WordPress Cache Enabler Advanced Full Page Caching Guide

This guide will show you step by step how to install WordPress with Cache Enabler plugin’s advanced full HTML page caching configuration which bypasses PHP completely allowing the WordPress full HTML page cached files to be served 100% at Nginx server cache level.

This WordPress guide will also show you how Centmin Mod’s Cache Enabler advanced caching can optionally enable specific query string cache inclusions for query string trackers like ?fbclid, ?gclid and ?utm_*. WordPress will be installed via Centmin Mod 123.09beta01’s centmin.sh menu option 22 WordPress Nginx vhost installer which allows Cache Enabler’s advanced cache mode selection and will be behind Cloudflare CDN proxy for performance and security.

  1. Upcloud.com KVM VPS Server Creation With CentOS 7
  2. Cloudflare Configuration Setup
  3. Centmin Mod 123.09beta01 Advance Installation On Upcloud.com KVM VPS Server
  4. Enabling Centmin Mod’s free Letsencrypt SSL certificate issuance via Cloudflare DNS API validation
  5. WordPress Installation with Cache Enabler advance cache mode setup
  6. Final WordPress & Cloudflare Completion Tasks
  7. Testing Cache Enabler Full HTML Page Cache
  8. Notable Updates Since Initial Publication

Upcloud.com KVM VPS Server Creation With CentOS 7

To create Upcloud.com KVM VPS server, sign up for an account via affiliate link here (signees also get US$25 credits to use as well).  Read the official Centmin Mod installation guide’s minimum and recommended memory and disk resource requirements. For the purpose of this guide, will create a 1 cpu, 1GB memory, 25GB disk US$5/month KVM VPS server in New York City datacenter location using CentOS 7 OS (CentOS 8 is currently not supported yet).

The chosen hostname for KVM VPS server is based on the official Getting Started Guide step 1 – main hostname setup guide. Where the main hostname is hostce.centminmod.com and the intended WordPress site domain name is cache-enabler.centminmod.com

Wordpress Cache Enabler Advanced Full Page Caching Guide

Wordpress Cache Enabler Advanced Full Page Caching Guide

Wordpress Cache Enabler Advanced Full Page Caching Guide

Wordpress Cache Enabler Advanced Full Page Caching Guide

Upcloud.com New York City data center is relatively new and is solely populated with newer AMD EPYC 7542 Rome based server processors.

lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: AuthenticAMD
CPU family: 23
Model: 49
Model name: AMD EPYC 7542 32-Core Processor
Stepping: 0
CPU MHz: 2894.560
BogoMIPS: 5789.12
Hypervisor vendor: KVM
Virtualization type: full
NUMA node0 CPU(s): 0
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm art rep_good nopl extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core retpoline_amd ssbd ibrs ibpb vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 arat umip spec_ctrl

Cloudflare Configuration Setup

Once, Upcloud KVM VPS server is created you will be assigned a public IP address. If you haven’t already done so, you need for your domain DNS to be on Cloudflare. You can follow Cloudflare’s Welcome setup wizard to guide you through the steps in adding your domain and DNS to Cloudflare at https://www.cloudflare.com/welcome-center. Note, you won’t be able to successfully pass the Cloudflare Healthcheck for your WordPress intended domain name until you complete the WordPress installation through the below outlined steps. You can skip the Cloudflare Welcome setup wizard if you already have your primary domain added to a Cloudflare account zone.

You will want to log into your Cloudflare account for the WordPress domain and create your desired DNS A record for the domain or subdomain i.e. cache-enabler.centminmod.com and also the hostname, hostce.centminmod.com. Example for cache-enabler.centminmod.com DNS A record (masked out for privacy here) – making sure that orange cloud Proxied is enabled for Cloudflare to CDN proxy your site.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Centmin Mod 123.09beta01 Advance Installation

The first step is installing Centmin Mod 123.09beta01 on Upcloud.com KVM VPS server – 1 cpu, 1GB, 25GB disk US$5/month VPS server in New York City data center location. The Centmin Mod Advance Installation method will be used. After the initial install, follow the official Getting Started Guide for the remaining steps to fully complete the setup. Throughout this guide, the centmin.sh menu options will be referred to. You can read how to run centmin.sh shell based menu here.

First set your desired notification email address in a variable, EMAIL. This is to be typed into your logged in SSH session as root user which will setup up the SSH session variable EMAIL which will be used later in this guide.

# set your email address you want to receive alerts and server emails
EMAIL=youremail@address.com

Then set up the persistent configuration file which allows you to override Centmin Mod’s centmin.sh menu script’s default settings without modifying centmin.sh itself. The commands below are to be typed into your logged in SSH session as root user which will create the /etc/centminmod directory and then create the empty /etc/centminmod/custom_config.inc persistent config file.

# create initial persistent config file to override centmin.sh defaults
# https://centminmod.com/upgrade.html#persistent
mkdir -p /etc/centminmod
touch /etc/centminmod/custom_config.inc

Next step is to populate the persistent configuration file with variables which enable advanced features in Centmin Mod LEMP stack. The echo commands below are to be typed into your logged in SSH session as root user and they populate the persistent config file at /etc/centminmod/custom_config.inc. Each advance enabled option has a comment linked to a Centmin Mod community forum thread/post explaining what the advance option does etc. You can choose which advance options if any or all to enable or skip the ones you don’t need. Note the last option listed for WPCLI_CE_QUERYSTRING_INCLUDED=’y’ is required to enable Cache Enabler’s optional query string cache inclusions.

# dynamically tune nginx ssl_session_cache in /usr/local/nginx/conf/ssl_include.conf based on system detected memory
# https://community.centminmod.com/posts/76615/
echo "NGINX_SSLCACHE_ALLOWOVERRIDE='y'" >> /etc/centminmod/custom_config.inc

# override Nginx default OCSP response cache refresh time 1h (3600 seconds) to 24hrs (86400 seconds)
# https://community.centminmod.com/threads/19515/
echo "NGINX_STAPLE_CACHE_OVERRIDE='y'" >> /etc/centminmod/custom_config.inc
echo "NGINX_STAPLE_CACHE_TTL='86400'" >> /etc/centminmod/custom_config.inc

# SET_DEFAULT_MYSQLCHARSET='utf8mb4' to override MariaDB MySQL 
# default characterset and collation from default utf8 to utf8mb4
# https://community.centminmod.com/threads/17949/
echo "SET_DEFAULT_MYSQLCHARSET='utf8mb4'" >> /etc/centminmod/custom_config.inc

# enable nginx backlog override https://community.centminmod.com/threads/17620/
echo "AUTOHARDTUNE_NGINXBACKLOG='y'" >> /etc/centminmod/custom_config.inc

# enable zstd compressed logrotation for nginx & php-fpm https://community.centminmod.com/threads/16374/
echo "ZSTD_LOGROTATE_NGINX='y'" >> /etc/centminmod/custom_config.inc
echo "ZSTD_LOGROTATE_PHPFPM='y'" >> /etc/centminmod/custom_config.inc

# enable letsencrypt ssl certificate + dual RSA+ECDSA ssl certs https://centminmod.com/acmetool/
echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
echo "DUALCERTS='y'" >> /etc/centminmod/custom_config.inc

# enable ECC 256bit ECDSA self-signed SSL certificate generation https://community.centminmod.com/posts/82177/
echo "SELFSIGNEDSSL_ECDSA='y'" >> /etc/centminmod/custom_config.inc

# enable nginx zero downtime on the fly nginx binary upgrades https://community.centminmod.com/threads/8000/
#echo "NGINX_ZERODT='y'" >> /etc/centminmod/custom_config.inc

# enable brotli compression https://community.centminmod.com/threads/10688/
echo "NGINX_LIBBROTLI='y'" >> /etc/centminmod/custom_config.inc
echo "NGXDYNAMIC_BROTLI='y'" >> /etc/centminmod/custom_config.inc

# boost PHP 7 performance by enabling Profile Guided Optimisation flag
# https://centminmod.com/perf/
# will dramatically increase PHP-FPM compile/install times but result in
# 5-20% faster PHP 7+ performance. PHP_PGO='y' only works with servers with
# 2+ or more cpu threads. However, you can force PHP PGO optimisations with
# 1 cpu thread servers via PHP_PGO_ALWAYS='y'
echo "PHP_PGO_ALWAYS='y'" >> /etc/centminmod/custom_config.inc
echo "PHP_PGO='y'" >> /etc/centminmod/custom_config.inc

# php compression extensions https://community.centminmod.com/posts/70777/
echo "PHP_BROTLI='y'" >> /etc/centminmod/custom_config.inc
echo "PHP_LZFOUR='y'" >> /etc/centminmod/custom_config.inc
echo "PHP_LZF='y'" >> /etc/centminmod/custom_config.inc
echo "PHP_ZSTD='y'" >> /etc/centminmod/custom_config.inc

# php file info
echo "PHPFINFO='y'" >> /etc/centminmod/custom_config.inc

# enable centmin.sh menu option 22 WordPress Cache Enabler Query String inclusions
# https://community.centminmod.com/posts/85927/
echo "WPCLI_CE_QUERYSTRING_INCLUDED='y'" >> /etc/centminmod/custom_config.inc

Once persistent config file /etc/centminmod/custom_config.inc is populated, it should look something like this. If you have second thoughts about enabling a specific advanced option, you can comment it out with a hash # in front of the variable before proceeding with the actual Centmin Mod installation in the next step.

NGINX_SSLCACHE_ALLOWOVERRIDE='y'
NGINX_STAPLE_CACHE_OVERRIDE='y'
NGINX_STAPLE_CACHE_TTL='86400'
SET_DEFAULT_MYSQLCHARSET='utf8mb4'
AUTOHARDTUNE_NGINXBACKLOG='y'
ZSTD_LOGROTATE_NGINX='y'
ZSTD_LOGROTATE_PHPFPM='y'
LETSENCRYPT_DETECT='y'
DUALCERTS='y'
SELFSIGNEDSSL_ECDSA='y'
NGINX_LIBBROTLI='y'
NGXDYNAMIC_BROTLI='y'
PHP_PGO_ALWAYS='y'
PHP_PGO='y'
PHP_BROTLI='y'
PHP_LZFOUR='y'
PHP_LZF='y'
PHP_ZSTD='y'
PHPFINFO='y'
WPCLI_CE_QUERYSTRING_INCLUDED='y'

Centmin Mod Installation

The actual Centmin Mod LEMP stack install command to run in your logged in SSH session as root user using latest betainstaller73.sh script so PHP (php-fpm) 7.3 latest version is default installed.

