We're recently been re-working our CentOS install script so that it does the following:

- Updates any already installed software (via YUM)
- Secures /tmp (and /var/tmp)
- Installs a limited selection of development tools (C, C++ compilers, autoconf, automake and pkgconfig)
- Sets local timezone
- Installs Nginx, MySQL, PHP 5.3.3 (/w FPM)
- Installs NSD (DNS Server, alternative to BIND etc.)
- Installs NTP to sync clock time - though obviously not on OpenVZ VPS (as you can not set the time on OpenVZ)
- Installs SendMail

There are a few last tweaks/bugfixes that need to be made, however I was wondering if anyone find this useful when it's done?
If so, I will put it up on our site - though it will probably be in a day or two.

For anyone interested, with the above installed and running it's currently using less than 50MB RAM (running CentOS 5.5 32bit on a Xen PV VPS).

I am happy to announce that Centmin is now publicly available.

Firstly, make sure that you read the readme.txt
Secondly, 4 hours and two further revisions later, everything is now working fine.

You can grab the script from here (http://www.btcentral.org.uk/projects/centmin/) - enjoy :)

Sure please share it, I guess it's a reworded LEA Debian script?

Sure please share it, I guess it's a reworded LEA Debian script?

No, it's actually been made in-house from scratch.

And in that case I will try to get it finished off either this evening, or tomorrow (depending on my free time) and get it uploaded (with a readme/howto).

I'd love to see it :)

= ) you know I would fine it useful! Good job Ben.

Is it install The os is a fresh server , or just update an already installed os ?

Is it install The os is a fresh server , or just update an already installed os ?

It's something that personally I would normally install on a freshly installed CentOS server, however it can also be run on a server that has already been setup - as you have the option to enable/disable the various software installation options, and answer yes or no to the questions it asks you.

Obviously for best results it would be used on a minimal CentOS template.

---

I am about to wipe our test VPS and check that v1.0.1 is working properly, if there are not any problems with it this will be the version that is initially released.
While I spent some time fixing various issues yesterday evening, by the time I had finished it had gone 1am, so did not get round to testing it then.

This means hopefully assuming everything works OK then I will get the time to write up some documentation for it this evening, if not it should be tomorrow evening this gets uploaded by at the latest.

Thanks a lot for sharing this script Ben!

Looks like a great script, ill try it out soon. a few questions though

1. Will this work with CentOS 5.5 ?
2. whats the RAM usage of this setup?
3. Any recommended minimal CentOS template?
4. Any specific reason why you used NSD over BIND ?


Also I would recommend adding an option for Nginx to choose latest development or stable release.

Thanks a lot for sharing this script Ben!

No problem.

Looks like a great script, ill try it out soon. a few questions though

1. Will this work with CentOS 5.5 ?
2. whats the RAM usage of this setup?
3. Any recommended minimal CentOS template?
4. Any specific reason why you used NSD over BIND ?

1. Of course - it's been tested on CentOS 5.3, 5.4 and 5.5 (32 and 64bit) - but it should work just fine with all versions of CentOS 5.

2. Depends on what other services you have running, but on its own, around the 50-60MB RAM mark (it uses 47MB on our Xen PV VPS, where as around 60MB on our OpenVZ VPS in testing) - to disable unneeded services, see here (http://www.sonoracomm.com/support/18-support/114-minimal-svcs).

3. OpenVZ (http://wiki.openvz.org/Download/template/precreated) (CentOS minimal under Contributed templates), Xen (http://www.thrustvps.com/fast/xen-templates/), Dedicated server (http://knol.google.com/k/create-a-minimal-centos-linux-install).
Alternatively, the following providers I have used have actual minimal templates: ramhost (http://ramhost.us), ThrustVPS (http://www.thurstvps.com), niXcom (http://www.nixcom.ca/) - I think both Server Complete (http://www.servercomplete.com/), and Delimiter (http://www.btcentral.org.uk) do too, but can not remember.

4. Simple BIND is a memory hog, NSD is not - that and NSD uses BIND zone files (which keeps things simple for me).

Bind running 12 zones:
116020 VSZ / 31452 RSS (113.3 MB VSZ/30.7 MB RSS)

NSD running the same 12 zones:

VSZ RSS
14168 924
21032 852
14340 628

(48.3 MB VSZ/2.3 MB RSS overall)

Where RSS is physical memory used, VSZ being the virtual memory used.

Also I would recommend adding an option for Nginx to choose latest development or stable release.

Done - v1.0.4 released (grab it here (http://www.btcentral.org.uk/projects/centmin/)), updated the readme.txt, added "NGINX_VERSION" flag (line 23).
To use the development version instead simply change it to read: NGINX_VERSION='0.8.50'

Ben, thanks for contributing this script to the community it looks good.
Unfortunately in my testing both nginx and nsd were not installed correctly in either 32 or 64 bit test runs. Is it just me or has someone else found the same issue? I can only assume it's due to a missing dependency since you're compiling both?

Ben, thanks for contributing this script to the community it looks good.
Unfortunately in my testing both nginx and nsd were not installed correctly in either 32 or 64 bit test runs. Is it just me or has someone else found the same issue? I can only assume it's due to a missing dependency since you're compiling both?

Hi RavC, thanks for the feedback.

Any chance getting a log of any of the errors? - I have tried it on multiple VPS providers under both 64bit and 32bit environments so the only thing I can think of that would be causing that is as you said, a missing dependency that for whatever reason is not installed on your templates but on all the other minimal templates I have used.

If you can provide a log, hopefully we can work out what is missing and add it to the development tools list.

Meant to say - you can log the script output easily this way:
source centmin.sh 2>&1 | tee centmin.log

Thanks!

alot of people can make good use of it, especially the starters.

Thank you very much for this contribution. I am playing with nginx/php-fpm/bind since a month and I think this will help me.
I am going to try this now.


Any chance you could add mail server ?

Thank you sharing the script and making it Gpl.
Now I feel good for buying some cheap vps. I can try the script easily :-)
Will let you know how it goes..

Very, very useful script - thanks a lot for sharing it! Testing it out on a few other servers to test compatibility but so far everything's great!

Any chance you could add mail server ?

I am afraid not at this stage - we want to make sure that it is actually working properly for everyone before thinking about expanding the features of it.

It's open source though, so if you're up to it - feel free to add one yourself ;)

Thank you sharing the script and making it Gpl.
Now I feel good for buying some cheap vps. I can try the script easily :-)
Will let you know how it goes..

Best of luck, hope it helps you out!

Very, very useful script - thanks a lot for sharing it! Testing it out on a few other servers to test compatibility but so far everything's great!

No problem, and great to hear :) - let me know if you run into any bugs (preferably via the contact us form on the website, rather than PM) and I will fix them.

No problem.



1. Of course - it's been tested on CentOS 5.3, 5.4 and 5.5 (32 and 64bit) - but it should work just fine with all versions of CentOS 5.

2. Depends on what other services you have running, but on its own, around the 50-60MB RAM mark (it uses 47MB on our Xen PV VPS, where as around 60MB on our OpenVZ VPS in testing) - to disable unneeded services, see here (http://www.sonoracomm.com/support/18-support/114-minimal-svcs).

3. OpenVZ (http://wiki.openvz.org/Download/template/precreated) (CentOS minimal under Contributed templates), Xen (http://www.thrustvps.com/fast/xen-templates/), Dedicated server (http://knol.google.com/k/create-a-minimal-centos-linux-install).
Alternatively, the following providers I have used have actual minimal templates: ramhost (http://ramhost.us), ThrustVPS (http://www.thurstvps.com), niXcom (http://www.nixcom.ca/) - I think both Server Complete (http://www.servercomplete.com/), and Delimiter (http://www.btcentral.org.uk) do too, but can not remember.

4. Simple BIND is a memory hog, NSD is not - that and NSD uses BIND zone files (which keeps things simple for me).

Bind running 12 zones:
116020 VSZ / 31452 RSS (113.3 MB VSZ/30.7 MB RSS)

NSD running the same 12 zones:

VSZ RSS
14168 924
21032 852
14340 628

(48.3 MB VSZ/2.3 MB RSS overall)

Where RSS is physical memory used, VSZ being the virtual memory used.



Done - v1.0.4 released (grab it here (http://www.btcentral.org.uk/projects/centmin/)), updated the readme.txt, added "NGINX_VERSION" flag (line 23).
To use the development version instead simply change it to read: NGINX_VERSION='0.8.50'

Thanks for the information and the update! ill try it out as soon as I get my test VPS ready.

Personally I think you should also add a MailServer as suggested if its not too much trouble, maybe even phpmyadmin. Either case once I test it out and i'll give you a report.

Most of the OpenVZ templates are pretty old, but your script updates the OS so it should work out anyways.

Thanks for this script, i'm surprised no-one has added something similar to WHT sooner!

:agree:

Thanks for the information and the update! ill try it out as soon as I get my test VPS ready.

Personally I think you should also add a MailServer as suggested if its not too much trouble, maybe even phpmyadmin. Either case once I test it out and i'll give you a report.

Most of the OpenVZ templates are pretty old, but your script updates the OS so it should work out anyways.

Thanks for this script, i'm surprised no-one has added something similar to WHT sooner!

:agree:

Not a WHT exclusive, but the admin of lowendbox.com has made a good Debian script some time ago.

http://www.lowendbox.com/blog/wordpress-cheap-vps-lowendscript/

Ben, thanks for contributing this script to the community it looks good.
Unfortunately in my testing both nginx and nsd were not installed correctly in either 32 or 64 bit test runs. Is it just me or has someone else found the same issue? I can only assume it's due to a missing dependency since you're compiling both?

RavC noticed after running the script again it was due to not installing the "make" package - most minimal installs already have this it seems, but not all of them.
This has now been added to the script, and I have tested it on one of their VPS (http://www.6sync.com/) - everything seems to be working fine now :)

Just grab v1.0.5 from here (http://www.btcentral.org.uk/projects/centmin/) if you're having problems.

Ben,

you and RavC working on something could be dangerous! ; ) As soon as I have time I'm going to try running this on my test accounts.

RavC noticed after running the script again it was due to not installing the "make" package - most minimal installs already have this it seems, but not all of them.
This has now been added to the script, and I have tested it on one of their VPS (http://www.6sync.com/) - everything seems to be working fine now :)

Just grab v1.0.5 from here (http://www.btcentral.org.uk/projects/centmin/) if you're having problems.



