818ffd0e6e6a4ed8f3e8d4e Success: WordPress downloaded. Success: Generated 'wp-config.php' file. 13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1 0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null 22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1 32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null 0 0 * * 5 /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update >/dev/null 2>&1 #*/15 * * * * sleep 324s ; wget -4 -O - -q -t 1 http://cache-enabler.centminmod.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1 Success: WordPress installed successfully. Success: Updated user 39xxx6. Success: Rewrite structure set. Success: Rewrite rules flushed. ------------------------------------------------------------
Next is WP-CLI tool install, activation and configuration of a select few WordPress plugins for Native LazyLoad and Classic Editor you chose at early prompted questions
Installing Native Lazyload (1.0.2) Downloading installation package from https://downloads.wordpress.org/plugin/native-lazyload.1.0.2.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'native-lazyload'... Plugin 'native-lazyload' activated. Success: Installed 1 of 1 plugins. ------------------------------------------------------------ ------------------------------------------------------------ Installing Classic Editor (1.6) Downloading installation package from https://downloads.wordpress.org/plugin/classic-editor.1.6.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'classic-editor'... Plugin 'classic-editor' activated. Success: Installed 1 of 1 plugins. ------------------------------------------------------------
Next is actual Cache Enabler install and auto configuration – including setting up advanced cache inclusion for select query strings via a regular expression /^fbclid|ref|mc_(cid|eid)|utm_(source|medium|campaign|term|content|expid)|gclid|fb_(action_ids|action_types|source)|age-verified|ao_noptimize|usqp|cn-reloaded|_ga|_ke$/
which was enabled via WPCLI_CE_QUERYSTRING_INCLUDED=’y’ variable in persistent config file we did earlier.
Installing Cache Enabler – WordPress Cache (1.4.8) Downloading installation package from https://downloads.wordpress.org/plugin/cache-enabler.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'cache-enabler'... Plugin 'cache-enabler' activated. Success: Installed 1 of 1 plugins. ------------------------------------------------------------ configure cache-enabler Success: Updated 'cache-enabler' option. Success: Updated 'cache-enabler' option. "\/^fbclid|ref|mc_(cid|eid)|utm_(source|medium|campaign|term|content|expid)|gclid|fb_(action_ids|action_types|source)|age-verified|ao_noptimize|usqp|cn-reloaded|_ga|_ke$\/" {"expires":6,"clear_on_upgrade":1,"new_post":1,"new_comment":1,"update_product_stock":0,"webp":0,"compress":1,"excl_ids":"","excl_paths":"","excl_cookies":"","incl_parameters":"\/^fbclid|ref|mc_(cid|eid)|utm_(source|medium|campaign|term|content|expid)|gclid|fb_(action_ids|action_types|source)|age-verified|ao_noptimize|usqp|cn-reloaded|_ga|_ke$\/","minify_html":0}
Next is to install Autoptimize and Autoptimize Gzip companion plugin. The companion plugin enables Autoptimize’s pre-compress gzip and brotli features to pre-compress Autoptimize optimised CSS/JSS generated files.
Installing Autoptimize (2.7.7) Downloading installation package from https://downloads.wordpress.org/plugin/autoptimize.2.7.7.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'autoptimize'... Plugin 'autoptimize' activated. Success: Installed 1 of 1 plugins. option_name option_value autoptimize_ccss_version AO_2.7.7 autoptimize_service_availablity a:2:{s:12:"extra_imgopt";a:3:{s:6:"status";s:2:"up";s:5:"hosts";a:1:{i:1;s:26:"https://cdn.shortpixel.ai/";}s:16:"launch-threshold";s:4:"4096";}s:7:"critcss";a:2:{s:6:"status";s:2:"up";s:5:"hosts";a:1:{i:1;s:24:"https://criticalcss.com/";}}} autoptimize_version 2.7.7 configure autoptimize-gzip https://community.centminmod.com/threads/15314/ 2020-09-06 00:21:42 URL:https://raw.githubusercontent.com/centminmod/autoptimize-gzip/master/autoptimize-gzip.php [573/573] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/autoptimize-gzip.php" [1] 2020-09-06 00:21:43 URL:https://raw.githubusercontent.com/centminmod/autoptimize-gzip/master/index.html [192/192] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/index.html" [1] 2020-09-06 00:21:43 URL:https://github.com/centminmod/autoptimize-gzip/blob/master/readme.md [100610] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/readme.md" [1] 2020-09-06 00:21:43 URL:https://raw.githubusercontent.com/centminmod/autoptimize-gzip/master/LICENSE [18026/18026] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/LICENSE" [1] Plugin 'autoptimize-gzip' activated. Success: Activated 1 of 1 plugins. Plugin autoptimize-gzip details: Name: Autoptimize Gzip Status: Active Version: 0.1 Author: George Liu Description: Hook into Frank Goossens (futtta) Autoptimize API to pre-compress CSS/JS files
Next is install of Sucuri Security plugin, Disable XML-RPC and CDN Enabler plugins
Installing Sucuri Security – Auditing, Malware Scanner and Security Hardening (1.8.24) Downloading installation package from https://downloads.wordpress.org/plugin/sucuri-scanner.1.8.24.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'sucuri-scanner'... Plugin 'sucuri-scanner' activated. Success: Installed 1 of 1 plugins. ------------------------------------------------------------ Installing Disable XML-RPC (1.0.1) Downloading installation package from https://downloads.wordpress.org/plugin/disable-xml-rpc.1.0.1.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'disable-xml-rpc'... Plugin 'disable-xml-rpc' activated. Success: Installed 1 of 1 plugins. ------------------------------------------------------------ Installing CDN Enabler – WordPress CDN Plugin (1.0.9) Downloading installation package from https://downloads.wordpress.org/plugin/cdn-enabler.zip... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'cdn-enabler'... Plugin 'cdn-enabler' activated. Success: Installed 1 of 1 plugins. ------------------------------------------------------------ Uninstalled and deleted 'hello' plugin. Success: Uninstalled 1 of 1 plugins. Success: Plugin already updated.