# install centmin mod latest beta with php-fpm 7.3 default
# https://community.centminmod.com/threads/centmin-mod-09-beta-branch-testing.4128/
yum -y update; curl -O https://centminmod.com/betainstaller73.sh && chmod 0700 betainstaller73.sh && bash betainstaller73.sh

Or you can use the latest betainstaller74.sh script so PHP (php-fpm) 7.4 latest version is default installed.

# install centmin mod latest beta with php-fpm 7.4 default
# https://community.centminmod.com/threads/centmin-mod-09-beta-branch-testing.4128/
yum -y update; curl -O https://centminmod.com/betainstaller74.sh && chmod 0700 betainstaller74.sh && bash betainstaller74.sh

For this guide, I will use PHP 7.4 default installer. Note, you can only run the installer once. If you want to later downgrade or upgrade PHP-FPM versions, you can do that via centmin.sh menu option 5 PHP upgrade/downgrade shell based menu option after the initial Centmin Mod installation.

At the end of Centmin Mod LEMP stack installation, the initial install times for various components are displayed including the total installation time. As Nginx and PHP-FPM are source compiled, time to install is dependent on the speed of your server – including cpu clock speed and number of cpu threads available. The higher the cpu clock speed and the more cpu threads available, the faster the installation. You can basically use the Centmin Mod LEMP stack installer as a benchmark to evaluate the performance of your server.

Usually, the times are a fairly accurate representation of the performance of your server for Centmin Mod LEMP purposes. Enabling PHP Profile Guided Optimizations (PGO) in this advance guide will also further increase the duration for PHP-FPM compilation by approximately 2x. But PHP PGO will give up between 5-20% faster PHP performance. So you can weigh up the added PHP-FPM compile time versus resulting PHP-FPM performance you gain. Without PHP PGO, the PHP install time below of 1106 seconds would have been halved to around 450-500 seconds.

This Centmin Mod install took ~2206 seconds or just under 37 minutes on 1 cpu core VPS. If you had chosen 2 cpu core, it would be ~25-45% faster and 4 cpu core would be 30-60% faster.

---------------------------------------------------------------------------
Total Curl Installer YUM or DNF Time: 102.2205 seconds
Total YUM Time: 9.969806311 seconds
Total YUM or DNF + Source Download Time: 36.2631
Total Nginx First Time Install Time: 502.3685
Total PHP First Time Install Time: 1106.8022
Download From Github Time: 0.8572
Total Time Other eg. source compiles: 458.2096
Total Centmin Mod Install Time: 2103.6433
---------------------------------------------------------------------------
Total Install Time (curl yum + cm install + zip download): 2206.7210 seconds
---------------------------------------------------------------------------
1 AMD EPYC 7542 32-Core Processor
1 2894.560
---------------------------------------------------------------------------

Nginx latest mainline version installed where the version build tag of 050920-055953-centos7-kvm-19b44b9-br-25f86f0 refers to the following: day/month/year-seconds-centos7-virtualization type-Centmin Mod git commit tag at time of install-brotli-brotli-git-tag at time of install.

nginx -V
nginx version: nginx/1.19.2 (050920-055953-centos7-kvm-19b44b9-br-25f86f0)
built by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: –with-ld-opt=’-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib -flto=1 -fuse-ld=gold’ –with-cc-opt=’-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=x86-64 -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto=1 -fuse-ld=gold –param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-error=pointer-sign -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations’ –sbin-path=/usr/local/sbin/nginx –conf-path=/usr/local/nginx/conf/nginx.conf –build=050920-055953-centos7-kvm-19b44b9-br-25f86f0 –with-compat –with-http_stub_status_module –with-http_secure_link_module –with-libatomic –with-http_gzip_static_module –add-dynamic-module=../ngx_brotli –with-http_sub_module –with-http_addition_module –with-http_image_filter_module=dynamic –with-http_geoip_module –with-stream_geoip_module –with-stream_realip_module –with-stream_ssl_preread_module –with-threads –with-stream –with-stream_ssl_module –with-http_realip_module –add-dynamic-module=../ngx-fancyindex-0.4.2 –add-module=../ngx_cache_purge-2.5.1 –add-dynamic-module=../ngx_devel_kit-0.3.0 –add-dynamic-module=../set-misc-nginx-module-0.32 –add-dynamic-module=../echo-nginx-module-0.62 –add-module=../redis2-nginx-module-0.15 –add-module=../ngx_http_redis-0.3.7 –add-module=../memc-nginx-module-0.19 –add-module=../srcache-nginx-module-0.32 –add-dynamic-module=../headers-more-nginx-module-0.33 –with-pcre-jit –with-zlib=../zlib-cloudflare-1.3.0 –with-http_ssl_module –with-http_v2_module –with-openssl=../openssl-1.1.1g

PHP-FPM 7.4 latest installed

php -v
PHP 7.4.10 (cli) (built: Sep 5 2020 06:23:22) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.10, Copyright (c), by Zend Technologies

MariaDB MySQL 10.3 latest installed

mysqladmin ver
mysqladmin Ver 9.1 Distrib 10.3.24-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Server version 10.3.24-MariaDB
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/lib/mysql/mysql.sock
Uptime: 5 min 52 sec

Threads: 4 Questions: 1 Slow queries: 0 Opens: 17 Flush tables: 1 Open tables: 11 Queries per second avg: 0.002

and PHP extensions loaded

php -m
[PHP Modules]
bcmath
brotli
bz2
calendar
Core
ctype
curl
date
dom
enchant
exif
FFI
fileinfo
filter
ftp
gd
geoip
gettext
gmp
hash
iconv
igbinary
imagick
imap
intl
json
ldap
libxml
lz4
lzf
mailparse
mbstring
mcrypt
memcache
memcached
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
pspell
readline
redis
Reflection
session
shmop
SimpleXML
snmp
soap
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tidy
timezonedb
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib
zstd

[Zend Modules]
Zend OPcache

Running cminfo command, can also give you an overview of the Centmin Mod installation.

cminfo
------------------------------------------------------------------
Centmin Mod Quick Info:
------------------------------------------------------------------
Server Location Info

ip: xxx.xxx.xxx.xxx
city: New York City
region: New York
country: US
timezone: America/New_York

Processors physical = 1, cores = 1, virtual = 1, hyperthreading = no

1 2894.560
1 AMD EPYC 7542 32-Core Processor
1 512 KB

System Up Since: 2020-09-05 04:44:41
System Uptime: up 2 hours, 10 minutes
MySQL Server Started 2020-09-05 06:29:44
MySQL Uptime: 25 min 19 sec 
MySQL Uptime (secs): 1519
Server Type: kvm
CentOS Version: 7.8
Centmin Mod: 123.09beta01.b582
Nginx PageSpeed: OFF
Nginx Version: 1.19.2 (050920-055953-centos7-kvm-19b44b9-br-25f86f0)
PHP-FPM Version: 7.4.10
MariaDB Version: 10.3.24
CSF Firewall: v14.04
Memcached Server: 1.6.5
NSD Version: - 
Siege Version: 4.0.4
Maldet Version: not installed
ClamAV Version: not installed
ElasticSearch: not installed

------------------------------------------------------------------
Site Nginx Vhost Accounts:
------------------------------------------------------------------

* demodomain.com: /home/nginx/domains/demodomain.com
├── backup
├── log
├── private
└── public
------------------------------------------------------------------
Site Nginx Vhost Config Files:
------------------------------------------------------------------
* /usr/local/nginx/conf/conf.d/demodomain.com.conf
* /usr/local/nginx/conf/conf.d/virtual.conf

------------------------------------------------------------------
MySQL Databases:
------------------------------------------------------------------
* mysql [idx: 0.17 MB data: 0.55 MB]
* pgo_train [idx: 0.00 MB data: 0.11 MB]

Then you can pre-create Nginx HTTPS site’s dhparam file beforehand to speed up subsequent Nginx vhost creation routines. On slow systems, this command will take a few minutes to complete.

openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048

Then optional extra features you can choose to enable after Centmin Mod LEMP stack has been installed for Auditd.

# install and configure auditd https://community.centminmod.com/posts/37680/
echo "AUDITD_ENABLE='y'" >> /etc/centminmod/custom_config.inc
/usr/local/src/centminmod/tools/auditd.sh setup

Then setup disk space usage alerts making use of EMAIL variable you set up as an SSH session variable you populated at the start of this guide.

# setup email alerts for diskalert cronjob /etc/cron.daily/diskalert
# https://community.centminmod.com/posts/59973/
sed -i "s|EMAIL=.*|EMAIL='$EMAIL'|" /etc/cron.daily/diskalert

Lastly, if you intend to use Cloudflare in front of your Centmin Mod LEMP stack’s Nginx server, you can setup csfcf.sh cronjob to automatically manage Cloudflare’s IPs in CSF Firewall and Nginx real IP address detection. Latest 123.09beta01 should already have the csfcf.sh cronjob installed.

You can check via crontab -l command

crontab -l
13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1

If csfcf.sh doesn’t show up, you can create it manually via the following commands run in SSH session as root user.