I'm probably asking too much, but would it be possible to add further security to this script? like a firewall, folder permissions, securing SSH, rkhunter or something?

I'm probably asking too much, but would it be possible to add further security to this script? like a firewall, folder permissions, securing SSH, rkhunter or something?

I'm looking for more people to report back on if it actually works for them or not first, but I was planning on adding an option to install CSF (http://www.configserver.com/cp/csf.html) (as that is something we use on all our servers) too.
Securing SSH would not be hard, again that is something we do too. rkhunter? Probably... we don't actually use it, but if it doesn't take too long to implement I don't see why not.

What exactly would you be looking for in the way of folder permissions? It already secures /tmp and /var/tmp.

I registered the centmin.com domain yesterday, as I figured it might turn into a larger project (though have not done anything with it yet) ;)
The only thing I would say right now is, bear in mind this is something I am working on in my spare time.

I'm looking for more people to report back on if it actually works for them or not first, but I was planning on adding an option to install CSF (http://www.configserver.com/cp/csf.html) (as that is something we use on all our servers) too.
Securing SSH would not be hard, again that is something we do too. rkhunter? Probably... we don't actually use it, but if it doesn't take too long to implement I don't see why not.

What exactly would you be looking for in the way of folder permissions? It already secures /tmp and /var/tmp.

I registered the centmin.com domain yesterday, as I figured it might turn into a larger project (though have not done anything with it yet) ;)
The only thing I would say right now is, bear in mind this is something I am working on in my spare time.

A good combo would be CSF + LFD (Auto whitelist installing user IP?), maybe logwatch but it needs some configuration. chkrootkit and rkhunter are both rootkit checkers, although not very useful usually it doesn't hurt to configure it to run nightly and send an email to report things.

I'm not sure about DDos protection as I usually use cPanel/Apache, so not to firmilar with what works with Nginx, however Nginx can handle most attacks.

Hardening SSH and the mailserver would be good too, as for folder permissions, I think it would be hard configuring SElinux and not sure how much memory it will consume, so better scratch that.

There is this ELS script that is also GPLed. It hardens the sysctl, disables unwanted services (telnet etc),
Its way outdated, but you may be able to grab some code directly from there.. or implement some of the features..
http://www.servermonkeys.com/els.php

Thanks again for the script, it works..

can nginx be replaced with Apache? Because sometimes you just can't replace it

Also, is there any option to choose php versions?

can nginx be replaced with Apache? Because sometimes you just can't replace it

I think this script is mostly for fresh installs rather then finished systems. I mean the script can be done to stup Apache, but I think this is for low memory only and Apache is a memory hog. besides most control panels would do similar.

There is this ELS script that is also GPLed. [snipped] http://www.servermonkeys.com/els.php

Thanks - I will take a look, might give me a few ideas.

can nginx be replaced with Apache? Because sometimes you just can't replace it

Also, is there any option to choose php versions?

No, the whole point in this script is to provide a low memory server environment, and giving Apache as a default option instead would completely defeat the object of the script.
As for PHP versions, again no - it will always include the latest stable release. PHP 5.2.x is no longer being maintained (http://www.php.net/archive/2010.php#id2010-07-22-1), which is why I chose to do this.

If you want to install Apache/whatever version of PHP yourself you can of course. Simply edit the configuration and set NGINX_INSTALL=n and PHP_INSTALL=n to stop them from being installed by default.
But honestly if you want that, you'd likely just be better off installing cPanel instead.

Currently installing this on BuyVM with 256 RAM with their default CentOS5.4 32bit template. Lets see how this goes =]

Currently installing this on BuyVM with 256 RAM with their default CentOS5.4 32bit template. Lets see how this goes =]


top - 10:57:11 up 27 min, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 28 total, 1 running, 27 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 524288k total, 165180k used, 359108k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 15 0 2148 656 568 S 0.0 0.1 0:00.28 init
7521 root 15 0 2280 1032 824 R 0.0 0.2 0:00.01 top
26175 root 25 0 5808 724 260 S 0.0 0.1 0:00.00 nginx
26176 nginx 15 0 5952 1400 724 S 0.0 0.3 0:00.00 nginx
26177 nginx 18 0 5952 1076 424 S 0.0 0.2 0:00.00 nginx
26179 nginx 18 0 5952 1076 424 S 0.0 0.2 0:00.00 nginx
26180 nginx 18 0 5952 1068 416 S 0.0 0.2 0:00.00 nginx
28234 root 19 -4 2240 556 344 S 0.0 0.1 0:00.00 udevd
30084 root 15 0 1804 576 476 S 0.0 0.1 0:00.00 syslogd
30116 nsd 18 0 3780 784 536 S 0.0 0.1 0:00.00 nsd
30117 nsd 18 0 10644 736 276 S 0.0 0.1 0:00.00 nsd
30119 nsd 15 0 3836 548 228 S 0.0 0.1 0:00.00 nsd
30129 root 18 0 7180 1064 664 S 0.0 0.2 0:00.00 sshd
30138 root 24 0 2824 840 672 S 0.0 0.2 0:00.00 xinetd
30171 root 19 0 3700 1304 1128 S 0.0 0.2 0:00.01 mysqld_safe
30211 mysql 15 0 134m 17m 3672 S 0.0 3.4 0:00.21 mysqld
30248 root 15 0 9284 1692 684 S 0.0 0.3 0:00.01 sendmail
30256 smmsp 25 0 8236 1508 644 S 0.0 0.3 0:00.00 sendmail
30265 root 18 0 20912 2824 868 S 0.0 0.5 0:00.02 php-fpm
30266 nginx 25 0 20912 2700 740 S 0.0 0.5 0:00.00 php-fpm
30267 nginx 25 0 20912 2700 740 S 0.0 0.5 0:00.00 php-fpm
30268 nginx 25 0 20912 2700 740 S 0.0 0.5 0:00.00 php-fpm
30270 nginx 25 0 20912 2700 740 S 0.0 0.5 0:00.00 php-fpm
30287 root 18 0 4488 1112 564 S 0.0 0.2 0:00.00 crond
30295 root 18 0 5664 712 436 S 0.0 0.1 0:00.00 saslauthd
30296 root 18 0 5664 440 164 S 0.0 0.1 0:00.00 saslauthd
32248 root 15 0 10176 2908 2348 S 0.0 0.6 0:00.23 sshd
32456 root 15 0 3704 1476 1244 S 0.0 0.3 0:00.10 bash




Need to try it on a min template next, have no clue how to do a custom install so going to need to look it up.

If you installed it on their default "CentOS 5 32bit" template then that is a minimal one (I also grabbed one of their VPS - though the 128 / 256 MB plan, as I thought $15/year for something we can setup a tertiary DNS server on is pretty good) ;)

After running the script (with all the default options) on it:

[root@buyvm ~]# free -m
total used free shared buffers cached
Mem: 256 74 181 0 0 0
-/+ buffers/cache: 74 181
Swap: 0 0 0

The fact that the nodes are obviously on Gigabit connections, and come with IPv6 as standard is pretty nice too.

[root@buyvm ~]# wget http://cachefly.cachefly.net/100mb.test -O /dev/null
--15:24:18-- http://cachefly.cachefly.net/100mb.test
Resolving cachefly.cachefly.net... 205.234.175.175
Connecting to cachefly.cachefly.net|205.234.175.175|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 104857600 (100M) [application/octet-stream]
Saving to: `/dev/null'

100%[======================================>] 104,857,600 44.9M/s in 2.2s

If you installed it on their default "CentOS 5 32bit" template then that is a minimal one (I also grabbed one of their VMs - though the 128 / 256 MB plan, as I thought $15/year for something I can setup a tertiary DNS server on is pretty good ;)

After running the script with all the default options on it:

[root@buyvm ~]# free -m
total used free shared buffers cached
Mem: 256 74 181 0 0 0
-/+ buffers/cache: 74 181
Swap: 0 0 0


Strange for me i got:


[root@kuro ~]# free -m
total used free shared buffers cached
Mem: 512 168 343 0 0 0
-/+ buffers/cache: 168 343
Swap: 0 0 0




Not running anything yet at all. Only installed CSF

You are definitely on the 32bit template, not 64bit right? (64bit uses more memory). If so, are you using it as a live site? (in which case php-fpm may have spawned more processes, which would increase memory usage).
Either that or CSF may be using it up? I will install CSF myself later and see what the memory usage is like.

You are definitely on the 32bit template, not 64bit right? (64bit uses more memory). If so, are you using it as a live site? (in which case php-fpm may have spawned more processes, which would increase memory usage).
Either that or CSF may be using it up? I will install CSF myself later and see what the memory usage is like.

its not a live site, so im jsut playing around with things, and trying phpmyadmin using nginx

http://embernix.com/2010/08/setting-up-phpmyadmin-with-nginx-and-centos/

no luck so far, I set the directories right and the subdomain. But other than that your script installed just fine !

http://embernix.com/2010/08/setting-up-phpmyadmin-with-nginx-and-centos/

Only thing I would say when following that is remember that the paths will be different - nginx directory is /usr/local/nginx/ - vhost configuration is /usr/local/nginx/conf/conf.d/virtual.conf (as per the readme).

Only thing I would say when following that is remember that the paths will be different - nginx directory is /usr/local/nginx/ - vhost configuration is /usr/local/nginx/conf/conf.d/virtual.conf (as per the readme).

yupyup, i did that still not working, but don't worry ill try to figure it out. Right now re-intalling CentOS to make sure it wasn't a problem from before. A lot of people were saying Debian 5 seems to use even less memory like 50MB 32bit plus nginx and WordPress and such. using the script from before for lowendbox. I prefer CentOS tho.

yupyup, i did that still not working, but don't worry ill try to figure it out. Right now re-intalling CentOS to make sure it wasn't a problem from before. A lot of people were saying Debian 5 seems to use even less memory like 50MB 32bit plus nginx and WordPress and such. using the script from before for lowendbox. I prefer CentOS tho.

