Cloudflare turned 13 this year. For Cloudflare Birthday week, they announced support for Post-Quantum key exchange connections (KEX) to Cloudflare origin servers using X25519Kyber768Draft00. For this to work, origin servers need to support Post-Quantum key exchanges. This post outlines how Centmin Mod LEMP stack’s Nginx server can be configured to support Post-Quantum KEX.
Centmin Mod uses Neil Pang’s acme.sh client as the underlying tool to issue and obtain free Letsencrypt certificates for Nginx HTTPS auto created sites. The acme.sh client has added support for other free ACME protocol compatible CA SSL providers like Buypass (BuyPass Go SSL) and ZeroSSL. This guide shows how you can switch over from Letsencrypt to using ZeroSSL SSL certificates which uses Sectigo (Comodo) certificates and supports free wildcard SSL certificates and doesn’t have any rate limiting for SSL certificate issuance.
Cloudflare Domain Registrar is a privacy focused no markup price domain registrar provider which can reduce your domain renewal costs significantly. However, a requirement is that you use their Cloudflare nameservers and have onboarded your domain(s) to their service first. This guide will show how you can bulk domain transfer many domains including onboarding to Cloudflare service and nameservers.
Cloudflare Registrar is a cost price domain registrar offering cheap domain transfers and registrations. However, at one point you may need to transfer many domains out of Cloudflare Registrar to another registrar – offering discount domain transfer pricing or specials. This guide will show you how to bulk transfer out the domains via Cloudflare Registrar API via command line or scripting.
Cloudflare Argo Tunnel allows you to expose your web server to the internet without having to open routes in your firewall or setup dedicated routes. This guide will outline how you can setup Cloudflare Argo Tunnel for private encrypted HTTP/2 connection to your origin web server or web application on CentOS 7 for Centmin Mod LEMP stack users.
For CentOS 7 based Centmin Mod users, you may run into the Python 2.7 deprecation message when running CentOS 7 native Python 2.7 and that Python 2.7’s end of life is on January 1, 2020 and that you need to upgrade Python 2.7. You should not upgrade the CentOS 7 native Python 2.7 as that may break your system and YUM operation. Instead, you should install a newer Python version side by side.
You’ve accidentally run the SSH command
iptables -F and have locked yourself out of your server and can not SSH login again. So how do you regain SSH access? Centmin Mod LEMP stack uses CSF Firewall which is a wrapper interface to CentOS system’s underlying IPTables. If you run the SSH command,
iptables -F you may end up locking yourself out of the server as this command flushes all the existing IPTable rules that are configured and setup by CSF Firewall at startup. This guide will outline ways you can possibly regain SSH access using example VPS providers – Upcloud, DigitalOcean, Vultr, Linode, Hetzner and Amazon AWS EC2 instance servers.
This blog post was migrated from ServerManage.guide. This WordPress site was created using Centmin Mod’s centmin.sh menu option 22 automatic WordPress installer routine and hosted on a Upcloud.com KVM VPS server running Centmin Mod Nginx, PHP-FPM, MariaDB MySQL on CentOS 7 64bit server paired with Cloudflare free plan.