# cloudflare cronjob
# https://community.centminmod.com/threads/6241/
crontab -l > cronjoblist
sed -i '/csfcf.sh/d' cronjoblist
echo "22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1" >> cronjoblist
crontab cronjoblist

Enabling Centmin Mod’s free Letsencrypt SSL certificate issuance via Cloudflare DNS API validation

Centmin Mod 123.09beta01 has integrated support for free Letsencrypt SSL certificates via addons/acmetool.sh addon which uses Neil Pang’s acme.sh shell bash based client as the underlying Letsencrypt client for obtaining Letsencrypt SSL certificates. The integration is enabled when you set LETSENCRYPT_DETECT=’y’ is set in your persistent config file /etc/centminmod/custom_config.inc as we did in above Centmin Mod advance install steps in populating the persistent config file. The default method of domain validation is via webroot authentication for a generated file at yourdomain.com/.well-known. However, as of September 6th, 2020 addons/acmetool.sh addon has added support for Cloudflare DNS domain validation as well via Cloudflare DNS API support in the underlying acme.sh client.

As the intended WordPress site will be using Cloudflare for DNS and CDN proxy, we will leverage the newly added Cloudflare DNS API  support for our free Letsencrypt SSL certificate issuance as well. Cloudflare SSL will be configured to switch from Flexible SSL to Full (non-strict) SSL mode so that the connection between Cloudflare edge servers and Centmin Mod’s origin Nginx server is done over an encryption connection. For the encrypted connection to occur under Cloudflare Full (non-strict) SSL mode, Centmin Mod’s Nginx based WordPress site needs to have it’s own SSL certificate and HTTPS configuration. Once set up, Cloudflare edge servers will connect with Centmin Mod’s origin Nginx server over an encrypted HTTPS TLSv1.3 connection as Centmin Mod Nginx uses OpenSSL 1.1.1 with TLSv1.3 protocol support.

To setup Cloudflare DNS API support for Centmin Mod Letsencrypt SSL certificate issuance, you’ll need to log into your Cloudflare account and create your Cloudflare API Token at https://dash.cloudflare.com/profile/api-tokens. Cloudflare API Tokens require

  1. Create your Cloudflare Token API with permissions for read access to Zone.Zone, and edit/write access to Zone.DNS, across all Zones.
  2. Grab your Cloudflare Account ID from any of your Cloudflare domain’s main dashboard’s right side column listing

Wordpress Cache Enabler Advanced Full Page Caching Guide

You can set up the following variables in the persistent config file at /etc/centminmod/custom_config.inc that you previously created. Replacing YOUR_CF_TOKEN with your API token you created and replacing YOUR_CF_ACCOUNT_ID with your Cloudflare Account ID.

CF_DNSAPI_GLOBAL='y'
CF_Token="YOUR_CF_TOKEN"
CF_Account_ID="YOUR_CF_ACCOUNT_ID"

The persistent config file will now look something like below:

CF_DNSAPI_GLOBAL='y'
CF_Token="YOUR_CF_TOKEN"
CF_Account_ID="YOUR_CF_ACCOUNT_ID"
NGINX_SSLCACHE_ALLOWOVERRIDE='y'
NGINX_STAPLE_CACHE_OVERRIDE='y'
NGINX_STAPLE_CACHE_TTL='86400'
SET_DEFAULT_MYSQLCHARSET='utf8mb4'
AUTOHARDTUNE_NGINXBACKLOG='y'
ZSTD_LOGROTATE_NGINX='y'
ZSTD_LOGROTATE_PHPFPM='y'
LETSENCRYPT_DETECT='y'
DUALCERTS='y'
SELFSIGNEDSSL_ECDSA='y'
NGINX_LIBBROTLI='y'
NGXDYNAMIC_BROTLI='y'
PHP_PGO_ALWAYS='y'
PHP_PGO='y'
PHP_BROTLI='y'
PHP_LZFOUR='y'
PHP_LZF='y'
PHP_ZSTD='y'
PHPFINFO='y'
WPCLI_CE_QUERYSTRING_INCLUDED='y'
MARCH_TARGETNATIVE='n'
AUDITD_ENABLE='y'

Once you have populated persistent config file at /etc/centminmod/custom_config.inc, you can verify if your Cloudflare API Token is working by installing addons/acmetool.sh which will install the underlying acme.sh client and running check_cfapi option to verify the CF API Token. This step is optional, as addons/acmetool.sh is automatically installed the first time you run an Nginx vhost creation routine via centmin.sh menu option 2, 22 or nv command line when LETSENCRYPT_DETECT=’y’ is set in your persistent config file /etc/centminmod/custom_config.inc.

echo y | /usr/local/src/centminmod/addons/acmetool.sh acmeinstall
echo y | /usr/local/src/centminmod/addons/acmetool.sh check_cfapi

acmeinstall

echo y | /usr/local/src/centminmod/addons/acmetool.sh acmeinstall
-----------------------------------------------------
check acme auto renew cronjob setup: 
-----------------------------------------------------
32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
-----------------------------------------------------
acme.sh installed
-----------------------------------------------------

check_cfapi option only verifies that CF API Token works but not necessarily verifies if it works with CF DNS API itself as that is permission dependent.

echo y | /usr/local/src/centminmod/addons/acmetool.sh check_cfapi

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------

Verifying working Cloudflare DNS API Credentials
CF API Tokens detected
Ok: CF API Token works

WordPress Installation with Cache Enabler advance cache mode setup

The final step is the actual WordPress installation with Cache Enabler done using centmin.sh menu option 22 where at WordPress caching selection, you will select Cache Enabler for automatic advance cache mode configuration.

Below I will run centmin.sh menu option 22 to auto install WordPress and create Nginx vhost site for subdomain = cache-enabler.centminmod.com. I have checked that I have set up Cloudflare DNS A record for the subdomain to point to Upcloud.com server’s allocated public IP address. Checking dig DNS A record for subdomain will show Cloudflare CDN proxy’s public IP addresses as intended as Cloudflare CDN proxy hides your real server IP address.

dig +short A cache-enabler.centminmod.com 
104.18.11.170
104.18.10.170
curl -s https://ipinfo.io/104.18.11.170
{
"ip": "104.18.11.170",
"city": "Atlantic City",
"region": "New Jersey",
"country": "US",
"loc": "39.3642,-74.4231",
"org": "AS13335 Cloudflare, Inc.",
"postal": "08404",
"timezone": "America/New_York",
"readme": "https://ipinfo.io/missingauth"
}

To run centmin.sh shell based menu on subsequent SSH logs other than initial Centmin Mod install login, you can run command = centmin. If you’re still in initial Centmin Mod install SSH login, you can run:

cd /usr/local/src/centminmod
./centmin.sh

Then on centmin.sh menu select and type menu option 22 to start Nginx WordPress auto installer routine which will have a wizard prompt style question where you answer a few questions and the installer will create an Nginx vhost for your site and auto install WordPress and configure it for your desired WordPress caching method.

--------------------------------------------------------
Centmin Mod Menu 123.09beta01 centminmod.com 
--------------------------------------------------------
1). Centmin Install
2). Add Nginx vhost domain
3). NSD setup domain name DNS
4). Nginx Upgrade / Downgrade
5). PHP Upgrade / Downgrade
6). XCache Re-install
7). APC Cache Re-install
8). XCache Install
9). APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Data Transfer (TBA)
22). Add WordPress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 22
--------------------------------------------------------

The first time it will install WP-CLI command line too which is used to install and configure WordPress. On subsequent centmin.sh menu option 22 runs, it will auto update WP-CLI to the latest version before proceeding.

------------------------------------------------------------
Installing wpcli.sh
------------------------------------------------------------
installing...

Error: /usr/bin/wp not found !!! Downloading now......
2020-09-06 00:19:26 URL:https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar [5568133/5568133] -> "/usr/bin/wp" [1]
Download done.

Error: /root/wpcli/wp-completion.bash not found !!! Downloading now......
2020-09-06 00:19:26 URL:https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash [495/495] -> "/root/wpcli/wp-completion.bash" [1]
Download done.

-------------------------------------------------------------
wp-cli info
OS:     Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64
Shell:  /bin/bash
PHP binary:     /usr/local/bin/php
PHP version:    7.4.10
php.ini used:   /usr/local/lib/php.ini
WP-CLI root dir:        phar://wp-cli.phar/vendor/wp-cli/wp-cli
WP-CLI vendor dir:      phar://wp-cli.phar/vendor
WP_CLI phar path:       /usr/local/src/centminmod/addons
WP-CLI packages dir:    /root/.wp-cli/packages/
WP-CLI global config:
WP-CLI project config:
WP-CLI version: 2.4.0
-------------------------------------------------------------

-------------------------------------------------------------
wp-cli install completed
Read http://wp-cli.org/ for full usage info

-------------------------------------------------------------
Please log out of SSH session and log back in
You can then call wp-cli via command: wp
i.e. wp --info --allow-root
-------------------------------------------------------------

Then the actual Nginx vhost creation process starts with an information message related to additional Centmin Mod WordPress security features which may cause 403 permission denied errors as you may need to whitelist WordPress plugins.

-------------------------------------------------------------
Setup full Nginx vhost + WordPress + WP Plugins
-------------------------------------------------------------

---------------------------------------------------------------
Important Information
---------------------------------------------------------------

You are about to create an WordPress based Nginx vhost site with
or without HTTPS/SSL support.
Also read the continually updated Getting Started Guide
at centminmod.com/getstarted.html if you haven't already
---------------------------------------------------------------
403 Permission denied message handling
if after vhost site setup you encounter 403 permission denied errors,
check https://community.centminmod.com/threads/11215/ to see if your
site needs tools/autoprotect.sh tweaking & whitelisting
---------------------------------------------------------------

Next, it will prompt you if you want to proceed with Nginx vhost site creation and ask you for desired WordPress Nginx site domain or subdomain name. Leave off www and only enter the domain as www. will be auto added. If you have Letsencrypt mode enabled, it will also prompt you for Letsencrypt SSL certificate issuance type where you can choose between HTTP + HTTPS or HTTPS default only and choose from staging untrusted Letsencrypt SSL certificates or browser trusted Letsencrypt SSL certificates. Here we choose option 4 for HTTPS default only live browser trusted Letsencrypt SSL certificate issuance for Nginx vhost domain = cache-enabler.centminmod.com. Option 4 will automatically configure the non-HTTPS to HTTPS default redirects at Nginx server level.

Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name you want to add (without www. prefix): cache-enabler.centminmod.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: y
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

You have 4 options: 
1. issue staging test cert with HTTP + HTTPS (untrusted)
2. issue staging test cert with HTTPS default (untrusted)
3. issue live cert with HTTP + HTTPS (trusted)
4. issue live cert with HTTPS default (trusted)
Enter option number 1-4: 4

Next are some WordPress site setup questions which you answer to configure your desired WordPress install.  If you operate a member log in based WordPress site, make sure to disable wp-login.php password protection when prompted to do so. The entered email address will be your WordPress site administrator’s login email address.

Theme Setup: 
Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]: n

Wordpress Setup:

Not a fan of Gutenberg Editor ? You can switch to Classic Editor
If you run into Gutenberg Editor issues, you can later switch to
the Classic Editor https://wordpress.org/plugins/classic-editor/
Install Classic Editor WordPress Plugin ? [y/n]: y

Autoptimize WP Plugin is installed by default. Do you want to install
companion Autoptimize Gzip Plugin to precompresses js/css optimized files
details at https://community.centminmod.com/threads/15314/
Install Autoptimize Gzip Companion WordPress Plugin ? [y/n]: y

Google Native LazyLoad Plugin https://wordpress.org/plugins/native-lazyload/
Install Google Native LazyLoad Plugin ? [y/n]: y

Set custom WP Admin Display Name ? [y/n]: y
Enter Custom WP Admin Display Name: George
Install WordPress in subdirectory /blog ? [y/n]: n
Disable Auto Generated WP Admin Username / Password ? [y/n]: n
Disable wp-login.php password protection ? (less security) [y/n]: y
Enter email address for Admin User for WordPress Installation: youremail@yourdomain.com

Next up is prompt to select the method of WordPress caching Centmin Mod will automatically configure for your WordPress site. There are three methods to choose from my default with a fourth option for PHP-FPM fastcgi_cache in development. The three methods are KeyCDN’s Cache Enabler, Redis Nginx level caching and WordPress Super Cache. All three methods do guest full HTML page caching where Cache Enabler and Redis Nginx level caching are only ones to completely bypass PHP-FPM to serve caching via Nginx. You can read up more about them here in official Centmin Mod community forum sticky thread titled: Differences between WordPress regular install vs centmin.sh menu option 22 install

For this guide, we are choosing KeyCDN Cache Enabler option 1 which is configured with advanced caching at Nginx level bypassing PHP-FPM completely.

Default is to install KeyCDN WP Cache Enabler Plugin
as it's more stable and reliable than WP Super Cache.
Redis cache may have issues with caching due to long 6hr cache TTL
You can select which caching method to use below:

--------------------------------------------------------
Wordpress Caching 
--------------------------------------------------------
1) KeyCDN Cache Enabler
2) Redis Nginx Level Caching
3) WordPress Super Cache
--------------------------------------------------------
Enter option [ 1 - 3 ] 1

you selected option 1 (KeyCDN Cache Enabler) [wpscache=n]

Next is prompt for your Pure-FTP virtual FTP username and auto generated FTP password

Create FTP username for vhost domain (enter username): YOUR_FTPUSERNAME
Do you want to auto generate FTP password (recommended) [y/n]: y

FTP username you entered: YOUR_FTPUSERNAME
FTP password auto generated: YOUR_FTPPASSWORD

Password: 
Enter it again:

Next centmin.sh menu routine will create your Cache Enabler included map file /usr/local/nginx/conf/wpcacheenabler_map.conf which is inserted into /usr/local/nginx/conf/nginx.conf and is responsible for controlling whether mobile/tablet devices are cached or not and which advanced query string cache inclusions are included in Cache Enabler’s cache detection logic. The Cloudflare Authenticated Origin Pull certificate is also automatically downloaded to /usr/local/nginx/conf/ssl/cloudflare/cache-enabler.centminmod.com/origin.crt path but not enabled by default and finally, self-signed SSL certificate is generated which is a fallback SSL certificate if Letsencrypt SSL certificate issuance and domain validation fails.

include file /usr/local/nginx/conf/wpcacheenabler_map.conf add to nginx.conf
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------

--2020-09-06 00:21:13-- https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem
Resolving support.cloudflare.com... 104.18.7.251, 104.18.6.251
Connecting to support.cloudflare.com|104.18.7.251|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/plain]
Saving to: ‘/usr/local/nginx/conf/ssl/cloudflare/cache-enabler.centminmod.com/origin.crt’

0K .. 24.7M=0s

2020-09-06 00:21:14 (24.7 MB/s) - ‘/usr/local/nginx/conf/ssl/cloudflare/cache-enabler.centminmod.com/origin.crt’ saved [2155]

---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keep both private key and CSR safe
creating CSR File: cache-enabler.centminmod.com.csr
creating private key: cache-enabler.centminmod.com.key
creating self-signed SSL certificate: cache-enabler.centminmod.com.crt
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=cache-enabler.centminmod.com/OU=cache-enabler.centminmod.com/CN=cache-enabler.centminmod.com
Getting Private key
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:50:3f:45:85:40:52:e0
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=California, L=Los Angeles, O=cache-enabler.centminmod.com, OU=cache-enabler.centminmod.com, CN=cache-enabler.centminmod.com
Validity
Not Before: Sep 6 00:21:23 2020 GMT
Not After : Aug 13 00:21:23 2120 GMT
Subject: C=US, ST=California, L=Los Angeles, O=cache-enabler.centminmod.com, OU=cache-enabler.centminmod.com, CN=cache-enabler.centminmod.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:3b:f4:35:92:b1:4c:c5:9e:a6:d5:de:57:af:2b:
cd:2e:5d:70:85:20:41:a0:9d:ba:7f:cd:ad:11:99:
3a:87:09:1a:f4:6b:46:3e:cc:16:c4:c9:32:bf:55:
0f:cb:d0:81:f7:34:08:0b:f7:ef:46:86:50:5e:79:
c5:08:85:e4:59
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
DirName:/C=US/ST=California/L=Los Angeles/O=cache-enabler.centminmod.com/OU=cache-enabler.centminmod.com/CN=cache-enabler.centminmod.com
serial:F1:50:3F:45:85:40:52:E0

X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
DNS:cache-enabler.centminmod.com, DNS:www.cache-enabler.centminmod.com
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:e9:44:95:8f:de:99:74:17:63:1a:7b:09:b1:
07:75:ce:e0:e1:d2:38:7a:f9:c5:0e:eb:05:76:aa:11:51:2a:
ff:02:21:00:95:0e:42:de:06:bc:b8:ba:19:a7:34:70:6c:85:
2f:fc:0b:12:54:61:14:c8:7b:a6:6d:dd:cd:6f:3c:fb:b8:a8

---------------------------------------------------------------

Next is prompt to whether you want Cache Enabler to include or exclude mobile and tablet devices from caching. Some WordPress mobile theme plugins may not be fully responsive in design so may have issues with caching. For this example, will exclude mobile/tablet devices from caching.

------------------------------------------------------------
Setup WordPress + Cache Enabler for cache-enabler.centminmod.com
------------------------------------------------------------

Using full static page caching may cause problems for mobile & tablet device
visitors depending on your WP themes used so you may want to exclude those

Do you want to exclude mobile/tablet devices from full page caching ? [y/n]: y

If in future you want to include mobile/tablet devices in Cache Enabler’s caching, you can edit the generated include file at /usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpcacheenabler_cache-enabler.centminmod.com.conf  and modifying the following

from

# exclude mobile devices from redis caching
if ($cmwpcache_device = mobile) { set $cache_uri 'nullcache'; }

to below with hash # in front of the 2nd line to disable cache exclusion

# exclude mobile devices from redis caching
#if ($cmwpcache_device = mobile) { set $cache_uri 'nullcache'; }

Next is the actual WordPress core site install routine done via WP-CLI command line tool including the cronjob auto configuration and display of cronjobs at time of WordPress install.

Downloading WordPress 5.5.1 (en_US)...
md5 hash verified: 72c6f56b4818ffd0e6e6a4ed8f3e8d4e
Success: WordPress downloaded.
Success: Generated 'wp-config.php' file.
13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
0 0 * * 5 /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update >/dev/null 2>&1
#*/15 * * * * sleep 324s ; wget -4 -O - -q -t 1 http://cache-enabler.centminmod.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
Success: WordPress installed successfully.
Success: Updated user 39xxx6.
Success: Rewrite structure set.
Success: Rewrite rules flushed.
------------------------------------------------------------

Next is WP-CLI tool install, activation and configuration of a select few WordPress plugins for Native LazyLoad and Classic Editor you chose at early prompted questions

Installing Native Lazyload (1.0.2)
Downloading installation package from https://downloads.wordpress.org/plugin/native-lazyload.1.0.2.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'native-lazyload'...
Plugin 'native-lazyload' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
------------------------------------------------------------
Installing Classic Editor (1.6)
Downloading installation package from https://downloads.wordpress.org/plugin/classic-editor.1.6.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'classic-editor'...
Plugin 'classic-editor' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------

Next is actual Cache Enabler install and auto configuration – including setting up advanced cache inclusion for select query strings via a regular expression /^fbclid|ref|mc_(cid|eid)|utm_(source|medium|campaign|term|content|expid)|gclid|fb_(action_ids|action_types|source)|age-verified|ao_noptimize|usqp|cn-reloaded|_ga|_ke$/ which was enabled via WPCLI_CE_QUERYSTRING_INCLUDED=’y’  variable in persistent config file we did earlier.