Okay just finished a fresh install:


[root@kuro ~]# free -m
total used free shared buffers cached
Mem: 512 152 359 0 0 0
-/+ buffers/cache: 152 359
Swap: 0 0 0





[root@kuro ~]# ps -auxf | sort -nr -k 4 | head -10
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
mysql 8086 0.0 3.5 136892 18500 ? Sl 13:26 0:00 \_ /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --socket=/var/lib/mysql/mysql.sock
root 9420 0.0 0.5 20912 2824 ? Ss 13:26 0:00 php-fpm
root 24006 0.0 0.5 10016 2868 ? Ss 13:33 0:00 \_ sshd: root@notty
root 12004 0.0 0.5 10176 2932 ? Ss 13:28 0:00 \_ sshd: root@pts/0
nginx 9430 0.0 0.5 20912 2700 ? S 13:26 0:00 \_ php-fpm
nginx 9428 0.0 0.5 20912 2700 ? S 13:26 0:00 \_ php-fpm
nginx 9425 0.0 0.5 20912 2700 ? S 13:26 0:00 \_ php-fpm
nginx 9424 0.0 0.5 20912 2700 ? S 13:26 0:00 \_ php-fpm
root 9360 0.0 0.3 9284 1692 ? Ss 13:26 0:00 sendmail: accepting connections
smmsp 9385 0.0 0.2 8240 1512 ? Ss 13:26 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue

A great script you have got there, going to test it out on some servers tomorrow, hopefully will save me a lot of time in the long run.

You should get in contact with OnApp/SolusVM/etc... and get a template created with it on :D

Nice!


top - 14:08:57 up 1:04, 1 user, load average: 0.02, 0.26, 0.29
Tasks: 27 total, 2 running, 25 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 262144k total, 76816k used, 185328k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached


total used free shared buffers cached
Mem: 256 74 181 0 0 0
-/+ buffers/cache: 74 181
Swap: 0 0 0


Btw, if I add a domain how do I that? (Sorry noob here). Can I just create a new folder inside "/home/nginx/domains/"?

Nice!


top - 14:08:57 up 1:04, 1 user, load average: 0.02, 0.26, 0.29
Tasks: 27 total, 2 running, 25 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 262144k total, 76816k used, 185328k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached


total used free shared buffers cached
Mem: 256 74 181 0 0 0
-/+ buffers/cache: 74 181
Swap: 0 0 0



Default Nginx version right? if so i think my stats maybe because i installed 0.8.50

Hello,

Thank you very much.

This will come in handy for vps customer's :)

Default Nginx version right? if so i think my stats maybe because i installed 0.8.50

I think so, as I did not change anything on the script. :)

great script Ben

A great script you have got there, going to test it out on some servers tomorrow, hopefully will save me a lot of time in the long run.

You should get in contact with OnApp/SolusVM/etc... and get a template created with it on :D

Any providers/software developers etc. are more than welcome to use this script to create templates for their customers if they wish to, but it's not we are going to be contacting providers/developers about ;)

Default Nginx version right? if so i think my stats maybe because i installed 0.8.50

Ahh, that could definitely explain the memory differences. I've always been using the stable version in my testing.
As for your phpMyAdmin issues, are you trying to access it via the IP? If so you could modify the "localhost" section to look like this (http://pastie.org/1168256) and then put phpMyAdmin in the /usr/local/nginx/html folder.

Btw, if I add a domain how do I that? (Sorry noob here). Can I just create a new folder inside "/home/nginx/domains/"?

The easiest way would probably be (via SSH):
mkdir -p /home/nginx/domains/yourdomain.com/{public,private,log,backup}
(obviously, change yourdomain.com to whatever your domain is - without the www.)

Uploading your site to the created "public" folder, then duplicating the "demo.com" configuration in /usr/local/nginx/conf/conf.d/virtual.conf for your new domain - in which case your config might look something like this (http://pastie.org/1168243).

At some point I will likely get round to creating some "addon" scripts to allow you to do things like add new domains to your configuration automatically - just a matter of finding some spare time ;)

Uploading your site to the created "public" folder, then duplicating the "demo.com" configuration in /usr/local/nginx/conf/conf.d/virtual.conf for your new domain - in which case your config might look something like this (http://pastie.org/1168243).

At some point I will likely get round to creating some "addon" scripts to allow you to do things like add new domains to your configuration automatically - just a matter of finding some spare time ;)

Got it! Thanks!

Ahh, that could definitely explain the memory differences. I've always been using the stable version in my testing.
As for your phpMyAdmin issues, are you trying to access it via the IP? If so you could modify the "localhost" section to look like this (http://pastie.org/1168256) and then put phpMyAdmin in the /usr/local/nginx/html folder.



Its quite strange how its using much more memory than the stable one, i guess a lot more features or default modules are being loaded. I'll be trying the stable release on another VPS later.

Also i found the problem was that I forgot to add the A record to the NSD zone file for the subdomain phpmyadmin.


phpmyadmin 14400 IN A 192.192.192.192



This is what i used for the nginx configuration



server {
listen 80;
server_name phpmyadmin.domain.com;

access_log /home/nginx/domains/domain.com/log/pma.access.log;
error_log /home/nginx/domains/domain.com/log/pma.error.log;

location / {
root /usr/share/phpMyAdmin;
index index.php;
}

location ~ \.php$ {
root /usr/share/phpMyAdmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin$fastcgi_script_name;
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi_params;
}
}



Also I found it strange that yum installs phpmyadmin now as phpMyAdmin which for some reason had a little trouble with Nginx unless it was specific that some words were in CAPS. But its easy to setup so it would be good to add it to centmin script.

CSF however is not too easy to configure, at least i'm not sure what im doing. need to find tutorials on it. It really feels more suited for cPanel.

Also I found it strange that yum installs phpmyadmin now as phpMyAdmin which for some reason had a little trouble with Nginx unless it was specific that some words were in CAPS. But its easy to setup so it would be good to add it to centmin script.

CSF however is not too easy to configure, at least i'm not sure what im doing. need to find tutorials on it. It really feels more suited for cPanel.

You can install phpMyAdmin through yum? Must admit I did not know that - I have always downloaded and installed it manually.
And yes, webservers are generally case sensitive (at least on Linux, Mac etc. - not always the case on Windows).

CSF is pretty easy to configure when you know what you are doing, when I get the chance to look into adding that I will be sure to provide a default configuration that is suitable for most people.

You can install phpMyAdmin through yum? Must admit I did not know that - I have always downloaded and installed it manually.
And yes, webservers are generally case sensitive (at least on Linux, Mac etc. - not always the case on Windows).

CSF is pretty easy to configure when you know what you are doing, when I get the chance to look into adding that I will be sure to provide a default configuration that is suitable for most people.

Yeah I was pretty surprised too!


yum install phpmyadmin


And that's it, it installs everything and just asks confirmation on password I think.

Nice work, installing this on a test machine.

While my goal is usually not minimal memory consumption, I have been toying with a lot of the same components and am looking to do a form of shared hosting using Nginx.

Also a vote for CSF or maybe we can make a "hook" script that is called by your script to add extra actions during certain points of your script?

I'll be taking either Monday or Tuesday off this coming week (as I have various other business related things that need taking care of then anyway) so should have a chance to look into getting CSF integrated on whichever day I have off.

Thinking along the lines of a "hook" script - possibly I could provide some "addon" scripts for things that not everyone may want (e.g. phpMyAdmin, CSF, etc.) and provide them as separate scripts that would get executed by the main script if specified?
Either that or perhaps get it to execute any scripts put in an addons folder? (though I am not sure how feasible that one would be - would need to look into it).

Something like that.
You could even create a folder with "extra's" which are short scripts that install things like CSF, but only if they are moved into the "install-extra" folder.

Or you could just include them interactively since your script is interactive :)

Hello,

Quite nice Script....

Few Question's.

Anyway to load mod_secruity?
And how to add addon/domain's?

Hello,

Quite nice Script....

Few Question's.

Anyway to load mod_secruity?
And how to add addon/domain's?

mod_security is only for Apache/cPanel as far as I know.

However here are some tips on securing Nginx and servers:

https://calomel.org/nginx.html
http://www.cyberciti.biz/tips/linux-security.html

Just an update, APC doesn't seem to want to install using

yum install apc


so had to compile it, however I wasn't able to fine the "extensions" folder.

Just an update, APC doesn't seem to want to install using ...

If you want to install APC it's simply a matter of
yum install php53-pecl-apc

Then
service php-fpm restart

Edit: Got the service parameters the wrong way round... sorry, had not had my coffee yet!

so had to compile it, however I wasn't able to fine the "extensions" folder.

Also, as you've already compiled it - apc.so would go in:
/usr/lib/php/modules/ (32bit)
/usr/lib64/php/modules/ (64bit)

By the way APC seems to use around 32MB RAM as standard (when added to PHP).

Also, as you've already compiled it - apc.so would go in:
/usr/lib/php/modules/ (32bit)
/usr/lib64/php/modules/ (64bit)

By the way APC seems to use around 32MB RAM as standard (when added to PHP).

Thanks for that, and wow that's a lot, what about xCache?

I just found out you can change the amount of memory APC uses by editing "apc.shm_size" in /etc/php.d/apc.ini
Size is in MB, so change apc.shm_size=32 to whatever you want.

I have never actually used a PHP accelerator of any kind (hence not knowing this before hand) - I wonder if it would actually make all that much difference or not on a low end box?

xCache (if you want to try it) you would need to install manually.

I just found out you can change the amount of memory APC uses by editing "apc.shm_size" in /etc/php.d/apc.ini
Size is in MB, so change apc.shm_size=32 to whatever you want.

I have never actually used a PHP accelerator of any kind (hence not knowing this before hand) - I wonder if it would actually make all that much difference or not on a low end box?

xCache (if you want to try it) you would need to install manually.

I think it would, depending on what is being run, sites running Joomla and WordPress usually work well with Nginx and APC/xCache handling more requests and lowering memory usage per request. I know for sure that APC and xCache properly configured can improve page load times too, that's why with PHP6 they wanted to have APC integrated by default.

There are 100's of benchmarks proving it, but I don't think there has been any recent benchmarks with Nginx + PHP-FPM + xCache/APC on any low end system. I would do it myself if i knew how. haha T.T

Also speaking of WordPress, it seems it won't update, or get plugins unless it has FTP access, so currently trying to configure vsftpd which seems to love to eat memory.

Also, just found that my.conf is world writable by default, i'm pretty sure that can't be right, maybe change its permissions after MySQL is setup ?

Also, just found that my.conf is world writable by default, i'm pretty sure that can't be right, maybe change its permissions after MySQL is setup ?

It should not be, just checked on a server that we used the script on:

[root@montreal ~]# ls -la /etc/ | grep my.cnf
-rw-r--r-- 1 root root 454 Sep 16 11:13 my.cnf

Edit: Just noticed you said my.conf - it should be my.cnf, not my.conf - are you sure you did not make a typo when editing things and create the file yourself?