Next a final summary listing of all WordPress plugins
10 installed plugins: I akismet 4.1.6 A autoptimize 2.7.7 A autoptimize-gzip 0.1 A cache-enabler 1.4.8 A cdn-enabler 1.0.9 A classic-editor 1.6 A disable-xml-rpc 1.0.1 A native-lazyload 1.0.2 A sucuri-scanner 1.8.24 D advanced-cache.php Legend: I = Inactive, A = Active, D = Drop-In ------------------------------------------------------------
System Cache Expiry Cronjob
Next final system cronjob listing which adds one for purging Cache Enabler’s advance Nginx level cache files every 24hrs at 11:16PM. You can adjust the cronjob interval to shorten or lengthen the cache TTL times. This cronjob is needed as Cache Enabler’s admin settings cache TTL will only work with PHP based cache defaults. While Centmin Mod’s Cache Enabler uses advance Nginx level caching instead and needs this cronjob to control cache TTL times.
13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1 0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null 22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1 32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null 0 0 * * 5 /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update >/dev/null 2>&1 #*/15 * * * * sleep 324s ; wget -4 -O - -q -t 1 http://cache-enabler.centminmod.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1 16 23 * * * echo "cache-enabler.centminmod.com cacheenabler cron"; sleep 249s ; rm -rf /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/* > /dev/null 2>&1
Next are WordPress site uninstall and auto updater script generation
------------------------------------------------------------ Created uninstall script /root/tools/wp_uninstall_cache-enabler.centminmod.com.sh ------------------------------------------------------------ ------------------------------------------------------------ Created wp_updater_cache-enabler.centminmod.com.sh script /root/tools/wp_updater_cache-enabler.centminmod.com.sh ------------------------------------------------------------
by default generated WordPress auto updater script at /root/tools/wp_updater_cache-enabler.centminmod.com.sh only does WordPress minor core updates and plugin updates unless you uncomment these 3 lines for /usr/bin/wp
# for major core updates uncomment 3 lines directly below #/usr/bin/wp core update --allow-root #/usr/bin/wp core update-db --allow-root #/usr/bin/wp core update --allow-root
and the respective cronjobs for auto updating WordPress plugins and minor WordPress versions every 8hrs
13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1 0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null 22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1 32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null 0 0 * * 5 /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update >/dev/null 2>&1 #*/15 * * * * sleep 324s ; wget -4 -O - -q -t 1 http://cache-enabler.centminmod.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1 16 23 * * * echo "cache-enabler.centminmod.com cacheenabler cron"; sleep 249s ; rm -rf /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/* > /dev/null 2>&1 0 */8 * * * sleep 136s ;/root/tools/wp_updater_cache-enabler.centminmod.com.sh >/dev/null 2>&1
Next Centmin Mod’s autoprotect.sh generated include files are generated. The autoprotect.sh script automatically scans your Nginx vhost public webroot directories for .htaccess files of the ‘deny all’ variety and auto generates an equivalent Nginx rewrite rule to attempt to alert you and protect your WordPress and Nginx directories as Nginx doesn’t support Apache .htaccess. So if a web developer’s web app/script uses .htaccess to protect private directories intended for Apache, they would be fully exposed on Nginx server! You can read more about autoprotect.sh and how to customise and disable it here.
generated nginx include file [initial]: /usr/local/nginx/conf/autoprotect/cache-enabler.centminmod.com/autoprotect-cache-enabler.centminmod.com.conf generated nginx include file [same]: /usr/local/nginx/conf/autoprotect/demodomain.com/autoprotect-demodomain.com.conf autoprotect.sh run completed skipped nginx reload...
After Nginx vhost and WordPress have been installed, it’s time for centmin.sh menu option 22 process to obtain the free Letsencrypt SSL certificate via Cloudflare DNS API using addons/acmetool.sh and the underlying acme.sh client. As addons/acmetool.sh is beta right now there’s an additional prompt to answer yes for to continue.
------------------------------------------------------------- ok: /usr/local/src/centminmod/addons/acmetool.sh /usr/local/src/centminmod/addons/acmetool.sh issue cache-enabler.centminmod.com wplived ------------------------------------------------- acmetool.sh is in beta testing phase please read & provide bug reports & feedback for this tool via the forums https://centminmod.com/acmetool ------------------------------------------------- continue [y/n] ? y
Next the underlying acme.sh client will always be auto updated to the latest version before being called.