Installing Cache Enabler – WordPress Cache (1.4.8)
Downloading installation package from https://downloads.wordpress.org/plugin/cache-enabler.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'cache-enabler'...
Plugin 'cache-enabler' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
configure cache-enabler
Success: Updated 'cache-enabler' option.
Success: Updated 'cache-enabler' option.
"\/^fbclid|ref|mc_(cid|eid)|utm_(source|medium|campaign|term|content|expid)|gclid|fb_(action_ids|action_types|source)|age-verified|ao_noptimize|usqp|cn-reloaded|_ga|_ke$\/"
{"expires":6,"clear_on_upgrade":1,"new_post":1,"new_comment":1,"update_product_stock":0,"webp":0,"compress":1,"excl_ids":"","excl_paths":"","excl_cookies":"","incl_parameters":"\/^fbclid|ref|mc_(cid|eid)|utm_(source|medium|campaign|term|content|expid)|gclid|fb_(action_ids|action_types|source)|age-verified|ao_noptimize|usqp|cn-reloaded|_ga|_ke$\/","minify_html":0}

Next is to install Autoptimize and Autoptimize Gzip companion plugin. The companion plugin enables Autoptimize’s pre-compress gzip and brotli features to pre-compress Autoptimize optimised CSS/JSS generated files.

Installing Autoptimize (2.7.7)
Downloading installation package from https://downloads.wordpress.org/plugin/autoptimize.2.7.7.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'autoptimize'...
Plugin 'autoptimize' activated.
Success: Installed 1 of 1 plugins.
option_name option_value
autoptimize_ccss_version AO_2.7.7
autoptimize_service_availablity a:2:{s:12:"extra_imgopt";a:3:{s:6:"status";s:2:"up";s:5:"hosts";a:1:{i:1;s:26:"https://cdn.shortpixel.ai/";}s:16:"launch-threshold";s:4:"4096";}s:7:"critcss";a:2:{s:6:"status";s:2:"up";s:5:"hosts";a:1:{i:1;s:24:"https://criticalcss.com/";}}}
autoptimize_version 2.7.7

configure autoptimize-gzip https://community.centminmod.com/threads/15314/
2020-09-06 00:21:42 URL:https://raw.githubusercontent.com/centminmod/autoptimize-gzip/master/autoptimize-gzip.php [573/573] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/autoptimize-gzip.php" [1]
2020-09-06 00:21:43 URL:https://raw.githubusercontent.com/centminmod/autoptimize-gzip/master/index.html [192/192] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/index.html" [1]
2020-09-06 00:21:43 URL:https://github.com/centminmod/autoptimize-gzip/blob/master/readme.md [100610] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/readme.md" [1]
2020-09-06 00:21:43 URL:https://raw.githubusercontent.com/centminmod/autoptimize-gzip/master/LICENSE [18026/18026] -> "/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/plugins/autoptimize-gzip/LICENSE" [1]
Plugin 'autoptimize-gzip' activated.
Success: Activated 1 of 1 plugins.
Plugin autoptimize-gzip details:
Name: Autoptimize Gzip
Status: Active
Version: 0.1
Author: George Liu
Description: Hook into Frank Goossens (futtta) Autoptimize API to pre-compress CSS/JS files

Next is install of Sucuri Security plugin, Disable XML-RPC and CDN Enabler plugins

Installing Sucuri Security – Auditing, Malware Scanner and Security Hardening (1.8.24)
Downloading installation package from https://downloads.wordpress.org/plugin/sucuri-scanner.1.8.24.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'sucuri-scanner'...
Plugin 'sucuri-scanner' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
Installing Disable XML-RPC (1.0.1)
Downloading installation package from https://downloads.wordpress.org/plugin/disable-xml-rpc.1.0.1.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'disable-xml-rpc'...
Plugin 'disable-xml-rpc' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
Installing CDN Enabler – WordPress CDN Plugin (1.0.9)
Downloading installation package from https://downloads.wordpress.org/plugin/cdn-enabler.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'cdn-enabler'...
Plugin 'cdn-enabler' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
Uninstalled and deleted 'hello' plugin.
Success: Uninstalled 1 of 1 plugins.
Success: Plugin already updated.

Next a final summary listing of all WordPress plugins

10 installed plugins:
I akismet 4.1.6
A autoptimize 2.7.7
A autoptimize-gzip 0.1
A cache-enabler 1.4.8
A cdn-enabler 1.0.9
A classic-editor 1.6
A disable-xml-rpc 1.0.1
A native-lazyload 1.0.2
A sucuri-scanner 1.8.24
D advanced-cache.php

Legend: I = Inactive, A = Active, D = Drop-In
------------------------------------------------------------
System Cache Expiry Cronjob

Next final system cronjob listing which adds one for purging Cache Enabler’s advance Nginx level cache files every 24hrs at 11:16PM. You can adjust the cronjob interval to shorten or lengthen the cache TTL times. This cronjob is needed as Cache Enabler’s admin settings cache TTL will only work with PHP based cache defaults. While Centmin Mod’s Cache Enabler uses advance Nginx level caching instead and needs this cronjob to control cache TTL times.

13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
0 0 * * 5 /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update >/dev/null 2>&1
#*/15 * * * * sleep 324s ; wget -4 -O - -q -t 1 http://cache-enabler.centminmod.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
16 23 * * * echo "cache-enabler.centminmod.com cacheenabler cron"; sleep 249s ; rm -rf /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/* > /dev/null 2>&1

Next are WordPress site uninstall and auto updater script generation

------------------------------------------------------------
Created uninstall script
/root/tools/wp_uninstall_cache-enabler.centminmod.com.sh
------------------------------------------------------------
------------------------------------------------------------
Created wp_updater_cache-enabler.centminmod.com.sh script
/root/tools/wp_updater_cache-enabler.centminmod.com.sh
------------------------------------------------------------

by default generated WordPress auto updater script at /root/tools/wp_updater_cache-enabler.centminmod.com.sh only does WordPress minor core updates and plugin updates unless you uncomment these 3 lines for /usr/bin/wp

# for major core updates uncomment 3 lines directly below
#/usr/bin/wp core update --allow-root
#/usr/bin/wp core update-db --allow-root
#/usr/bin/wp core update --allow-root

and the respective cronjobs for auto updating WordPress plugins and minor WordPress versions every 8hrs

13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
22 */12 * * * /usr/local/src/centminmod/tools/csfcf.sh auto >/dev/null 2>&1
32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
0 0 * * 5 /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update >/dev/null 2>&1
#*/15 * * * * sleep 324s ; wget -4 -O - -q -t 1 http://cache-enabler.centminmod.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
16 23 * * * echo "cache-enabler.centminmod.com cacheenabler cron"; sleep 249s ; rm -rf /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/* > /dev/null 2>&1
0 */8 * * * sleep 136s ;/root/tools/wp_updater_cache-enabler.centminmod.com.sh >/dev/null 2>&1

Next Centmin Mod’s autoprotect.sh generated include files are generated. The autoprotect.sh script automatically scans your Nginx vhost public webroot directories for .htaccess files of the ‘deny all’ variety and auto generates an equivalent Nginx rewrite rule to attempt to alert you and protect your WordPress and Nginx directories as Nginx doesn’t support Apache .htaccess. So if a web developer’s web app/script uses .htaccess to protect private directories intended for Apache, they would be fully exposed on Nginx server! You can read more about autoprotect.sh and how to customise and disable it here.

generated nginx include file [initial]: /usr/local/nginx/conf/autoprotect/cache-enabler.centminmod.com/autoprotect-cache-enabler.centminmod.com.conf
generated nginx include file [same]: /usr/local/nginx/conf/autoprotect/demodomain.com/autoprotect-demodomain.com.conf

autoprotect.sh run completed skipped nginx reload...

After Nginx vhost and WordPress have been installed, it’s time for centmin.sh menu option 22 process to obtain the free Letsencrypt SSL certificate via Cloudflare DNS API using addons/acmetool.sh and the underlying acme.sh client. As addons/acmetool.sh is beta right now there’s an additional prompt to answer yes for to continue.

-------------------------------------------------------------
ok: /usr/local/src/centminmod/addons/acmetool.sh
/usr/local/src/centminmod/addons/acmetool.sh issue cache-enabler.centminmod.com wplived

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------

continue [y/n] ? y

Next the underlying acme.sh client will always be auto updated to the latest version before being called.

-----------------------------------------------------
updating acme.sh client...
-----------------------------------------------------
Cloning into 'acme.sh'...
[Sun Sep 6 00:22:04 UTC 2020] It is recommended to install socat first.
[Sun Sep 6 00:22:04 UTC 2020] We use socat for standalone server if you use standalone mode.
[Sun Sep 6 00:22:04 UTC 2020] If you don't use standalone mode, just ignore this warning.
[Sun Sep 6 00:22:04 UTC 2020] Installing to /root/.acme.sh
[Sun Sep 6 00:22:04 UTC 2020] Installed to /root/.acme.sh/acme.sh
[Sun Sep 6 00:22:04 UTC 2020] Installing alias to '/root/.bashrc'
[Sun Sep 6 00:22:04 UTC 2020] OK, Close and reopen your terminal to start using acme.sh
[Sun Sep 6 00:22:04 UTC 2020] Installing alias to '/root/.cshrc'
[Sun Sep 6 00:22:04 UTC 2020] Installing alias to '/root/.tcshrc'
[Sun Sep 6 00:22:04 UTC 2020] Installing cron job
32 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Sun Sep 6 00:22:04 UTC 2020] Good, bash is found, so change the shebang to use bash as preferred.
[Sun Sep 6 00:22:05 UTC 2020] OK
https://github.com/acmesh-official/acme.sh
v2.8.8
-----------------------------------------------------
acme.sh updated
-----------------------------------------------------

Next is actual acme.sh client’s issuance of 2x Letsencrypt SSL certificates – one for RSA 2048 bit and one for ECC 256bit ECDSA SSL certificate for Nginx dual SSL certificate mode. This is due to configuring in the persistent config file the variable to enable dual SSL certificates mode which serves faster performing ECDSA SSL certificates to browsers that support it and slower traditional RSA 2048bit SSL certificates to browsers that don’t support ECDSA SSL. In Cloudflare proxied setup, this allows most optimal performance as Cloudflare edge servers will connect to Centmin Mod Nginx via faster ECDSA SSL certificates.