Thanks for sharing this script Ill try it out later :) on my test server

It should not be, just checked on a server that we used the script on:

[root@montreal ~]# ls -la /etc/ | grep my.cnf
-rw-r--r-- 1 root root 454 Sep 16 11:13 my.cnf

Edit: Just noticed you said my.conf - it should be my.cnf, not my.conf - are you sure you did not make a typo when editing things and create the file yourself?

Actually I made a typo here, sorry. But yes that file had 777 permission, may have been after I installed phpmyadmin. When I was restarting mysqld it gave a warning that its world writable so I checked it. I'll confirm it next time I run the script.

I think it would, depending on what is being run, sites running Joomla and WordPress usually work well with Nginx and APC/xCache handling more requests and lowering memory usage per request. I know for sure that APC and xCache properly configured can improve page load times too, that's why with PHP6 they wanted to have APC integrated by default.

There are 100's of benchmarks proving it, but I don't think there has been any recent benchmarks with Nginx + PHP-FPM + xCache/APC on any low end system. I would do it myself if i knew how. haha T.T

Also speaking of WordPress, it seems it won't update, or get plugins unless it has FTP access, so currently trying to configure vsftpd which seems to love to eat memory.

That's generally because the webserver can't write to wordpress_install/wp-content/
Each php-fpm configuration needs to run as the user that owns the wordpress install.

edit: or you could of course give more privileges like 777, but I really recommend you run this as the proper user because it's way more secure in a multiuser setup.

Both PHP-FPM and Nginx run under a user/group created by the script - funnily enough, called nginx.

If the webserver can not write to the directory (as barry suggested - and it sounds like that to me too from what you described) then simply do a:
chown -R nginx:nginx /home/nginx

This will set the correct user/group on all the files/folders under it - and hopefully that should sort it out for you.

More updates coming soon, I worked on it a bit a few days back - but have not had the chance to test the changes. Will definitely spend some time on it over the weekend. :)

Both PHP-FPM and Nginx run under a user/group created by the script - funnily enough, called nginx.

If the webserver can not write to the directory (as barry suggested - and it sounds like that to me too) then simply do a:
chown -R nginx:nginx /home/nginx

Hopefully that should sort it out for you.

More updates coming soon, I worked on it a bit a few days back - but have not had the chance to test the changes. Will definitely spend some time on it over the weekend. :)

It still refuses, its something to do with WP3.0 and being more safer by allowing updates to happen by FTP/SFTP/FTPS i decided ill go with SFTP much easier.

I also did a benchmark of the Nginx setup using

ab -kc 1000 -n 10000 http://www.domain.info/test.php

Strangely I found many requests failed:
http://pastebin.com/0kqQq8jd

I tried static images too 'nginx-logo.png' and it had high failed requests too. I looked into the logs and found this error:


2010/09/24 10:36:33 [crit] 28301#0: *3180 open() "/home/nginx/domains/domain.info/public/nginx-logo.png" failed (24: Too many open files), client: 199.19.224.168, server: www.domain.info, request: "GET /nginx-logo.png HTTP/1.0", host: "www.domain.info"


I'm not sure what the problem is.

What version of Nginx are you using? Stable or Devel? Might be a bug (with Nginx).

What version of Nginx are you using? Stable or Devel? Might be a bug.

Stable:

[root@kuro ~]# nginx -v
nginx version: nginx/0.7.67

And are you testing it locally (as in running ab via SSH on your VPS), or on another machine? If the latter it may be connectivity issues between the two.

Just updated the kernel on my test VPS and am waiting for it to reboot, I'll try to do the same and see if I have any failures.

And are you testing it locally (as in running ab via SSH on your VPS), or on another machine? If the latter it may be connectivity issues between the two.

Just updated the kernel on my test VPS and am waiting for it to reboot, I'll try to do the same and see if I have any failures.

SSH(Putty) on my VPS from BuyVM

Edit: doesn't happen with .html files however.

Just tried it myself.

Failed requests: 962
(Connect: 0, Length: 962, Exceptions: 0)

I found out why though:

2010/09/24 12:13:59 [alert] 1539#0: *20413 socket() failed (24: Too many open files) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET /test.php HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "127.0.0.1"

Note the: (24: Too many open files)

No failures for nginx-logo.png however, perhaps that was a memory constraint?

Edit: Ahha, the magic of Google provided a potential solution (http://www.cyberciti.biz/faq/linux-unix-nginx-too-many-open-files/) :).

Just tried it myself.

Failed requests: 962
(Connect: 0, Length: 962, Exceptions: 0)

I found out why though:

2010/09/24 12:13:59 [alert] 1539#0: *20413 socket() failed (24: Too many open files) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET /test.php HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "127.0.0.1"

Note the: (24: Too many open files)

No failures for nginx-logo.png however, perhaps that was a memory constraint?

Edit: Ahha, the magic of Google provided a potential solution (http://www.cyberciti.biz/faq/linux-unix-nginx-too-many-open-files/) :).


Thanks! i'm trying out the solution right now, will update on if it works.

Well so far:


[root@kuro ~]# su - nginx
This account is currently not available.


So i modified the /etc/security/limits.conf to:


nginx soft nofile 10000
nginx hard nofile 30000


When i rebooted the images were being served fine, then i tired PHP and the socket() error came, after that i tried image again and it started to give errors too. I'm going to reboot again and see if it will help.

[root@kuro ~]# su - nginx

su - nginx will not do anything, reason being that the nginx user is setup with the "/sbin/nologin" shell, therefore you can not use it to login :P.

su - nginx will not do anything, reason being that the nginx user is setup with the "/sbin/nologin" shell, therefore you can not use it to login :P.

Yeah, the instructions said to do that to check limits, so that part did nothing so I moved on the the other steps.

Adding this to the nginx.conf:

worker_rlimit_nofile 30000;


Seems to have have fixed most of the issues:


[root@kuro ~]# ab -kc 1000 -n 10000 http://www.domain.info/test.php
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking www.domain.info (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests


Server Software: nginx
Server Hostname: www.domain.info
Server Port: 80

Document Path: /test.php
Document Length: 55951 bytes

Concurrency Level: 1000
Time taken for tests: 24.551297 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 0
Total transferred: 560940330 bytes
HTML transferred: 559789755 bytes
Requests per second: 407.31 [#/sec] (mean)
Time per request: 2455.130 [ms] (mean)
Time per request: 2.455 [ms] (mean, across all concurrent requests)
Transfer rate: 22312.18 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 71 359.6 1 3075
Processing: 3 1710 3317.9 375 22055
Waiting: 1 1680 3320.4 334 22053
Total: 63 1781 3358.5 396 22239

Percentage of the requests served within a certain time (ms)
50% 396
66% 532
75% 3119
80% 3251
90% 3877
95% 9089
98% 10583
99% 21628
100% 22239 (longest request)



Kinda slow I think ?

Kinda slow I think ?

25 seconds for 10,000,000 requests (assuming I am correct in thinking the total would be concurrency times requests) to be processed is slow? Wow, I wonder what a fast server is like in that case.

I must admit, I am not that familiar with ab, and what would be considered slow or fast for it.

25 seconds for 10,000,000 requests (assuming I am correct in thinking the total would be concurrency time requests) to be processed is slow? Wow, I wonder what a fast server is like in that case.

I must admit, I am not that familiar with ab, and what would be considered slow or fast for it.

I think its for only 10,000 requests in sets of 1,000. So I guess its slow. But compared to Apache its much better results.

I think its for only 10,000 requests in sets of 1,000. So I guess its slow. But compared to Apache its much better results.

Ahh, ok. That makes more sense. Though unless you're running a popular website, it's pretty unlikely you would have 1000 concurrent requests anyhow :)
And if you did, you probably wouldn't be running it on a low-end VPS ;)

At 1000 concurrent you are most likely waiting for a free PHP worker to process your request.
While running this benchmark, do you max out cpu usage?

What specs do you run?
What does test.php do?

System (BuyVM):

RAM 256/512
Cores 2


File: test.php

<?php
phpinfo()
?>


Before Benchmark:

top - 12:01:45 up 3 min, 1 user, load average: 0.01, 0.03, 0.00
Tasks: 28 total, 1 running, 27 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2%us, 0.0%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 524288k total, 112504k used, 411784k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached



Benchmark Top Stats:

top - 12:30:02 up 31 min, 2 users, load average: 3.41, 1.56, 0.83
Tasks: 85 total, 2 running, 83 sleeping, 0 stopped, 0 zombie
Cpu(s): 40.8%us, 17.5%sy, 0.0%ni, 41.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 524288k total, 256488k used, 267800k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached


Benchmark Results:

[root@kuro ~]# uname -a
Linux kuro.domain.info 2.6.18-194.8.1.el5.028stab070.5 #1 SMP Fri Sep 17 19:10:36 MSD 2010 i686 i686 i386 GNU/Linux
[root@kuro ~]# ab -kc 1000 -n 10000 http://www.domain.info/test.php
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking www.domain.info (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests


Server Software: nginx
Server Hostname: www.domain.info
Server Port: 80

Document Path: /test.php
Document Length: 55951 bytes

Concurrency Level: 1000
Time taken for tests: 29.895854 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 0
Total transferred: 562503264 bytes
HTML transferred: 561349469 bytes
Requests per second: 334.49 [#/sec] (mean)
Time per request: 2989.585 [ms] (mean)
Time per request: 2.990 [ms] (mean, across all concurrent requests)
Transfer rate: 18374.42 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 34 276.9 0 3031
Processing: 25 2129 5302.5 306 29775
Waiting: 2 2088 5274.2 274 29764
Total: 84 2164 5318.5 313 29890

Percentage of the requests served within a certain time (ms)
50% 313
66% 425
75% 575
80% 767
90% 4685
95% 16513
98% 23587
99% 23670
100% 29890 (longest request)



Any more details you'd like ^^ ? Though I feel like i'm stealing this thread with all these benchmark results. But It helps promote the script for people to try.

If I'm reading this correctly, you are not maxing out your CPU during the run.
Maybe increase the amount of php-fpm processes?

Increase the max_children option in your fpm config.
Also, how many nginx workers do you have? you should have at least 2

;7030632']If I'm reading this correctly, you are not maxing out your CPU during the run.
Maybe increase the amount of php-fpm processes?