----------------------------------------------------- updating acme.sh client... ----------------------------------------------------- Cloning into 'acme.sh'... [Sun Sep 6 00:22:04 UTC 2020] It is recommended to install socat first. [Sun Sep 6 00:22:04 UTC 2020] We use socat for standalone server if you use standalone mode. [Sun Sep 6 00:22:04 UTC 2020] If you don't use standalone mode, just ignore this warning. [Sun Sep 6 00:22:04 UTC 2020] Installing to /root/.acme.sh [Sun Sep 6 00:22:04 UTC 2020] Installed to /root/.acme.sh/acme.sh [Sun Sep 6 00:22:04 UTC 2020] Installing alias to '/root/.bashrc' [Sun Sep 6 00:22:04 UTC 2020] OK, Close and reopen your terminal to start using acme.sh [Sun Sep 6 00:22:04 UTC 2020] Installing alias to '/root/.cshrc' [Sun Sep 6 00:22:04 UTC 2020] Installing alias to '/root/.tcshrc' [Sun Sep 6 00:22:04 UTC 2020] Installing cron job 32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [Sun Sep 6 00:22:04 UTC 2020] Good, bash is found, so change the shebang to use bash as preferred. [Sun Sep 6 00:22:05 UTC 2020] OK https://github.com/acmesh-official/acme.sh v2.8.8 ----------------------------------------------------- acme.sh updated -----------------------------------------------------
Next is actual acme.sh client’s issuance of 2x Letsencrypt SSL certificates – one for RSA 2048 bit and one for ECC 256bit ECDSA SSL certificate for Nginx dual SSL certificate mode. This is due to configuring in the persistent config file the variable to enable dual SSL certificates mode which serves faster performing ECDSA SSL certificates to browsers that support it and slower traditional RSA 2048bit SSL certificates to browsers that don’t support ECDSA SSL. In Cloudflare proxied setup, this allows most optimal performance as Cloudflare edge servers will connect to Centmin Mod Nginx via faster ECDSA SSL certificates.
DUALCERTS='y'
The RSA 2048bit SSL certificate issuance via acme.sh with Cloudflare DNS API token. Notice acme.sh command adds –dns dns_cf flag and you can see DNS API adding the TXT validation record and removing it after.
----------------------------------------------------------- issue & install letsencrypt ssl certificate for cache-enabler.centminmod.com ----------------------------------------------------------- testcert value = wplived wp routine detected use reissue instead via --force /root/.acme.sh/acme.sh --force --dns dns_cf --issue -d cache-enabler.centminmod.com --days 60 -w /home/nginx/domains/cache-enabler.centminmod.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-060920-002155.log --log-level 2 [Sun Sep 6 00:22:06 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory [Sun Sep 6 00:22:06 UTC 2020] Create account key ok. [Sun Sep 6 00:22:06 UTC 2020] Registering account: https://acme-v02.api.letsencrypt.org/directory [Sun Sep 6 00:22:07 UTC 2020] Registered [Sun Sep 6 00:22:07 UTC 2020] ACCOUNT_THUMBPRINT='rRHFqDi2lniJYRaxxx-_rvAl6UzG7ovF7Jq7dce6y8' [Sun Sep 6 00:22:07 UTC 2020] Creating domain key [Sun Sep 6 00:22:07 UTC 2020] The domain key is here: /root/.acme.sh/cache-enabler.centminmod.com/cache-enabler.centminmod.com.key [Sun Sep 6 00:22:07 UTC 2020] Single domain='cache-enabler.centminmod.com' [Sun Sep 6 00:22:07 UTC 2020] Getting domain auth token for each domain [Sun Sep 6 00:22:09 UTC 2020] Getting webroot for domain='cache-enabler.centminmod.com' [Sun Sep 6 00:22:09 UTC 2020] Adding txt value: 96N03rA1CTjVReovOjzoJB7486-V2GvNVZX7juJ9cyU for domain: _acme-challenge.cache-enabler.centminmod.com [Sun Sep 6 00:22:10 UTC 2020] Adding record [Sun Sep 6 00:22:10 UTC 2020] Added, OK [Sun Sep 6 00:22:10 UTC 2020] The txt record is added: Success. [Sun Sep 6 00:22:10 UTC 2020] Let's check each DNS record now. Sleep 20 seconds first. [Sun Sep 6 00:22:30 UTC 2020] Checking cache-enabler.centminmod.com for _acme-challenge.cache-enabler.centminmod.com [Sun Sep 6 00:22:31 UTC 2020] Domain cache-enabler.centminmod.com '_acme-challenge.cache-enabler.centminmod.com' success. [Sun Sep 6 00:22:31 UTC 2020] All success, let's return [Sun Sep 6 00:22:31 UTC 2020] Verifying: cache-enabler.centminmod.com [Sun Sep 6 00:22:34 UTC 2020] Success [Sun Sep 6 00:22:34 UTC 2020] Removing DNS records. [Sun Sep 6 00:22:34 UTC 2020] Removing txt: 96N03rA1CTjVReovOjzoJB7486-V2GvNVZX7juJ9cyU for domain: _acme-challenge.cache-enabler.centminmod.com [Sun Sep 6 00:22:35 UTC 2020] Removed: Success [Sun Sep 6 00:22:35 UTC 2020] Verify finished, start to sign. [Sun Sep 6 00:22:35 UTC 2020] Lets finalize the order. [Sun Sep 6 00:22:35 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/95901924/5041645894' [Sun Sep 6 00:22:36 UTC 2020] Downloading cert. [Sun Sep 6 00:22:36 UTC 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/0399f04d1dd4bbb664fd1769ae76cda66601' [Sun Sep 6 00:22:37 UTC 2020] Cert success. -----BEGIN CERTIFICATE----- MI snipped Oi -----END CERTIFICATE----- [Sun Sep 6 00:22:37 UTC 2020] Your cert is in /root/.acme.sh/cache-enabler.centminmod.com/cache-enabler.centminmod.com.cer [Sun Sep 6 00:22:37 UTC 2020] Your cert key is in /root/.acme.sh/cache-enabler.centminmod.com/cache-enabler.centminmod.com.key [Sun Sep 6 00:22:37 UTC 2020] The intermediate CA cert is in /root/.acme.sh/cache-enabler.centminmod.com/ca.cer [Sun Sep 6 00:22:37 UTC 2020] And the full chain certs is there: /root/.acme.sh/cache-enabler.centminmod.com/fullchain.cer