DUALCERTS='y'

The RSA 2048bit SSL certificate issuance via acme.sh with Cloudflare DNS API token. Notice acme.sh command adds –dns dns_cf flag and you can see DNS API adding the TXT validation record and removing it after.

-----------------------------------------------------------
issue & install letsencrypt ssl certificate for cache-enabler.centminmod.com
-----------------------------------------------------------
testcert value = wplived
wp routine detected use reissue instead via --force
/root/.acme.sh/acme.sh --force --dns dns_cf --issue -d cache-enabler.centminmod.com --days 60 -w /home/nginx/domains/cache-enabler.centminmod.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-060920-002155.log --log-level 2
[Sun Sep 6 00:22:06 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Sep 6 00:22:06 UTC 2020] Create account key ok.
[Sun Sep 6 00:22:06 UTC 2020] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Sun Sep 6 00:22:07 UTC 2020] Registered
[Sun Sep 6 00:22:07 UTC 2020] ACCOUNT_THUMBPRINT='rRHFqDi2lniJYRaxxx-_rvAl6UzG7ovF7Jq7dce6y8'
[Sun Sep 6 00:22:07 UTC 2020] Creating domain key
[Sun Sep 6 00:22:07 UTC 2020] The domain key is here: /root/.acme.sh/cache-enabler.centminmod.com/cache-enabler.centminmod.com.key
[Sun Sep 6 00:22:07 UTC 2020] Single domain='cache-enabler.centminmod.com'
[Sun Sep 6 00:22:07 UTC 2020] Getting domain auth token for each domain
[Sun Sep 6 00:22:09 UTC 2020] Getting webroot for domain='cache-enabler.centminmod.com'
[Sun Sep 6 00:22:09 UTC 2020] Adding txt value: 96N03rA1CTjVReovOjzoJB7486-V2GvNVZX7juJ9cyU for domain: _acme-challenge.cache-enabler.centminmod.com
[Sun Sep 6 00:22:10 UTC 2020] Adding record
[Sun Sep 6 00:22:10 UTC 2020] Added, OK
[Sun Sep 6 00:22:10 UTC 2020] The txt record is added: Success.
[Sun Sep 6 00:22:10 UTC 2020] Let's check each DNS record now. Sleep 20 seconds first.
[Sun Sep 6 00:22:30 UTC 2020] Checking cache-enabler.centminmod.com for _acme-challenge.cache-enabler.centminmod.com
[Sun Sep 6 00:22:31 UTC 2020] Domain cache-enabler.centminmod.com '_acme-challenge.cache-enabler.centminmod.com' success.
[Sun Sep 6 00:22:31 UTC 2020] All success, let's return
[Sun Sep 6 00:22:31 UTC 2020] Verifying: cache-enabler.centminmod.com
[Sun Sep 6 00:22:34 UTC 2020] Success
[Sun Sep 6 00:22:34 UTC 2020] Removing DNS records.
[Sun Sep 6 00:22:34 UTC 2020] Removing txt: 96N03rA1CTjVReovOjzoJB7486-V2GvNVZX7juJ9cyU for domain: _acme-challenge.cache-enabler.centminmod.com
[Sun Sep 6 00:22:35 UTC 2020] Removed: Success
[Sun Sep 6 00:22:35 UTC 2020] Verify finished, start to sign.
[Sun Sep 6 00:22:35 UTC 2020] Lets finalize the order.
[Sun Sep 6 00:22:35 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/95901924/5041645894'
[Sun Sep 6 00:22:36 UTC 2020] Downloading cert.
[Sun Sep 6 00:22:36 UTC 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/0399f04d1dd4bbb664fd1769ae76cda66601'
[Sun Sep 6 00:22:37 UTC 2020] Cert success.
-----BEGIN CERTIFICATE-----
MI snipped Oi
-----END CERTIFICATE-----
[Sun Sep 6 00:22:37 UTC 2020] Your cert is in /root/.acme.sh/cache-enabler.centminmod.com/cache-enabler.centminmod.com.cer 
[Sun Sep 6 00:22:37 UTC 2020] Your cert key is in /root/.acme.sh/cache-enabler.centminmod.com/cache-enabler.centminmod.com.key 
[Sun Sep 6 00:22:37 UTC 2020] The intermediate CA cert is in /root/.acme.sh/cache-enabler.centminmod.com/ca.cer 
[Sun Sep 6 00:22:37 UTC 2020] And the full chain certs is there: /root/.acme.sh/cache-enabler.centminmod.com/fullchain.cer

The ECC 256bit ECDSA SSL certificate issuance via acme.sh with Cloudflare DNS API token

get 2nd SSL cert issued for dual ssl cert config

/root/.acme.sh/acme.sh --force --dns dns_cf --issue -d cache-enabler.centminmod.com --days 60 -w /home/nginx/domains/cache-enabler.centminmod.com/public -k ec-256 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-060920-002155.log --log-level 2
[Sun Sep 6 00:22:37 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Sep 6 00:22:37 UTC 2020] Creating domain key
[Sun Sep 6 00:22:37 UTC 2020] The domain key is here: /root/.acme.sh/cache-enabler.centminmod.com_ecc/cache-enabler.centminmod.com.key
[Sun Sep 6 00:22:37 UTC 2020] Single domain='cache-enabler.centminmod.com'
[Sun Sep 6 00:22:37 UTC 2020] Getting domain auth token for each domain
[Sun Sep 6 00:22:39 UTC 2020] Getting webroot for domain='cache-enabler.centminmod.com'
[Sun Sep 6 00:22:39 UTC 2020] cache-enabler.centminmod.com is already verified, skip dns-01.
[Sun Sep 6 00:22:39 UTC 2020] Verify finished, start to sign.
[Sun Sep 6 00:22:39 UTC 2020] Lets finalize the order.
[Sun Sep 6 00:22:39 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/95901924/5041651897'
[Sun Sep 6 00:22:41 UTC 2020] Downloading cert.
[Sun Sep 6 00:22:41 UTC 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/044361415b2122755802a6d7db85354a4c7e'
[Sun Sep 6 00:22:41 UTC 2020] Cert success.
-----BEGIN CERTIFICATE-----
MII snipped qo
-----END CERTIFICATE-----
[Sun Sep 6 00:22:41 UTC 2020] Your cert is in /root/.acme.sh/cache-enabler.centminmod.com_ecc/cache-enabler.centminmod.com.cer 
[Sun Sep 6 00:22:41 UTC 2020] Your cert key is in /root/.acme.sh/cache-enabler.centminmod.com_ecc/cache-enabler.centminmod.com.key 
[Sun Sep 6 00:22:41 UTC 2020] The intermediate CA cert is in /root/.acme.sh/cache-enabler.centminmod.com_ecc/ca.cer 
[Sun Sep 6 00:22:41 UTC 2020] And the full chain certs is there: /root/.acme.sh/cache-enabler.centminmod.com_ecc/fullchain.cer

success: 2nd SSL cert issued for dual ssl cert config

Next is actual Letsencrypt SSL certificate installation into the WordPress Nginx vhost site at /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com

-----------------------------------------------------------
install cert
-----------------------------------------------------------
/root/.acme.sh/acme.sh --installcert -d cache-enabler.centminmod.com --certpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer --keypath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.key --capath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme.key
[Sun Sep 6 00:22:41 UTC 2020] Installing cert to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer
[Sun Sep 6 00:22:41 UTC 2020] Installing CA to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.cer
[Sun Sep 6 00:22:41 UTC 2020] Installing key to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme.key
[Sun Sep 6 00:22:41 UTC 2020] Installing full chain to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme.key
[Sun Sep 6 00:22:41 UTC 2020] Run reload cmd: /usr/bin/ngxreload
Reloading nginx configuration (via systemctl): [ OK ]
[Sun Sep 6 00:22:41 UTC 2020] Reload success

install 2nd SSL cert issued for dual ssl cert config

/root/.acme.sh/acme.sh --installcert -d cache-enabler.centminmod.com --certpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer --keypath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.key --capath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme-ecc.key --ecc
[Sun Sep 6 00:22:41 UTC 2020] Installing cert to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer
[Sun Sep 6 00:22:41 UTC 2020] Installing CA to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.cer
[Sun Sep 6 00:22:41 UTC 2020] Installing key to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-acme-ecc.key
[Sun Sep 6 00:22:41 UTC 2020] Installing full chain to:/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-fullchain-acme-ecc.key
[Sun Sep 6 00:22:41 UTC 2020] Run reload cmd: /usr/bin/ngxreload
Reloading nginx configuration (via systemctl): [ OK ]
[Sun Sep 6 00:22:42 UTC 2020] Reload success

setup ssl_trusted_certificate dual cert version:
/usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-dualcert-rsa-ecc.cer

letsencrypt ssl certificate setup completed
ssl certs located at: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com

Next is the Pure-FTP virtual FTP user login details which are via FTP over SSL

-------------------------------------------------------------
FTP hostname : xxx.xxx.xxx.xxx
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for cache-enabler.centminmod.com : YOUR_FTPUSERNAME
FTP password created for cache-enabler.centminmod.com : YOUR_FTPPASSWORD
-------------------------------------------------------------
vhost for cache-enabler.centminmod.com created successfully

Next is a summary of Nginx vhost created directories, files etc. Like public webroot being at /home/nginx/domains/cache-enabler.centminmod.com/public. Which are also outlined on official site’s config files page at https://centminmod.com/configfiles.html

vhost ssl for cache-enabler.centminmod.com created successfully

domain: https://cache-enabler.centminmod.com
vhost ssl conf file for cache-enabler.centminmod.com created: /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com.csr
Backup SSL Private Key: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-backup.key
Backup SSL CSR File: /usr/local/nginx/conf/ssl/cache-enabler.centminmod.com/cache-enabler.centminmod.com-backup.csr
letsdebug API check log: /root/centminlogs/letsdebug-cache-enabler.centminmod.com-060920-001334.log

upload files to /home/nginx/domains/cache-enabler.centminmod.com/public
vhost log files directory is /home/nginx/domains/cache-enabler.centminmod.com/log