Increase the max_children option in your fpm config.
Also, how many nginx workers do you have? you should have at least 2

Yes i'm not maxing out CPU or RAM, only a slightly high load, but considering the connections it seems quite surprising.

FPM (default):

pm.max_children = 50
pm.start_servers = 4
pm.min_spare_servers = 4
pm.max_spare_servers = 35



Nginx:

worker_processes 4;

events {
worker_connections 4096;
}


The only thing I noticed out of the ordinary is that the spawned php-fpm processes don't die after everything is done, they stay idle. Which im not sure is right.

They should go down towards the minimum, but I never really tested php-fpm too thoroughly.
Did changing the workers help?

Thanks Ben for great script!
Can you let me know how to config Nginx conf file to work with Wordpress Permalink Settings?

Here is my nginx conf when using LEB script, it works fine


server {
server_name demo.com;
root /var/www/demo.com;
include /etc/nginx/fastcgi_php;
location / {
index index.php;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php last;
}
}
}

Have a look at the Nginx wiki.
This should get you started...

http://wiki.nginx.org/Wordpress

Small update:

- Nginx default download has been changed to nginx-0.8.51 as 0.8.x is now the stable branch.
- Option to install APC has been added.

To make it easier for integration with other systems, scripts, etc. the latest version can now always be downloaded from one URL, and this also adds the option to download it from our US mirror (when the mirror has been setup).

As always, grab it from http://www.btcentral.org.uk/projects/centmin/

Expect more updates on their way over the next week or so. However currently we are busy moving our sites from Germany -> UK, and setting up the US mirror.

Small update:

- Nginx default download has been changed to nginx-0.8.51 as 0.8.x is now the stable branch.
- Option to install APC has been added.

To make it easier for integration with other systems, scripts, etc. the latest version can now always be downloaded from one URL, and this also adds the option to download it from our US mirror (when the mirror has been setup).

As always, grab it from http://www.btcentral.org.uk/projects/centmin/

Expect more updates on their way over the next week or so. However currently we are busy moving our sites from Germany -> UK, and setting up the US mirror.

Awesome update, can't wait for more additions ^^

Hi Ben,

I notice you have just purchased a VPS from Linode. Have you had a chance to see if this works OK on their VPS'?

I guess, even though this is developed for CentOS, it would still work OK on Fedora.

;7034752']Hi Ben,

I notice you have just purchased a VPS from Linode. Have you had a chance to see if this works OK on their VPS'?

I guess, even though this is developed for CentOS, it would still work OK on Fedora.

Hi Paul,

We have indeed - it works just fine. It's actually what we used to do the majority of the legwork when setting it up - we already the company site up and running on it.
We'll be switching the DNS soon so that the website loads from our linode, though mail etc. will still go to the old server until we have the chance to set it up.

As for Fedora, that's a good point - it probably would, though we have not tested it. If anyone fancies trying it on Fedora, let us know if it works. ;)

That's good to hear.

You should try and port it to stackscript, Linodes automated setup scripting language.

If you want a bit of help with that drop me an email.

That's something that could certainly be looked into (though probably at a later stage, when the script has more of the features we have in the pipeline :)).
Hopefully looking to switch to the UK server as soon as tomorrow - a few last things to be done before that though (setup CSF, etc.) however if it is not done then it'll likely be Thursday, as I have a meeting all day Wednesday.

Thanks for the script but I have a problem (or rather I don't know how) to setup my zonefile to use google apps.

Currently its as follows but its not working

$TTL 14400
@ IN SOA ns1.yomu.me. hostmaster.yomu.me. (
2010091500
14400
3600
1209600
86400 )

; Nameservers
yomu.me. 14400 IN NS ns1.yomu.me.
yomu.me. 14400 IN NS ns2.yomu.me.

; A Records
@ 14400 IN A 178.63.127.245
ftp 14400 IN A 178.63.127.245
localhost 14400 IN A 127.0.0.1
ns1 14400 IN A 178.63.127.245
ns2 14400 IN A 178.63.127.245
mail 14400 IN IN A 178.63.127.245
pop 14400 IN A 178.63.127.245
smtp 14400 IN A 178.63.127.245
www 14400 IN A 178.63.127.245

; MX Records
@ 14400 IN MX 1 ASPMX.L.GOOGLE.COM
@ 14400 IN MX 5 ALT1.ASPMX.L.GOOGLE.COM
@ 14400 IN MX 5 ALT2.ASPMX.L.GOOGLE.COM
@ 14400 IN MX 10 ASPMX2.GOOGLEMAIL.COM
@ 14400 IN MX 10 ASPMX3.GOOGLEMAIL.COM

; TXT Record (for SPF)
yomu.me. 14400 IN TXT "v=spf1 a mx ip4:178.63.127.245 ~all"


Any guidance is appreciated.

Well, for a start you would get rid of both of these:

mail 14400 IN IN A 178.63.127.245
yomu.me. 14400 IN TXT "v=spf1 a mx ip4:178.63.127.245 ~all"

As neither are relevant to your server if you are using an external mail provider - but other than that I have no clue, you'll need to Google it or something. Sorry.

Version 1.0.7 released, another small update I am afraid as we are still in the process of server migration.
More updates will be coming soon however.

- Updated default Nginx version to 0.8.52.
- Added nginx-update.sh in Extras folder (allows you to update Nginx to the latest version easily).

As per usual, it is available for download here (http://www.btcentral.org.uk/projects/centmin/).

Version 1.0.7 released, another small update I am afraid as we are still in the process of server migration.
More updates will be coming soon however.

- Updated default Nginx version to 0.8.52.
- Added nginx-update.sh in Extras folder (allows you to update Nginx to the latest version easily).

As per usual, it is available for download here (http://www.btcentral.org.uk/projects/centmin/).

Awesome update, ill try it out later today, I wonder if the memory problem from the dev version was fixed.
Also you wouldn't happen to have any experience with Nginx + BuddyPress(WordPress Addon) ?

Awesome update, ill try it out later today, I wonder if the memory problem from the dev version was fixed.

If you just want to update to the latest Nginx (rather than running the whole script again) extract the files then it's as simple as this:

cd Extras
chmod +x ./nginx-update.sh && ./nginx-update.sh

Tell it the version you want to install (0.8.52) and hit enter it should update it for you without having to run Centmin again :)
Our website is now on Linode running Nginx and we used this to update Nginx yesterday - worked perfectly - just need to find the time to move the mailserver, SSL etc. (at which point I will likely get round to adding a mailserver setup to Centmin).

Also you wouldn't happen to have any experience with Nginx + BuddyPress(WordPress Addon) ?

Not recent experience. However if you're looking to get URL rewriting working, it's as simple as this (http://pastie.org/1198099) (find and replace demo.com with your domain without the www. and you should be good to go).
Wordpress definitely works fine on Nginx if that's what you were wondering.

;7034752']I guess, even though this is developed for CentOS, it would still work OK on Fedora.

One of my test VPS had the option to install FC13, so I installed it this morning and tested it. Everything except PHP installs correctly.
It's actually fairly simple to switch out php-fpm for FC13's php-fcgi (which also happens to be 5.3.3) and implement a startup script.

If anyone is interested in Fedora support, then this could be implemented.

This is very usefull thanks Ben

I was installing this on a friend's VPS, I ran a benchmark and I noticed it was much slower, even tho the system is the same. I noticed thses entries in the error.log


2010/10/04 17:26:44 [error] 28240#0: *28617 upstream prematurely closed connection while reading response header from upstream, client: 199.19.224.168, server: minitheatre.info, request: "GET / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "minitheatre.info"
2010/10/04 17:26:45 [error] 28246#0: *25115 upstream timed out (110: Connection timed out) while connecting to upstream, client: 199.19.224.168, server: minitheatre.info, request: "GET / HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "minitheatre.info"

Haven't played with this since the early days but I have a test VPS that I'm going to install it on (hopefully today). As always good work Ben!

YoVPS, no problem :)

Dregond Rahl, I will try installing Wordpress myself while watching a film or something this evening.
That sort of thing sounds like it could be the result of a segfault, or perhaps an out of memory error - I will see if I can duplicate the issue.

I have not had any of that sort of error on our production sites that have used this script however (having just checked the error logs), so it may well be a VPS issue.

Nnyan, have fun - be sure to let me know how you get on!

Excellent work Ben!

Thanks Neosurge.

Dregond Rahl - I tried installing Wordpress on my test VPS and could not replicate the issue, seems to work just fine (including the re-written URLs using the sample config I gave).
Apologies for the delay in getting back to you on this, we recently canceled one of our test VPS, and the other was out of action yesterday so I was not able to try it.

I can therefore only assume that it is an issue with the VPS your friend is using.

Hi Ben,

I have not tried this just yet, but I have been following the thread with interest. I will however have a look at this towards the end of the week.

I do however have a couple of questions:

Is there a way to only install certain applications? For example we do not run our own DNS servers, so we do not need NSD to be installed.
Is this a full fat bash script, or is it written in something lighter, like sh?
Does it check to see if /tmp and /var/tmp are separate partitions, before trying to secure them? Also does it check to see if /var/tmp is a symbolic link to /tmp?
How does it check the timezone the server should be running? As an example, while we have some servers in the US, we run them under the Europe/London timezone, is that possible?
Is everything, that is in the base CentOS repos, installed via yum, or are they compiled and installed manually?


One last question, have you considered using a service like Codebase (http://www.codebasehq.com/) to run your development on? One advantage of that is that people outside of BTC can contribute code themselves, rather than asking you to implement it.

If you did move your development to Codebase, or even GitHub then I would like to help with adding some features.

Thanks Neosurge.

Dregond Rahl - I tried installing Wordpress on my test VPS and could not replicate the issue, seems to work just fine (including the re-written URLs using the sample config I gave).
Apologies for the delay in getting back to you on this, we recently canceled one of our test VPS, and the other was out of action yesterday so I was not able to try it.

I can therefore only assume that it is an issue with the VPS your friend is using.

Thanks for looking into this for me Ben, I appreciate it. I'm trying a reinstall later today, its pretty strange, hopefully it won't show up again. I believe is it some sort of network congestion or memory problem. I'll try again and find out for sure.

Thanks again.

;7048618']I do however have a couple of questions:

Is there a way to only install certain applications? For example we do not run our own DNS servers, so we do not need NSD to be installed.
Is this a full fat bash script, or is it written in something lighter, like sh?
Does it check to see if /tmp and /var/tmp are separate partitions, before trying to secure them? Also does it check to see if /var/tmp is a symbolic link to /tmp?
How does it check the timezone the server should be running? As an example, while we have some servers in the US, we run them under the Europe/London timezone, is that possible?
Is everything, that is in the base CentOS repos, installed via yum, or are they compiled and installed manually?