The ECC 256bit ECDSA SSL certificate issuance via acme.sh with Cloudflare DNS API token
get 2nd SSL cert issued for dual ssl cert config /root/.acme.sh/acme.sh --force --dns dns_cf --issue -d cache-enabler.centminmod.com --days 60 -w /home/nginx/domains/cache-enabler.centminmod.com/public -k ec-256 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-060920-002155.log --log-level 2 [Sun Sep 6 00:22:37 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory [Sun Sep 6 00:22:37 UTC 2020] Creating domain key [Sun Sep 6 00:22:37 UTC 2020] The domain key is here: /root/.acme.sh/cache-enabler.centminmod.com_ecc/cache-enabler.centminmod.com.key [Sun Sep 6 00:22:37 UTC 2020] Single domain='cache-enabler.centminmod.com' [Sun Sep 6 00:22:37 UTC 2020] Getting domain auth token for each domain [Sun Sep 6 00:22:39 UTC 2020] Getting webroot for domain='cache-enabler.centminmod.com' [Sun Sep 6 00:22:39 UTC 2020] cache-enabler.centminmod.com is already verified, skip dns-01. [Sun Sep 6 00:22:39 UTC 2020] Verify finished, start to sign. [Sun Sep 6 00:22:39 UTC 2020] Lets finalize the order. [Sun Sep 6 00:22:39 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/95901924/5041651897' [Sun Sep 6 00:22:41 UTC 2020] Downloading cert. [Sun Sep 6 00:22:41 UTC 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/044361415b2122755802a6d7db85354a4c7e' [Sun Sep 6 00:22:41 UTC 2020] Cert success. -----BEGIN CERTIFICATE----- MII snipped qo -----END CERTIFICATE----- [Sun Sep 6 00:22:41 UTC 2020] Your cert is in /root/.acme.sh/cache-enabler.centminmod.com_ecc/cache-enabler.centminmod.com.cer [Sun Sep 6 00:22:41 UTC 2020] Your cert key is in /root/.acme.sh/cache-enabler.centminmod.com_ecc/cache-enabler.centminmod.com.key [Sun Sep 6 00:22:41 UTC 2020] The intermediate CA cert is in /root/.acme.sh/cache-enabler.centminmod.com_ecc/ca.cer [Sun Sep 6 00:22:41 UTC 2020] And the full chain certs is there: /root/.acme.sh/cache-enabler.centminmod.com_ecc/fullchain.cer success: 2nd SSL cert issued for dual ssl cert config
Next is actual Letsencrypt SSL certificate installation into the WordPress Nginx vhost site at /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com
----------------------------------------------------------- install cert ----------------------------------------------------------- /root/.acme.sh/acme.sh --installcert -d cache-enabler.centminmod.com --certpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer --keypath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.key --capath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme.key [Sun Sep 6 00:22:41 UTC 2020] Installing cert to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer [Sun Sep 6 00:22:41 UTC 2020] Installing CA to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer [Sun Sep 6 00:22:41 UTC 2020] Installing key to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.key [Sun Sep 6 00:22:41 UTC 2020] Installing full chain to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme.key [Sun Sep 6 00:22:41 UTC 2020] Run reload cmd: /usr/bin/ngxreload Reloading nginx configuration (via systemctl): [ OK ] [Sun Sep 6 00:22:41 UTC 2020] Reload success install 2nd SSL cert issued for dual ssl cert config /root/.acme.sh/acme.sh --installcert -d cache-enabler.centminmod.com --certpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer --keypath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.key --capath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme-ecc.key --ecc [Sun Sep 6 00:22:41 UTC 2020] Installing cert to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer [Sun Sep 6 00:22:41 UTC 2020] Installing CA to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer [Sun Sep 6 00:22:41 UTC 2020] Installing key to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.key [Sun Sep 6 00:22:41 UTC 2020] Installing full chain to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme-ecc.key [Sun Sep 6 00:22:41 UTC 2020] Run reload cmd: /usr/bin/ngxreload Reloading nginx configuration (via systemctl): [ OK ] [Sun Sep 6 00:22:42 UTC 2020] Reload success setup ssl_trusted_certificate dual cert version: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-dualcert-rsa-ecc.cer letsencrypt ssl certificate setup completed ssl certs located at: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com
Next is the Pure-FTP virtual FTP user login details which are via FTP over SSL