------------------------------------------------------------
SSH commands to uninstall created WordPress install and Nginx vhost:
/root/tools/wp_uninstall_cache-enabler.centminmod.com.sh
------------------------------------------------------------

------------------------------------------------------------
Wordpress Auto Updater created at:
/root/tools/wp_updater_cache-enabler.centminmod.com.sh
cronjob set for every 8 hours update (3x times per day)
------------------------------------------------------------

Next is a summary of WordPress login and install details

WordPress domain: cache-enabler.centminmod.com
Wordpress DB Name: wp747xxxxx1db_31356
Wordpress DB User: wpdbxxxxxx88
Wordpress DB Pass: wpdbxxxxxx9Zp29213
Wordpress Admin User ID: 39xxx6
Wordpress Admin User: zW3sTxxxxxxxxp1825
Wordpress Admin Pass: zUGxxxxxxxxxxx45
Wordpress Admin Email: youremail@yourdomain.com
Wordpress Admin Display Name: George

Next are final steps to complete WordPress setup where applicable

------------------------------------------------------------
To complete setup:
1. Enable Permalinks (DO NOT use links with .html extensions for performance reasons) i.e. /%post_id%/%postname%/
2. Settings Menu > Cache Enabler set options and hit Save Changes (https://community.centminmod.com/threads/15039/)
3. Settings Menu > Optimus set options and hit Save Changes
4. Appearance > Theme Options (Responsive theme) > Home Page nav bar > Uncheck Overrides WordPress front page option
------------------------------------------------------------

Next is note to the log file which saved the entire centmin.sh menu option 22 process so you can inspect it for login details or troubleshooting etc.

-------------------------------------------------------------
vhost for cache-enabler.centminmod.com wordpress setup successfully
cache-enabler.centminmod.com setup info log saved at: 
/root/centminlogs/centminmod_123.09beta01.b582_060920-001334_wordpress_addvhost.log

And finally a wpinfo.sh script is generated which you can run to get a full overview of your WordPress installation

-------------------------------------------------------------
wpinfo.sh script saved at:
/usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpinfo.sh

Example wpinfo.sh run output

/usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpinfo.sh
WP-CLI 2.4.0
WP-Home https://cache-enabler.centminmod.com
WP-SiteURL https://cache-enabler.centminmod.com
WordPress version: 5.5.1
Database revision: 48748
TinyMCE version: 4.9100 (49100-20200624)
Package language: en_US
+--------+-----------------------------------+--------------+---------------------------+---------------------+---------------+
| ID | user_login | display_name | user_email | user_registered | roles |
+--------+-----------------------------------+--------------+---------------------------+---------------------+---------------+
| 39xxx6 | zW3sTxxxxxxxxp1825 | George | youremail@yourdomain.com | 2020-09-06 00:21:32 | administrator |
+--------+-----------------------------------+--------------+---------------------------+---------------------+---------------+
+----------------------+------------------------------------------------------------------+----------+
| name | value | type |
+----------------------+------------------------------------------------------------------+----------+
| table_prefix | 25xxx_ | variable |
| WP_CACHE | 1 | constant |
| DB_NAME | wpxxxxxxxxdb_31356 | constant |
| DB_USER | wpdbxxxxxxxxx88 | constant |
| DB_PASSWORD | wpdbxxxxxxxxxxxxxxxxx9213 | constant |
| DB_HOST | localhost | constant |
| DB_CHARSET | utf8 | constant |
| DB_COLLATE | | constant |
| DISABLE_WP_CRON | | constant |
| WP_AUTO_UPDATE_CORE | minor | constant |
| WP_POST_REVISIONS | 10 | constant |
| EMPTY_TRASH_DAYS | 10 | constant |
| WP_CRON_LOCK_TIMEOUT | 60 | constant |
| CONCATENATE_SCRIPTS | | constant |
| AUTH_KEY | {[{9*v1}VI/mqSe(xxxxxxxxxxxxxxxxx+Gk(:~f%|ZKQaT*z^73%Vl0|^XfiP~o | constant |
| SECURE_AUTH_KEY | ?57(T*}PZn]3ixxxxxxxxxxxxxxxxxxxxxxxxxxxc_ A$NIX5DRd!1-5nAoFOpo= | constant |
| LOGGED_IN_KEY | ,fA}Hl8>KF3?:CeXxxxxxxxxxxxxxxxxxxxxxxxxxxxxgD}d !~!jyRpBhrQw`d0 | constant |
| NONCE_KEY | ;4`6I`*sBUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,KO(2R#,Kj~nh | constant |
| AUTH_SALT | #c712,y%!uYxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq>T$&U$>CM#e | constant |
| SECURE_AUTH_SALT | vBzZoSz3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfX!C5_Bj^O, | constant |
| LOGGED_IN_SALT | O<Lj~QtczMbxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxCvfj=`*] | constant |
| NONCE_SALT | =k&;9Hi1CxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxdX}8kZ89M | constant |
| WP_CACHE_KEY_SALT | *&^C&awDC#xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx(o`Z=tc7A= | constant |
+----------------------+------------------------------------------------------------------+----------+
+--------------------+----------+--------+---------+
| name | status | update | version |
+--------------------+----------+--------+---------+
| akismet | inactive | none | 4.1.6 |
| autoptimize | active | none | 2.7.7 |
| autoptimize-gzip | active | none | 0.1 |
| cache-enabler | active | none | 1.4.8 |
| cdn-enabler | active | none | 1.0.9 |
| classic-editor | active | none | 1.6 |
| disable-xml-rpc | active | none | 1.0.1 |
| native-lazyload | active | none | 1.0.2 |
| sucuri-scanner | active | none | 1.8.24 |
| advanced-cache.php | dropin | none | |
+--------------------+----------+--------+---------+
+-----------------+----------+--------+---------+
| name | status | update | version |
+-----------------+----------+--------+---------+
| twentynineteen | inactive | none | 1.7 |
| twentyseventeen | inactive | none | 2.4 |
| twentytwenty | active | none | 1.5 |
+-----------------+----------+--------+---------+

Final WordPress & Cloudflare Completion Tasks

Final tasks to complete WordPress setup.

Cache Enabler Settings

Ensure you configure Cache Enabler settings. Noting Cache Expiry doesn’t work as Cache Enabler has been configured for advance Nginx caching so needs the above mentioned cronjob to set Cache Expiry.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Autoptimize Configuration Settings

Ensure you edit your Autoptimize CSS and JS settings as follows

Wordpress Cache Enabler Advanced Full Page Caching Guide

Wordpress Cache Enabler Advanced Full Page Caching Guide

Wordpress Cache Enabler Advanced Full Page Caching Guide

Nginx Visitor Real IP Detection

As your WordPress site is behind Cloudflare proxy, you need to enable cloudflare.conf include file in Nginx generated vhost config file at /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf so that visitor’s real IP addresses are detected by Nginx and your WordPress install otherwise, you will see Cloudflare server IPs being attributed to visitors in your Nginx access logs at /home/nginx/domains/cache-enabler.centminmod.com/log/access.log and in WordPress IP detection routines.

To enable cloudflare.conf include file in /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf

change

#include /usr/local/nginx/conf/cloudflare.conf;

to

include /usr/local/nginx/conf/cloudflare.conf;

You can do that manually or via SSH command line sed replacement and Nginx + PHP-FPM service restart commands below:

sed -i 's|^ #include /usr/local/nginx/conf/cloudflare.conf;| include /usr/local/nginx/conf/cloudflare.conf;|' /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf
nprestart

So the Nginx site vhost config file at /usr/local/nginx/conf/conf.d/cache-enabler.centminmod.com.ssl.conf will show the following lines

# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site
include /usr/local/nginx/conf/cloudflare.conf;
Cloudflare Settings

The next step to ensure Cache Enabler works with Cloudflare CDN proxy is to ensure that Cloudflare auto HTML minification is disabled in Cloudflare dashboard (which is the default unless you specifically enabled it) and instead do the HTML minification from Cache Enabler WordPress admin settings.

You can use a specific Cloudflare Page Rule to disable Auto Minify if you only want a specific subdomain disabled by setting Auto Minify Page Rule but leaving HTML checkbox unchecked. Here I also disabled Railgun as I don’t have it configured for this specific server.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Then instead in Cache Enabler WordPress admin settings, enable Cache Minification for HTML there if you desire.

Wordpress Cache Enabler Advanced Full Page Caching Guide

You can then verify if Cache Enabler caching is working after visiting your WordPress site as a guest to populate the cache by running curl commands below to inspect the source code of the WordPress page to see if there is a Cache Enabler timestamp comment added to indicator caching done.

curl -4sk https://cache-enabler.centminmod.com/ | tail -2

<!-- Cache Enabler by KeyCDN @ 06.09.2020 01:17:47 (https gzip) -->

and checking if advanced caching of specific query strings is working for ?utm_sourcr

curl -4sk "https://cache-enabler.centminmod.com/?utm_source" | tail -2

<!-- Cache Enabler by KeyCDN @ 06.09.2020 01:17:47 (https gzip) -->

and for ?fbclid

curl -4sk "https://cache-enabler.centminmod.com/?fbclid" | tail -2

<!-- Cache Enabler by KeyCDN @ 06.09.2020 01:17:47 (https gzip) -->

Inspecting the generated cache files and pre-compressed cache files themselves

ls -lahR /home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/cache-enabler.centminmod.com/
/home/nginx/domains/cache-enabler.centminmod.com/public/wp-content/cache/cache-enabler/cache-enabler.centminmod.com/:
total 36K
drwxrws--- 2 nginx nginx 57 Sep 6 01:17 .
drwxrws--- 3 nginx nginx 42 Sep 6 01:17 ..
-rw-rw---- 1 nginx nginx 28K Sep 6 01:17 https-index.html
-rw-rw---- 1 nginx nginx 7.3K Sep 6 01:17 https-index.html.gz
Sucuri File Integrity Checks

The centmin.sh menu option 22 WordPress installer also automatically installs Sucuri WordPress plugin so first task is to process any reported WordPress core/file integrity alerts for Centmin Mod Nginx vhost default added files and mark them as fixed/legit.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Add Browser Cache Headers To Cached Files

By default Cache Enabler served cached files via Nginx don’t serve up a Cache-Control header for web browser caching. You can optionally enable this by editing centmin.sh menu option 22 generated include file at /usr/local/nginx/conf/wpincludes/cache-enabler.centminmod.com/wpcacheenabler_cache-enabler.centminmod.com.conf and at bottom of the file add the following Nginx rules to set expires header only when Cache Enabler cached files exist on disk.