One last question, have you considered using a service like Codebase (http://www.codebasehq.com/) to run your development on? One advantage of that is that people outside of BTC can contribute code themselves, rather than asking you to implement it.

If you did move your development to Codebase, or even GitHub then I would like to help with adding some features.

1) Sure, near the top of the script there is a configuration section that you can set to Y or N to control installation of various software, including NSD.

2) Currently it is set to use /bin/bash - however having just checked it works just fine with /bin/sh.
I will change the default interpreter to /bin/sh this evening when 1.0.8 is released.

3) Not currently, at the moment it assumes /tmp and /var/tmp are folders, deletes them, re-mounts /tmp as tmpfs with the "rw,noexec,nosuid" options, and then adds the same to /etc/fstab, /var/tmp is then symlinked to /tmp.
Securing folders is a yes/no question that you have the option to answer when the script is running (rather than in the configuration section) as standard at the moment. This may change in future releases.

4) That's simple - it does not do any auto-detection, that is something that would be set by the user in the configuration - default is set to Europe/London as an example.

5) Yes, everything available in the base repo is installed via yum. The only things that would be compiled (if enabled) are NSD and Nginx.

6) When the script is up to a point where we would consider it "Feature Complete" then that is something we could look into.
While we would not be looking to go with a paid service such as Codebase, Github might be an option, alternatively we may look into setting up a Git repo + Trac (or similar) ourselves.

---

Question for everyone:

Would you prefer to have more yes/no questions presented to you during the running of the script?
Or would you prefer to have to answer them in the configuration section, and have as much of the script as possible not requiring any user interaction?

Thanks for all the comments/suggestions so far.

Hi Ben,

Thanks for your answers, as I said before I will have a look at this over the weekend.

So far only had time to install it on two VM's (one of them a Xen 32bit on a 64bit node) and they installed without a hitch.

As to your question I like having both options, the interactive nature of this script is a very cool feature.

Thanks for the feedback Nnyan, and great to hear it's working properly for you.

---

v1.0.8 Released:

- BUGFIX: Nginx update script is no longer deleted after use.
- UPDATE: Switched default interpreter to /bin/sh from /bin/bash.
- Script now removes files it downloads after use.

As per usual, it is available for download here (http://www.btcentral.org.uk/projects/centmin/).

Wow this sounds really cool!

I'm definitely going to try this out and will update you with the outcome :)

In my Xen VM (newly created nothing running on it) the default install of this script (only thing not installed was DNS) uses 172mb of ram. I'll do some alternative installs to get some comparisons but that seems pretty good at first glance.

Ben,

Have you given any thought to CSF and SSH hardening (if this is something you're interested in adding I know this was asked before)?

In my Xen VM (newly created nothing running on it) the default install of this script (only thing not installed was DNS) uses 172mb of ram. I'll do some alternative installs to get some comparisons but that seems pretty good at first glance.

That seems somewhat higher than in our Xen testing - on our Xen VPS (at Linode), with everything other than NSD (so same as you) running, plus CSF it's currently using 56MB - and that's on our production VPS currently running our live website.

Were there many other services running as standard? Or was it a minimal template?

The only other reasons I can think of this being are you're using 64bit (we're on 32bit), or are you using a Xen HVM VPS? We're on a Paravirtualized one.

Have you given any thought to CSF and SSH hardening (if this is something you're interested in adding I know this was asked before)?

Yes, definitely - that's something "coming soon".

I meant to mention, mail server setup is also coming soon (Dovecot & Postfix), having recently finished manually setting up both on a test VPS (it's been quite some time since I last had to) - it should be easy enough to automate.

As standard it will setup SSL/TLS for both IMAPS and POP3S support, obviously along with SMTP authentication etc.

I don't think it's a minimal install I'll have to take a look, next time I see you online I'll send you the login info.

My bad on the memory use. The default OS template after a fresh install uses 12mb (CentOS 5.5). After a "yum update" the memory use is 23-25M. Installed the script and immediately after it's using 43mb. Rebooted the VM and memory use is pretty steady at 25m (not doing anything with vps just a test box).

great job Ben, will give it a try as well :)

Wanted to bump this to see if there are any updates = )

Wanted to bump this to see if there are any updates = )

No script updates yet I am afraid - we have been too busy with work for clients and sorting out a few server issues over the last week unfortunately.

There are a few mentionable things however.

You can now get to the site via http://www.centmin.com too - as this is hopefully somewhat easier to remember than the previous link ;)

We also now have two mirror locations in the US (in addition to our UK download location with Linode (http://www.linode.com)):

- East coast (New York) with 6sync (http://www.6sync.com).
- West coast (Los Angeles) with PhotonVPS (http://www.photonvps.com).

And finally, if you want to keep up to date on Centmin releases, news, etc. then you can now follow us on twitter.

Details of all the above are available at http://www.centmin.com.

I'd love to see it :)

Agreed. I would like to see it. :)

Agreed. I would like to see it. :)

Hi FS-Gavin, it's already available now - you can grab the latest version from http://www.centmin.com

Can you choose your mysql password on install?
Would you we able to add a phpmyadmin auto installer also?

Will try this soon it seems great.

Ben,

Sorry for not staying on top of this as much as I should ;)
I'm looking to contribute some extra's for this script and I actually have some time off next week.
Some of the things I have in mind:

* Create a utilities folder with a few scripts:
- Add new domain script (creates a user/group, adds nginx virtual server, creates new fpm worker pool for this user, creates a MySQL user + database using the same login credentials for the user)
-Remove domain (cleanly reverse the create action)

I've done many of these actions manually, now I just need to automate them in bash :)

thank this is great script.

greet
<<signatures to be set up in your profile>>

Can you choose your mysql password on install?
Would you we able to add a phpmyadmin auto installer also?

Will try this soon it seems great.

Yes, assuming you opt to install MySQL (it is by default, however you have the option to turn it off) it will prompt you for a MySQL password during the process.

As for phpMyAdmin, not at this point in time - the reason I say that is because scripts such as phpMyAdmin do not have the best of security histories, and automatically installing this could open up a VPS to vulnerabilities - especially if the user is not aware it has even been installed. Maybe as an optional add-on that the user would run at some point however.

;7071522']Ben,

Sorry for not staying on top of this as much as I should ;)
I'm looking to contribute some extra's for this script and I actually have some time off next week.
Some of the things I have in mind:

* Create a utilities folder with a few scripts:
- Add new domain script (creates a user/group, adds nginx virtual server, creates new fpm worker pool for this user, creates a MySQL user + database using the same login credentials for the user)
-Remove domain (cleanly reverse the create action)

I've done many of these actions manually, now I just need to automate them in bash :)

Sounds great - thanks :)

thank this is great script.

No problem :)

---

CSF + Mail Server support are still coming soon, apologies for the delay in this - we have been rather busy with work for clients recently.

Hopefully I should find the time to finish adding support for it by the end of the week.

Yes, assuming you opt to install MySQL (it is by default, however you have the option to turn it off) it will prompt you for a MySQL password during the process.

As for phpMyAdmin, not at this point in time - the reason I say that is because scripts such as phpMyAdmin do not have the best of security histories, and automatically installing this could open up a VPS to vulnerabilities - especially if the user is not aware it has even been installed. Maybe as an optional add-on that the user would run at some point however.



Sounds great - thanks :)



No problem :)

---

CSF + Mail Server support are still coming soon, apologies for the delay in this - we have been rather busy with work for clients recently.

Hopefully I should find the time to finish adding support for it by the end of the week.
The mailserver and csf will be great as long as we have a choice install. What would you recommend for managing multiple databases easily? I tried you script and its pretty much a set and forget type thing with casual updates but I like to simplify my mysql editing and stay out of the console.


Also you should try getting a sponsor or getting a donation page. This would be great for hosts that offer small 128mb plans and such and they could provide there clients with a setup that does not require much tweaking.

When Running "nginx-update.sh" to upgrade to 0.8.53 I found that if fails unless "nginx" service is stopped before running the script. Maybe in your next release you can stop the service, download, install the upgrade and then start up the service ?

Thanks!

The mailserver and csf will be great as long as we have a choice install. What would you recommend for managing multiple databases easily? I tried you script and its pretty much a set and forget type thing with casual updates but I like to simplify my mysql editing and stay out of the console.

By all means, feel free to install phpMyAdmin yourself - we use it all the time too, it's just something we do not want to install on a system by default, as we would need to keep issuing updates for every phpMyAdmin security update etc.

Also you should try getting a sponsor or getting a donation page. This would be great for hosts that offer small 128mb plans and such and they could provide there clients with a setup that does not require much tweaking.

We have had a few enquiries about sponsorship, donations, mirrors, etc. For now, if anyone is interested in any of the above then please feel free to contact us via our website and I will get back to you - we do not need any more mirrors currently as the script is a small download.

When Running "nginx-update.sh" to upgrade to 0.8.53 I found that if fails unless "nginx" service is stopped before running the script. Maybe in your next release you can stop the service, download, install the upgrade and then start up the service ?

Thanks!

Odd - were you using the latest version of Centmin? (Check to see if the nginx update script has been deleted, if it has you were not) it does exactly that (see the pastie log of our update below).
http://pastie.org/private/g1lx2ode1xcyxg0gzevgca

@ techjr

Maybe helpful to you; You could also setup MySQL to accept connections from outside (if properly secured) and you could then use the excellent MySQL workbench to access your databases and configuration.
It would mean opening up port 3306 and doing additional security setups

phpMyAdmin these days is one of the standard services worms check for to exploit (most of my 404 errors are attempts at loading various exploitable versions of phpMyAdmin)
Obviously you can install it (and you would have to secure it much like phpMyAdmin)

My usecase for "Centmin" is different though, I just want an efficient setup for Nginx, php-fpm and (Percona) MySQL on regular "big" servers. If you can tolerate more memory consumption I'd recommend installing Webmin which gives you plenty access to MySQL as well and has a much better security trackrecord.
Good luck and I hope to add some of my own additions to the script.
I'm no Bash guru, but you learn through doing I suppose :)

Works great so far. Do I have your permission to add a GUI to this or implement it into a website script/ or make some large changes to the program.