------------------------------------------------------------- FTP hostname : xxx.xxx.xxx.xxx FTP port : 21 FTP mode : FTP (explicit SSL) FTP Passive (PASV) : ensure is checked/enabled FTP username created for cache-enabler.centminmod.com : YOUR_FTPUSERNAME FTP password created for cache-enabler.centminmod.com : YOUR_FTPPASSWORD ------------------------------------------------------------- vhost for cache-enabler.centminmod.com created successfully
Next is a summary of Nginx vhost created directories, files etc. Like public webroot being at /home/nginx/domains/cache-enabler.centminmod.com/public. Which are also outlined on official site’s config files page at https://centminmod.com/configfiles.html
vhost ssl for cache-enabler.centminmod.com created successfully domain: https://cache-enabler.centminmod.com vhost ssl conf file for cache-enabler.centminmod.com created: /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf /usr/local/nginx/conf/ssl_include.conf created Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com.crt SSL Private Key: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com.key SSL CSR File: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com.csr Backup SSL Private Key: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-backup.key Backup SSL CSR File: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-backup.csr letsdebug API check log: /root/centminlogs/letsdebug-cache-enabler.centminmod.com-060920-001334.log upload files to /home/nginx/domains/cache-enabler.centminmod.com/public vhost log files directory is /home/nginx/domains/cache-enabler.centminmod.com/log ------------------------------------------------------------ SSH commands to uninstall created WordPress install and Nginx vhost: /root/tools/wp_uninstall_cache-enabler.centminmod.com.sh ------------------------------------------------------------ ------------------------------------------------------------ Wordpress Auto Updater created at: /root/tools/wp_updater_cache-enabler.centminmod.com.sh cronjob set for every 8 hours update (3x times per day) ------------------------------------------------------------
Next is a summary of WordPress login and install details
WordPress domain: cache-enabler.centminmod.com Wordpress DB Name: wp747xxxxx1db_31356 Wordpress DB User: wpdbxxxxxx88 Wordpress DB Pass: wpdbxxxxxx9Zp29213 Wordpress Admin User ID: 39xxx6 Wordpress Admin User: zW3sTxxxxxxxxp1825 Wordpress Admin Pass: zUGxxxxxxxxxxx45 Wordpress Admin Email: youremail@yourdomain.com Wordpress Admin Display Name: George
Next are final steps to complete WordPress setup where applicable
------------------------------------------------------------ To complete setup: 1. Enable Permalinks (DO NOT use links with .html extensions for performance reasons) i.e. /%post_id%/%postname%/ 2. Settings Menu > Cache Enabler set options and hit Save Changes (https://community.centminmod.com/threads/15039/) 3. Settings Menu > Optimus set options and hit Save Changes 4. Appearance > Theme Options (Responsive theme) > Home Page nav bar > Uncheck Overrides WordPress front page option ------------------------------------------------------------
Next is note to the log file which saved the entire centmin.sh menu option 22 process so you can inspect it for login details or troubleshooting etc.
------------------------------------------------------------- vhost for cache-enabler.centminmod.com wordpress setup successfully cache-enabler.centminmod.com setup info log saved at: /root/centminlogs/centminmod_123.09beta01.b582_060920-001334_wordpress_addvhost.log
And finally a wpinfo.sh script is generated which you can run to get a full overview of your WordPress installation
------------------------------------------------------------- wpinfo.sh script saved at: /usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpinfo.sh
Example wpinfo.sh run output
/usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpinfo.sh WP-CLI 2.4.0 WP-Home https://cache-enabler.centminmod.com WP-SiteURL https://cache-enabler.centminmod.com WordPress version: 5.5.1 Database revision: 48748 TinyMCE version: 4.9100 (49100-20200624) Package language: en_US +--------+-----------------------------------+--------------+---------------------------+---------------------+---------------+ | ID | user_login | display_name | user_email | user_registered | roles | +--------+-----------------------------------+--------------+---------------------------+---------------------+---------------+ | 39xxx6 | zW3sTxxxxxxxxp1825 | George | youremail@yourdomain.com | 2020-09-06 00:21:32 | administrator | +--------+-----------------------------------+--------------+---------------------------+---------------------+---------------+ +----------------------+------------------------------------------------------------------+----------+ | name | value | type | +----------------------+------------------------------------------------------------------+----------+ | table_prefix | 25xxx_ | variable | | WP_CACHE | 1 | constant | | DB_NAME | wpxxxxxxxxdb_31356 | constant | | DB_USER | wpdbxxxxxxxxx88 | constant | | DB_PASSWORD | wpdbxxxxxxxxxxxxxxxxx9213 | constant | | DB_HOST | localhost | constant | | DB_CHARSET | utf8 | constant | | DB_COLLATE | | constant | | DISABLE_WP_CRON | | constant | | WP_AUTO_UPDATE_CORE | minor | constant | | WP_POST_REVISIONS | 10 | constant | | EMPTY_TRASH_DAYS | 10 | constant | | WP_CRON_LOCK_TIMEOUT | 60 | constant | | CONCATENATE_SCRIPTS | | constant | | AUTH_KEY | {[{9*v1}VI/mqSe(xxxxxxxxxxxxxxxxx+Gk(:~f%|ZKQaT*z^73%Vl0|^XfiP~o | constant | | SECURE_AUTH_KEY | ?57(T*}PZn]3ixxxxxxxxxxxxxxxxxxxxxxxxxxxc_ A$NIX5DRd!1-5nAoFOpo= | constant | | LOGGED_IN_KEY | ,fA}Hl8>KF3?:CeXxxxxxxxxxxxxxxxxxxxxxxxxxxxxgD}d !~!jyRpBhrQw`d0 | constant | | NONCE_KEY | ;4`6I`*sBUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,KO(2R#,Kj~nh | constant | | AUTH_SALT | #c712,y%!uYxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq>T$&U$>CM#e | constant | | SECURE_AUTH_SALT | vBzZoSz3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfX!C5_Bj^O, | constant | | LOGGED_IN_SALT | O<Lj~QtczMbxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxCvfj=`*] | constant | | NONCE_SALT | =k&;9Hi1CxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxdX}8kZ89M | constant | | WP_CACHE_KEY_SALT | *&^C&awDC#xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(o`Z=tc7A= | constant | +----------------------+------------------------------------------------------------------+----------+ +--------------------+----------+--------+---------+ | name | status | update | version | +--------------------+----------+--------+---------+ | akismet | inactive | none | 4.1.6 | | autoptimize | active | none | 2.7.7 | | autoptimize-gzip | active | none | 0.1 | | cache-enabler | active | none | 1.4.8 | | cdn-enabler | active | none | 1.0.9 | | classic-editor | active | none | 1.6 | | disable-xml-rpc | active | none | 1.0.1 | | native-lazyload | active | none | 1.0.2 | | sucuri-scanner | active | none | 1.8.24 | | advanced-cache.php | dropin | none | | +--------------------+----------+--------+---------+ +-----------------+----------+--------+---------+ | name | status | update | version | +-----------------+----------+--------+---------+ | twentynineteen | inactive | none | 1.7 | | twentyseventeen | inactive | none | 2.4 | | twentytwenty | active | none | 1.5 | +-----------------+----------+--------+---------+
Final WordPress & Cloudflare Completion Tasks
Final tasks to complete WordPress setup.
Cache Enabler Settings
Ensure you configure Cache Enabler settings. Noting Cache Expiry doesn’t work as Cache Enabler has been configured for advance Nginx caching so needs the above mentioned cronjob to set Cache Expiry.
Autoptimize Configuration Settings
Ensure you edit your Autoptimize CSS and JS settings as follows
Nginx Visitor Real IP Detection
As your WordPress site is behind Cloudflare proxy, you need to enable cloudflare.conf include file in Nginx generated vhost config file at /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf so that visitor’s real IP addresses are detected by Nginx and your WordPress install otherwise, you will see Cloudflare server IPs being attributed to visitors in your Nginx access logs at /home/nginx/domains/cache-enabler.centminmod.com/log/access.log and in WordPress IP detection routines.
To enable cloudflare.conf include file in /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf
change
#include /usr/local/nginx/conf/cloudflare.conf;
to
include /usr/local/nginx/conf/cloudflare.conf;
You can do that manually or via SSH command line sed replacement and Nginx + PHP-FPM service restart commands below:
sed -i 's|^ #include /usr/local/nginx/conf/cloudflare.conf;| include /usr/local/nginx/conf/cloudflare.conf;|' /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf nprestart
So the Nginx site vhost config file at /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf will show the following lines
# uncomment cloudflare.conf include if using cloudflare for # server and/or vhost site include /usr/local/nginx/conf/cloudflare.conf;
Cloudflare Settings
The next step to ensure Cache Enabler works with Cloudflare CDN proxy is to ensure that Cloudflare auto HTML minification is disabled in Cloudflare dashboard (which is the default unless you specifically enabled it) and instead do the HTML minification from Cache Enabler WordPress admin settings.
You can use a specific Cloudflare Page Rule to disable Auto Minify if you only want a specific subdomain disabled by setting Auto Minify Page Rule but leaving HTML checkbox unchecked. Here I also disabled Railgun as I don’t have it configured for this specific server.
Then instead in Cache Enabler WordPress admin settings, enable Cache Minification for HTML there if you desire.