This sets web browser cache to 120 seconds – adjust accordingly to your own needs.

if (-f $document_root$cache_enabler_uri) {
 set $cttls "120s";
}
expires $cttls;

Then in Cloudflare site zone’s dashboard on Caching > Configuration section set Browser Cache TTL to ‘Respect Existing Headers’.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Or set it via custom Cloudflare Page Rule if you only want to apply it to a specific subdomain or path.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Resulting in the following served when Cache Enabler’s cached file exists – notice the Cache-Control and Expires header set.

curl -I "https://cache-enabler.centminmod.com/"
HTTP/1.1 200 OK
Date: Tue, 08 Sep 2020 13:41:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: __cfduid=d7ff7a29b86371991fed6f3c741b4bace1599572506; expires=Thu, 08-Oct-20 13:41:46 GMT; path=/; domain=.centminmod.com; HttpOnly; SameSite=Lax
Last-Modified: Tue, 08 Sep 2020 01:19:05 GMT
Vary: Accept-Encoding
X-Powered-By: centminmod
Expires: Tue, 08 Sep 2020 13:43:46 GMT
Cache-Control: max-age=120
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
CF-Cache-Status: DYNAMIC
cf-request-id: 050f8c8f20000091fe18b86200000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 5cf916c50f5491fe-EWR
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

With web browser cache headers in place, visitors will have a faster page loading experience if they already have a cached version in their local browser cache. Here’s Opera web browser network developer tools showing how a browser cached version of WordPress full HTML page cached loads.

The response is loaded from visitor’s browser disk cache and has a total time of just 2 milliseconds of which 1 millisecond was over the network. I’m in Brisbane, Australia and test WordPress install is in New York City.

Wordpress Cache Enabler Advanced Full Page Caching Guide

A breakdown of the request’s timings where waiting TTFB was 0.19 ms and Content Download was 1.31ms.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Testing Cache Enabler Full HTML Page Cache

You can run a quick load test using my forked wrk, wrk-cmm load testing tool with 300 concurrent users for 15 second duration. You need to specifically test with a User Agent specified otherwise, Cloudflare Web Application Firewall (WAF) on paid plans may have WAF rules that block or challenge requests which have an empty User Agent and wrk-cmm will end up with non-2xx or 3xx responses reported.

wrk-cmm test for WordPress index page

wrk-cmm -t1 -c300 -d15s -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4255.0 Safari/537.36" --latency --breakout https://cache-enabler.centminmod.com/
Running 15s test @ https://cache-enabler.centminmod.com/
  1 threads and 300 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    97.63ms   72.66ms   1.25s    84.71%
    Connect   175.27ms   82.03ms 353.45ms   69.56%
    TTFB       89.96ms   71.20ms   1.25s    87.47%
    TTLB        7.60ms   15.44ms 207.93ms   94.45%
    Req/Sec     3.36k     1.02k    5.27k    67.88%
  Latency Distribution
     50%   73.31ms
     75%  109.15ms
     90%  183.63ms
     95%  258.38ms
     99%  363.04ms
  49605 requests in 15.03s, 1.32GB read
Requests/sec:   3299.40
Transfer/sec:     90.24MB

h2load HTTP/2 HTTPS load tester for WordPress index page

h2load -t1 -c300 -n5000 -m60 -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4255.0 Safari/537.36" https://cache-enabler.centminmod.com/ 
starting benchmark...
spawning thread #0: 300 total client(s). 5000 total requests
TLS Protocol: TLSv1.2
Cipher: ECDHE-ECDSA-AES128-GCM-SHA256
Server Temp Key: ECDH P-256 256 bits
Application protocol: h2
progress: 10% done
progress: 20% done
progress: 30% done
progress: 40% done
progress: 50% done
progress: 60% done
progress: 70% done
progress: 80% done
progress: 90% done
progress: 100% done

finished in 3.30s, 1513.31 req/s, 40.44MB/s
requests: 5000 total, 5000 started, 5000 done, 5000 succeeded, 0 failed, 0 errored, 0 timeout
status codes: 5000 2xx, 0 3xx, 0 4xx, 0 5xx
traffic: 133.61MB (140101965) total, 404.88KB (414601) headers (space savings 87.38%), 132.94MB (139400000) data
                     min         max         mean         sd        +/- sd
time for request:   180.42ms       3.10s       1.85s    839.88ms    56.42%
time for connect:   126.24ms       1.78s    399.34ms    437.13ms    88.00%
time to 1st byte:   325.57ms       3.25s       1.56s    793.29ms    61.33%
req/s           :       4.85       28.26        5.87        2.27    93.33%

wrk-cmm testing of query string cache inclusion for the index page with ?fbclid query string

wrk-cmm -t1 -c300 -d15s -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4255.0 Safari/537.36" --latency --breakout https://cache-enabler.centminmod.com/?fbclid
Running 15s test @ https://cache-enabler.centminmod.com/?fbclid
  1 threads and 300 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    93.21ms   58.89ms 625.70ms   85.31%
    Connect   173.79ms   81.42ms 347.52ms   68.33%
    TTFB       84.35ms   56.61ms 592.67ms   86.35%
    TTLB        8.36ms   15.56ms 282.17ms   92.53%
    Req/Sec     3.47k     1.23k    6.00k    72.39%
  Latency Distribution
     50%   77.05ms
     75%  100.73ms
     90%  157.51ms
     95%  219.20ms
     99%  331.03ms
  50304 requests in 15.01s, 1.34GB read
Requests/sec:   3351.11
Transfer/sec:     91.74MB

Notes

  1. By default Cloudflare only caches static content files like images, css and js and doesn’t cache dynamically generated HTML files like WordPress blog pages unless you tell it specifically to do so via ‘Cache Everything’ page rules as outlined at Understand Cloudflare’s CDN. So the test is communicating directly with your origin Nginx server and is load testing Centmin Mod Nginx origin’s WordPress Cache Enabler caching at Nginx cache level out of the box.  So response times are dependent and relative to the test server’s geographical location and your Centmin Mod Nginx server’s location i.e. Upcloud New York City locale. You can see an example of this in below screenshot using KeyCDN performance testing tool testing ?fbclid query string cache inclusion performance. If you configure Cloudflare CDN cache for dynamic HTML content, then you’ll have 2 caching layers – one at Cloudflare CDN edge server and one at Centmin Mod Nginx server level.
    Wordpress Cache Enabler Advanced Full Page Caching Guide
  2. The above wrk-cmm and h2load tests were run on same Upcloud server as WordPress install so the load testers are competing with Nginx resources as there’s only 1 cpu core on this KVM VPS server so latency and performance will be less than if you ran wrk-cmm and h2load on separate Upcloud KVM VPS server itself. But as you can see, the requests per second rate is much higher serving via Nginx level cache via Cache Enabler’s full HTML page cache than via PHP-FPM.

Using third party loader.io load testing service to move testing outside of the Upcloud KVM VPS server.

loader.io test configuration for 300 users

Wordpress Cache Enabler Advanced Full Page Caching Guide

loader.io test results for 300 users with User Agent and gzip compression header requested shows an average of response time of 34 milliseconds over a 60 second test duration.

Wordpress Cache Enabler Advanced Full Page Caching Guide

loader.io test configuration for 600 users

Wordpress Cache Enabler Advanced Full Page Caching Guide

loader.io test results for 600 users with User Agent and gzip compression header requested shows an average of response time of 43 milliseconds over a 60 second test duration.

Wordpress Cache Enabler Advanced Full Page Caching Guide

loader.io test configuration for 1000 users

Wordpress Cache Enabler Advanced Full Page Caching Guide

loader.io test results for 1000 users with User Agent and gzip compression header requested shows an average of response time of 64 milliseconds over a 60 second test duration. With 1 timeout response recorded. Not bad for a 1 cpu, 1GB memory, 25GB disk US$5/month KVM VPS server based WordPress installation.

Wordpress Cache Enabler Advanced Full Page Caching Guide

And with a bit of Nginx and PHP-FPM server side tuning of settings, at 5,000 constant user loader.io test. Though average latency response time isn’t ideal at 1170ms or 1.17 seconds. But not bad for a 1cpu, 1GB memory KVM VPS server at US$5/month.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Installing and running WPPerformanceTester plugin where the server performance numbers are highly influenced by server’s CPU model and clock speed. This Upcloud 1cpu core, 1GB ram server sports an AMD EPYC 7542 cpu @2.9Ghz base clocks.

Wordpress Cache Enabler Advanced Full Page Caching Guide

The final result for Google Lighthouse via Google PageSpeed Insights online tool for WordPress 5.5.1 default site theme testing specifically the query string cache inclusion string for ?fbclid for both mobile and desktop respectively.

Wordpress Cache Enabler Advanced Full Page Caching Guide

Wordpress Cache Enabler Advanced Full Page Caching Guide

And for Webpagetest.org testing WordPress with query string cache inclusion for ?fbclid.

Wordpress Cache Enabler Advanced Full Page Caching Guide Wordpress Cache Enabler Advanced Full Page Caching Guide

Notable Updates Since Initial Publication

Below are some updates and changes since initial publication of this blog post.

  • Cache Enabler 1.5.1 release has some major changes under the hood option settings wise so Centmin Mod’s centmin.sh menu option 22 needed an update.
  • Updated Centmin Mod WordPress install to force downgraded Cache Enabler 1.4.9 version due to various issues with Cache Enabler 1.5.1+ new cache routines. Details here.