Wow this looks like a great script
I will surely come and download it once I get my CentOS VPS
Thanks for this!

BTCentral - Ben
I've been a member on here for years and this is my first post...I just wanted to say thank you for sharing this fantastic script!

@barry[CoffeeSprout]
your contributions sound very useful. Any updates?

hehe I must be one of the oldest "new members" on here :)

Hi,

Yes and no.. currently I'm busy with a few other things so please don't expect anything until thursday.
I'll let you guys know and I'll share contributions as I have them.

Regards,

Barry

Tested this script once again on another server and its running about 74mb of ram.

I would love to be able to get it to 60mb. I have tried AFC and no AFC with the same memory usage. This is perfect for 128mb ram. Now I am interested on how well this would perform on an 80mb ram vps. I will make some tweaks and if I can drop the usage by 14 more mb I will post here so others can try it.

I would love to be able to get it to 60mb. I have tried AFC and no AFC with the same memory usage. This is perfect for 128mb ram. Now I am interested on how well this would perform on an 80mb ram vps. I will make some tweaks and if I can drop the usage by 14 more mb I will post here so others can try it.

If you're on OpenVZ, try editing /etc/rc.d/init.d/mysqld and adding a "ulimit -s" line just before "mysqld_safe" is called in the "start section...


ulimit -s 512
/usr/bin/mysqld_safe --datadir="$datadir" --socket="$socketfile" \
...

Here's what I see...

With a minimalistic /etc/my.cnf before adding the ulimit:


[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 22 489 0 0 0
-/+ buffers/cache: 22 489
Swap: 0 0 0
[root@sm:~] service mysqld start
Starting MySQL: [ OK ]
[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 38 473 0 0 0
-/+ buffers/cache: 38 473
Swap: 0 0 0


And then after:

[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 22 489 0 0 0
-/+ buffers/cache: 22 489
Swap: 0 0 0
[root@sm:~] service mysqld start
Starting MySQL: [ OK ]
[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 28 483 0 0 0
-/+ buffers/cache: 28 483
Swap: 0 0 0

That's a 10 MB memory reduction. It's also an experimental VPS; you might want to investigate more before doing it on a production machine :)

sleddog

Works great so far. Do I have your permission to add a GUI to this or implement it into a website script/ or make some large changes to the program.

Feel free, just bear in mind that if you make changes to the script then they will need to be released under the GPL.
However if you are making something (such as a web-interface) that interfaces with the script but no changes to the actual script the interface would not be required to be GPL'd.

To make things a bit clearer for everyone:

- If modules, plugins, changes to the code of/for the script etc. are made then they have to be released under the GPL.
- If you created a separate interface for the script (for example a web-based GUI) that does not modify the original script in any way, then you can license your GUI in any way you see fit, however the original script still remains under the GPL.

---

Teh Wallhacks, data_banks - No problem :)

thanks ben i will try it. i hope it's run smoothly

If you're on OpenVZ, try editing /etc/rc.d/init.d/mysqld and adding a "ulimit -s" line just before "mysqld_safe" is called in the "start section...


ulimit -s 512
/usr/bin/mysqld_safe --datadir="$datadir" --socket="$socketfile" \
...

Here's what I see...

With a minimalistic /etc/my.cnf before adding the ulimit:


[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 22 489 0 0 0
-/+ buffers/cache: 22 489
Swap: 0 0 0
[root@sm:~] service mysqld start
Starting MySQL: [ OK ]
[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 38 473 0 0 0
-/+ buffers/cache: 38 473
Swap: 0 0 0


And then after:

[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 22 489 0 0 0
-/+ buffers/cache: 22 489
Swap: 0 0 0
[root@sm:~] service mysqld start
Starting MySQL: [ OK ]
[root@sm:~] free -m
total used free shared buffers cached
Mem: 512 28 483 0 0 0
-/+ buffers/cache: 28 483
Swap: 0 0 0

That's a 10 MB memory reduction. It's also an experimental VPS; you might want to investigate more before doing it on a production machine :)

sleddog
Thanks. I am running a minimal install and after reformatting twice I started running your usage. That mysql tweak worked great also! :agree:'

I have had to replace nginx with apache though because for some reason I could not view the site after editing some files via the sites ip address but the apache install worked fine. I must have done something bad without knowing it but as long as it installs mysql and such easily I am happy.

That mysql tweak worked great also!

Glad to here. I've been running it on a small production box for a day with no problems. Reclaiming 10 of 128 MB helps :)

Glad to here. I've been running it on a small production box for a day with no problems. Reclaiming 10 of 128 MB helps :)

Yes it does :). Its actually at about 58mb now after even further tweaks *Not sure if it will affect performance but we will see*

What other things have you done to get under 30mb ram usage? My host does not let me use my own custom iso or anything which would cut down another 20mb ram, only the basic centos setup provided from the centos site. But for the price I am paying I will live with it.



I'm just trying to figure out how to get nginx working. I would like to view my site via the ip and even making some tweaks I cannot do that or configure multi sites easily. (I must be doing something stupid as I can do this perfectly via apache which is my reasoning for going back to apache.)


The good news is my back end for the GUI is coming along nicely which will also include a very optimized apache using similar ram option for whatever the user prefers along with lighttpd- GPL release.

techjr, The best way of getting your site working with your ip address is to use

server_name _; #default

I tried to post working code but I don't have 5 posts yet. If you're still stuck i'll help you out.

techjr, The best way of getting your site working with your ip address is to use

server_name _; #default

I tried to post working code but I don't have 5 posts yet. If you're still stuck i'll help you out.

Thanks,

I will see what I can do later tonight. I have apache and lighttpd working with this program so I just need to learn what i'm doing wrong with nginx :blush:


I never really thought much of it until now but this centmin could be easily setup to deploy partly secured low memory servers for unmanaged clients instantly. I know there is a large majority of people that do not even secure /tmp and even though its basic its better then what most beginners do in terms of security.

For anyone having a stupid moment like me heres the code for the virtual.conf file to view your site via ip if you are running a single site. I have my domain folder named localhost but you could name it whatever you want.


server {
listen 80 default;
server_name _;


access_log /home/nginx/domains/localhost/log/access.log;
error_log /home/nginx/domains/localhost/log/error.log;

location / {
root /home/nginx/domains/localhost/public;
index index.php index.html index.htm;
}

location ~ \.php$ {
root /home/nginx/domains/localhost/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/nginx/domains/localhost/public$fastcgi_script_name;
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi_params;
}
}



Still curious how some people are running like 30mb ram with mysql and I am running 59... (Was 59 now its 80 it seems to jump back and forth after I access phpmyadmin or login to the server)

For anyone having a stupid moment like me heres the code for the virtual.conf file to view your site via ip if you are running a single site. I have my domain folder named localhost but you could name it whatever you want.




Still curious how some people are running like 30mb ram with mysql and I am running 59... (Was 59 now its 80 it seems to jump back and forth after I access phpmyadmin or login to the server)


It sometimes depends on how much total RAM you have, also if you have phpmyadmin its a little higher, and depends on how many works/processes you are running. The amount they are saying is right after install.

It sometimes depends on how much total RAM you have, also if you have phpmyadmin its a little higher, and depends on how many works/processes you are running. The amount they are saying is right after install.

128mb of ram at the moment. 59 used and once I launch then close phpmyadmin or winscp it jumps around 80. Mysql is using a minimal configuration.

Not a big deal just bugs me to use 20mb+ more ram to access it. The good news is I slammed the server with requests and ram only went up 22 more mb and the cpu stayed just about 0.04 the whole time after more then 50 requests per second. Not much but more then the site will ever get. This centmin script seems like it would work great even on the very high end servers with no issue :agree:


I am also pulling 47.0M/s download and about the same upload to people in Europe. As a sort of off topic thing, if anyone wants to test this script without buying a server or they cant use it on an existing one http://www.virtualbox.org/ download it and download centos from the centos website and run it that way.

Setting up Postfix and Dovecot for "virtual domain" mail without using MySQL is not the easiest of things to do.

Having said that, I have finally done it - and now just need to script the whole process. This means hopefully within the next week there should be a new version containing both mailserver setup & CSF support - sorry for the delay.

Setting up Postfix and Dovecot for "virtual domain" mail without using MySQL is not the easiest of things to do.

Having said that, I have finally done it - and now just need to script the whole process. This means hopefully within the next week there should be a new version containing both mailserver setup & CSF support - sorry for the delay.

Great to know.


(After awhile have a free and paid version) Depending on the features this script is something I would offer to friends and clients after more testing and development.


Offtopic: Cannot wait for your eCMS and user authenticate.

Hey guys, I am fairly new with VPS and had trouble installing things myself for along time and someone referred me to Centmin. Within an hour or so I had my domain up and running! Thanks for this awesome script and easy instructions.

I am in a little problem though, I have multiple domains and I was able to get one up following the Centmin's readme file. I think the knowledge that I am lacking on is the (NSD) portion. How do I setup a second domain? I tried copying the same demo.com folder from home/nginx/domains/ and renaming it my secondary domain demo2.com and also made a second zone file in masters folder which had everything same as demo.com. It seems like when I try to ping my second domain nothing relays back to me as if my ns1.demo2.com and ns2.demo2.com don't even exist. I pretty much copied everything exactly the same other than replacing demo.com with demo2.com, but why isn't it working?

Can anyone go into detail of how I should setup my NSD so that I can host multiple domains on the same VPS using Centmin? Or is there anything I am overlooking that's causing this problem?

Thanks alot, any help would be appreciated!

http://articles.slicehost.com/2009/2/25/centos-nginx-virtual-hosts

any possibility of getting thttpd included in the script (working with Nginx)?

http://wiki.nginx.org/ThttpdCGI

Hey Nnyan, the article was helpful but my main problem is the NSD (nameservers), i got it working for 1 domain but it doesnt seem to pick up on my other domain.

Did you add the IPs properly? also add the domain to http://www.intodns.com and see what errors it shows up.

The following errors show up after scanning my second domain @intoDNS


Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records.

DNS servers responded ERROR: One or more of your nameservers did not respond:
The ones that did not responded are:

Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.

Missing nameservers reported by your nameservers You should already know that your NS records at your nameservers are missing, so here it is again:

SOA record No valid SOA record came back!

MX Records Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!

WWW A Record ERROR: I could not get any A records for www.xxxx.com!