You can then verify if Cache Enabler caching is working after visiting your WordPress site as a guest to populate the cache by running curl commands below to inspect the source code of the WordPress page to see if there is a Cache Enabler timestamp comment added to indicator caching done.
curl -4sk https://cache-enabler.centminmod.com/ | tail -2 <!-- Cache Enabler by KeyCDN @ 06.09.2020 01:17:47 (https gzip) -->
and checking if advanced caching of specific query strings is working for ?utm_sourcr
curl -4sk "https://cache-enabler.centminmod.com/?utm_source" | tail -2 <!-- Cache Enabler by KeyCDN @ 06.09.2020 01:17:47 (https gzip) -->
and for ?fbclid
curl -4sk "https://cache-enabler.centminmod.com/?fbclid" | tail -2 <!-- Cache Enabler by KeyCDN @ 06.09.2020 01:17:47 (https gzip) -->
Inspecting the generated cache files and pre-compressed cache files themselves
ls -lahR /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/cache-enabler.centminmod.com/ /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/cache-enabler.centminmod.com/: total 36K drwxrws--- 2 nginx nginx 57 Sep 6 01:17 . drwxrws--- 3 nginx nginx 42 Sep 6 01:17 .. -rw-rw---- 1 nginx nginx 28K Sep 6 01:17 https-index.html -rw-rw---- 1 nginx nginx 7.3K Sep 6 01:17 https-index.html.gz
Sucuri File Integrity Checks
The centmin.sh menu option 22 WordPress installer also automatically installs Sucuri WordPress plugin so first task is to process any reported WordPress core/file integrity alerts for Centmin Mod Nginx vhost default added files and mark them as fixed/legit.
Add Browser Cache Headers To Cached Files
By default Cache Enabler served cached files via Nginx don’t serve up a Cache-Control header for web browser caching. You can optionally enable this by editing centmin.sh menu option 22 generated include file at /usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpcacheenabler_cache-enabler.centminmod.com.conf and at bottom of the file add the following Nginx rules to set expires header only when Cache Enabler cached files exist on disk.
This sets web browser cache to 120 seconds – adjust accordingly to your own needs.
if (-f $document_root$cache_enabler_uri) { set $cttls "120s"; } expires $cttls;
Then in Cloudflare site zone’s dashboard on Caching > Configuration section set Browser Cache TTL to ‘Respect Existing Headers’.
Or set it via custom Cloudflare Page Rule if you only want to apply it to a specific subdomain or path.
Resulting in the following served when Cache Enabler’s cached file exists – notice the Cache-Control and Expires header set.
curl -I "https://cache-enabler.centminmod.com/" HTTP/1.1 200 OK Date: Tue, 08 Sep 2020 13:41:46 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Set-Cookie: __cfduid=d7ff7a29b86371991fed6f3c741b4bace1599572506; expires=Thu, 08-Oct-20 13:41:46 GMT; path=/; domain=.centminmod.com; HttpOnly; SameSite=Lax Last-Modified: Tue, 08 Sep 2020 01:19:05 GMT Vary: Accept-Encoding X-Powered-By: centminmod Expires: Tue, 08 Sep 2020 13:43:46 GMT Cache-Control: max-age=120 Strict-Transport-Security: max-age=31536000; includeSubdomains; X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none' CF-Cache-Status: DYNAMIC cf-request-id: 050f8c8f20000091fe18b86200000001 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 5cf916c50f5491fe-EWR alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
With web browser cache headers in place, visitors will have a faster page loading experience if they already have a cached version in their local browser cache. Here’s Opera web browser network developer tools showing how a browser cached version of WordPress full HTML page cached loads.
The response is loaded from visitor’s browser disk cache and has a total time of just 2 milliseconds of which 1 millisecond was over the network. I’m in Brisbane, Australia and test WordPress install is in New York City.
A breakdown of the request’s timings where waiting TTFB was 0.19 ms and Content Download was 1.31ms.
Testing Cache Enabler Full HTML Page Cache
You can run a quick load test using my forked wrk, wrk-cmm load testing tool with 300 concurrent users for 15 second duration. You need to specifically test with a User Agent specified otherwise, Cloudflare Web Application Firewall (WAF) on paid plans may have WAF rules that block or challenge requests which have an empty User Agent and wrk-cmm will end up with non-2xx or 3xx responses reported.
wrk-cmm test for WordPress index page
wrk-cmm -t1 -c300 -d15s -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4255.0 Safari/537.36" --latency --breakout https://cache-enabler.centminmod.com/ Running 15s test @ https://cache-enabler.centminmod.com/ 1 threads and 300 connections Thread Stats Avg Stdev Max +/- Stdev Latency 97.63ms 72.66ms 1.25s 84.71% Connect 175.27ms 82.03ms 353.45ms 69.56% TTFB 89.96ms 71.20ms 1.25s 87.47% TTLB 7.60ms 15.44ms 207.93ms 94.45% Req/Sec 3.36k 1.02k 5.27k 67.88% Latency Distribution 50% 73.31ms 75% 109.15ms 90% 183.63ms 95% 258.38ms 99% 363.04ms 49605 requests in 15.03s, 1.32GB read Requests/sec: 3299.40 Transfer/sec: 90.24MB
h2load HTTP/2 HTTPS load tester for WordPress index page
h2load -t1 -c300 -n5000 -m60 -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4255.0 Safari/537.36" https://cache-enabler.centminmod.com/ starting benchmark... spawning thread #0: 300 total client(s). 5000 total requests TLS Protocol: TLSv1.2 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256 Server Temp Key: ECDH P-256 256 bits Application protocol: h2 progress: 10% done progress: 20% done progress: 30% done progress: 40% done progress: 50% done progress: 60% done progress: 70% done progress: 80% done progress: 90% done progress: 100% done finished in 3.30s, 1513.31 req/s, 40.44MB/s requests: 5000 total, 5000 started, 5000 done, 5000 succeeded, 0 failed, 0 errored, 0 timeout status codes: 5000 2xx, 0 3xx, 0 4xx, 0 5xx traffic: 133.61MB (140101965) total, 404.88KB (414601) headers (space savings 87.38%), 132.94MB (139400000) data min max mean sd +/- sd time for request: 180.42ms 3.10s 1.85s 839.88ms 56.42% time for connect: 126.24ms 1.78s 399.34ms 437.13ms 88.00% time to 1st byte: 325.57ms 3.25s 1.56s 793.29ms 61.33% req/s : 4.85 28.26 5.87 2.27 93.33%
wrk-cmm testing of query string cache inclusion for the index page with ?fbclid query string
wrk-cmm -t1 -c300 -d15s -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4255.0 Safari/537.36" --latency --breakout https://cache-enabler.centminmod.com/?fbclid Running 15s test @ https://cache-enabler.centminmod.com/?fbclid 1 threads and 300 connections Thread Stats Avg Stdev Max +/- Stdev Latency 93.21ms 58.89ms 625.70ms 85.31% Connect 173.79ms 81.42ms 347.52ms 68.33% TTFB 84.35ms 56.61ms 592.67ms 86.35% TTLB 8.36ms 15.56ms 282.17ms 92.53% Req/Sec 3.47k 1.23k 6.00k 72.39% Latency Distribution 50% 77.05ms 75% 100.73ms 90% 157.51ms 95% 219.20ms 99% 331.03ms 50304 requests in 15.01s, 1.34GB read Requests/sec: 3351.11 Transfer/sec: 91.74MB
Notes
- By default Cloudflare only caches static content files like images, css and js and doesn’t cache dynamically generated HTML files like WordPress blog pages unless you tell it specifically to do so via ‘Cache Everything’ page rules as outlined at Understand Cloudflare’s CDN. So the test is communicating directly with your origin Nginx server and is load testing Centmin Mod Nginx origin’s WordPress Cache Enabler caching at Nginx cache level out of the box. So response times are dependent and relative to the test server’s geographical location and your Centmin Mod Nginx server’s location i.e. Upcloud New York City locale. You can see an example of this in below screenshot using KeyCDN performance testing tool testing ?fbclid query string cache inclusion performance. If you configure Cloudflare CDN cache for dynamic HTML content, then you’ll have 2 caching layers – one at Cloudflare CDN edge server and one at Centmin Mod Nginx server level.
- The above wrk-cmm and h2load tests were run on same Upcloud server as WordPress install so the load testers are competing with Nginx resources as there’s only 1 cpu core on this KVM VPS server so latency and performance will be less than if you ran wrk-cmm and h2load on separate Upcloud KVM VPS server itself. But as you can see, the requests per second rate is much higher serving via Nginx level cache via Cache Enabler’s full HTML page cache than via PHP-FPM.
Using third party loader.io load testing service to move testing outside of the Upcloud KVM VPS server.
loader.io test configuration for 300 users
loader.io test results for 300 users with User Agent and gzip compression header requested shows an average of response time of 34 milliseconds over a 60 second test duration.
loader.io test configuration for 600 users
loader.io test results for 600 users with User Agent and gzip compression header requested shows an average of response time of 43 milliseconds over a 60 second test duration.
loader.io test configuration for 1000 users
loader.io test results for 1000 users with User Agent and gzip compression header requested shows an average of response time of 64 milliseconds over a 60 second test duration. With 1 timeout response recorded. Not bad for a 1 cpu, 1GB memory, 25GB disk US$5/month KVM VPS server based WordPress installation.
And with a bit of Nginx and PHP-FPM server side tuning of settings, at 5,000 constant user loader.io test. Though average latency response time isn’t ideal at 1170ms or 1.17 seconds. But not bad for a 1cpu, 1GB memory KVM VPS server at US$5/month.
Installing and running WPPerformanceTester plugin where the server performance numbers are highly influenced by server’s CPU model and clock speed. This Upcloud 1cpu core, 1GB ram server sports an AMD EPYC 7542 cpu @2.9Ghz base clocks.
The final result for Google Lighthouse via Google PageSpeed Insights online tool for WordPress 5.5.1 default site theme testing specifically the query string cache inclusion string for ?fbclid for both mobile and desktop respectively.
And for Webpagetest.org testing WordPress with query string cache inclusion for ?fbclid.
Notable Updates Since Initial Publication
Below are some updates and changes since initial publication of this blog post.
- Cache Enabler 1.5.1 release has some major changes under the hood option settings wise so Centmin Mod’s centmin.sh menu option 22 needed an update.
- Updated Centmin Mod WordPress install to force downgraded Cache Enabler 1.4.9 version due to various issues with Cache Enabler 1.5.1+ new cache routines. Details here.