I guess my main concern is.. for my domain1.com all IPs are the same for ns1.domain1.com and ns2.domain1.com and I noticed alot of webhosts use like 3 NS servers with IPs that are different. I am not sure if that is the cause but Centmin told me to just replace all the IP's with my VPS one so all my ns servers come out with the same IP.

Also, for every new domain that I have, do I need to make a new zonefile? Below is my nsd.conf and zonefile.

nsd.conf
server:
# zonefile: to store pid for nsd in.
pidfile: "/var/run/nsd/nsd.pid"

# The directory for zonefile: files.
zonesdir: "/etc/nsd"

zones:
name: "domain1.com"
zonefile: "master/domain1.com.zone"

name: "killsteal.com"
zonefile: "master/domain2.com.zone"

zonfile (both domains have exact same settings, just changed domain1 with domain2) IP was also changed to xxx.

$TTL 14400
@ IN SOA ns1.domain1.com. hostmaster.domain1.com. (
2010091500
14400
3600
1209600
86400 )

; Nameservers
domain1.com. 14400 IN NS ns1.domain1.com.
domain1.com. 14400 IN NS ns2.domain1.com.

; A Records
domain1.com. 14400 IN A xxx.xxx.xxx.xx
ftp 14400 IN A xxx.xxx.xxx.xx
localhost 14400 IN A 127.0.0.1
mail 14400 IN A xxx.xxx.xxx.xx
ns1 14400 IN A xxx.xxx.xxx.xx
ns2 14400 IN A xxx.xxx.xxx.xx
pop 14400 IN A xxx.xxx.xxx.xx
smtp 14400 IN A xxx.xxx.xxx.xx
www 14400 IN A xxx.xxx.xxx.xx

; MX Record
domain1.com. 14400 IN MX 10 mail

; TXT Record (for SPF)
domain1.com. 14400 IN TXT "v=spf1 a mx ip4:xxx.xxx.xxx.xx ~all"



I have also attached my virtual.conf file below, let me know if I set it up wrong.

server {
listen 80;
server_name localhost;

location / {
root html;
index index.html index.htm;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}


server {
listen 80;
server_name domain1.com;
rewrite ^/(.*) http://www.domain1.com/$1 permanent;
}

server {
listen 80;
server_name www.domain1.com;

access_log /home/nginx/domains/domain1.com/log/access.log;
error_log /home/nginx/domains/domain1.com/log/error.log;

location / {
root /home/nginx/domains/domain1.com/public;
index index.php index.html index.htm;
}

location ~ \.php$ {
root /home/nginx/domains/domain1.com/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/nginx/domains/domain1.com/public$fastcgi_script_name;
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi_params;
}
}


server {
listen 80;
server_name domain2.com;
rewrite ^/(.*) http://www.domain2.com/$1 permanent;
}

server {
listen 80;
server_name www.domain2.com;

access_log /home/nginx/domains/domain2.com/log/access.log;
error_log /home/nginx/domains/domain2.com/log/error.log;

location / {
root /home/nginx/domains/domain2.com/public;
index index.php index.html index.htm;
}

location ~ \.php$ {
root /home/nginx/domains/domain2.com/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/nginx/domains/domain2.com/public$fastcgi_script_name;
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi_params;
}
}


So basically, my domain1.com works but not my domain2.com and they were both setup identical.

and you've setup (for example) your A Records with your registrar for both domain names?

um.. no I havent, is that something I should do? I did register my custom nameservers to point to my VPS ip address through the registrar. If A records are the reason, why would domain1.com work without the A records in registrar, but not domain2.com?

Sorry, I just like to know why things work before I do them.

did you add the nameservers to the domain2.com ?

for example on the domain registrar If you are using the same nameservers:

DOMAIN1.COM:
nameservers:
ns1.domain1.com (IP 255.255.255.255)
ns2.domain1.com (IP 255.255.255.255)

DOMAIN2.COM
nameservers:
ns1.domain1.com (IP 255.255.255.255)
ns2.domain1.com (IP 255.255.255.255)

and then check the records on the server.

Uh.. what I did was make 2 zonefiles.. so I set it up like this:

DOMAIN1.COM
ns1.domain1.com
ns2.domain1.com

DOMAIN2.COM
ns1.domain2.com
ns2.domain2.com

They both are same IP address but when I goto console and ping ns1.domain2.com, it says "Ping request could not find host ns1.domain2.com. Please check the name and try again." But for the domain1.com it pings.

I really have no clue if its the nameservers thats causing the problem or the virtual.conf file. Something is not recognizing my second domain.

Did you set the nameservers in the domain registry right? check using intodns if the right nameservers and their IP showup in the first section: "Domain NS records". Also did you restart the nsd service ?

Uh I restarted the nsd servers last time, fiddling around with it alot. But today I ddidnt want to touch it all until I actually know whats going on. I'll check the intodns again but I did post the results on my previous reply.

Yeah when I did a lookup @intoDNS, I got the right nameservers and IP address in the Domain NS records. But theres like 7 errors down the rows listed.

-Mismatched NS records
-DNS servers responded
-Missing nameservers reported by your nameservers
-Multiple Nameservers
-SOA record
-MX Records
-WWW A Record

What is the domain you are getting those errors on?

This is a pretty awesome script. I am thinking of piggy backing off it and modifying it for our own internal use. There's a few things I'd like to change up and implement which aren't currently included.

Hey Ben, I'll be getting a dedicated server soon (P4 or Atom, still deciding) the script will work just the same right? or will I need to do any more security stuff or configuration?

any updates on this lately? This thread has been quiet lately.

i get this error:

[root@localhost ~]# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/${ARCH}/ius-release-1.0-6.ius.el5.noarch.rpm
--14:49:20-- http://dl.iuscommunity.org/pub/ius/stable/Redhat/5//ius-release-1.0-6.ius.el5.noarch.rpm
=> `ius-release-1.0-6.ius.el5.noarch.rpm'
Resolving dl.iuscommunity.org... 174.143.24.129
Connecting to dl.iuscommunity.org|174.143.24.129|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
14:49:21 ERROR 404: Not Found.

[root@localhost ~]#

after looking around i see php is not installed
the script doesn;t work here for me:

[root@localhost ~]# yum -y install php53-fpm php53-devel php53-gd php53-mysql php53-xml php53-xmlrpc curl curl-devel libxml2$
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package php53-fpm.i386 0:5.3.3-4.ius.el5 set to be updated
--> Running transaction check
--> Processing Dependency: libc.so.6(GLIBC_2.4) for package: php53-fpm
--> Processing Dependency: libevent-1.4.so.2 for package: php53-fpm
--> Processing Dependency: php53 = 5.3.3-4.ius.el5 for package: php53-fpm
........
--> Finished Dependency Resolution
Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package php53-fpm
.....
Error: Missing Dependency: rtld(GNU_HASH) is needed by package libedit
Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package php53-common
Error: Missing Dependency: libssl.so.6 is needed by package php53-cli
Error: Missing Dependency: libc.so.6(GLIBC_2.4) is needed by package php53-cli
[root@localhost ~]#

Hey Ben, I'll be getting a dedicated server soon (P4 or Atom, still deciding) the script will work just the same right? or will I need to do any more security stuff or configuration?

Sure thing, it'll work just fine on a dedicated server.

any updates on this lately? This thread has been quiet lately.

A new version is coming "soon" unfortunately that is pretty much all I can say right now.

The Christmas rush started somewhat earlier than we expected this year, so everything is rather hectic right now!

i get this error:
[root@localhost ~]# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/${ARCH}/ius-release-1.0-6.ius.el5.noarch.rpm

That's not surprising, that path would be translated into a real one by the script - you can't just put it into wget and expect it to work.
Note the ${ARCH} part, it would be i386 for 32bit systems, and x86_64 for 64bit systems.

wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/ius-release-1.0-6.ius.el5.noarch.rpm
wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-6.ius.el5.noarch.rpm

Even if you do that and install the RPM manually however it likely will not be able to find the correct PHP RPM's, as after installing the repo you have to modify the path to the CentOS 5.5 sources rather than CentOS 5.4.

I've tested this script on several 5.x distributions. Two small additions:
1) Yum install wget (wget isn't installed by default on a bare install via cd)
2) mv $CUR_DIR/config/mysql/my.cnf /etc/my.cnf
chmod 660 /etc/my.cnf #add this line

How do you configure a domain? I replaced all occurrences of demo.com and 192.192.192.192 with my domain name and ip address respectively. Then on godaddy made nameservers ns1.domain.com and ns2.domain.com both pointing to my ip address. Then set the domain to point to them nameservers, yet it refused to work. What have I done wrong?:(

How do you configure a domain? I replaced all occurrences of demo.com and 192.192.192.192 with my domain name and ip address respectively. Then on godaddy made nameservers ns1.domain.com and ns2.domain.com both pointing to my ip address. Then set the domain to point to them nameservers, yet it refused to work. What have I done wrong?:(

did you restart nsd? and did you configure the domain for nginx?

ok, for some strange reason i installed centos 4.8, no wonder it didn't work

now i have installed centos 5.5, i redid the install 3 times now, but i keep gettring the same error when mysql is installed:

Initializing MySQL database: Installing MySQL system tables...
101119 15:48:43 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
101119 15:48:43 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
ERROR: 1004 Can't create file '/tmp/#sql22b6_1_0.frm' (errno: 13)
101119 15:48:43 [ERROR] Aborting

101119 15:48:43 [Note] /usr/libexec/mysqld: Shutdown complete

Installation of system tables failed!


and then this:

The latest information about MySQL is available on the web at
http://www.mysql.com
Please consult the MySQL manual section: 'Problems running mysql_install_db',
and the manual section that describes problems on your OS.
Another information source is the MySQL email archive.
Please check all of the above before mailing us!
And if you do mail us, you MUST use the /usr/bin/mysqlbug script!
[FAILED]
*************************************************
* Starting MySQL Secure Installation
*************************************************
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

mysql is not started

Sander, move the "secure tmp folders" section to the end of the script or run it as a seperate script when you are sure you have installed everything you need. It's probably the issue.

Do you think you would be able to make the script remove certain programs and optimizations to use even less memory? Some default centos installs like mine consume a fair amount. I cut down even further on memory usage but I am sure others new to administration may have a hard time.


Also would you be able to provide a link for older releases? That would also be great for when you add new features etc when the older ones would be all that is needed for some.

ben installing wordpress and every related app to make wp run hassle free would be a bless for me . I would not mind paying something affordable for this :)

@elvis1

What do you mean by "every related app" to make WP run?

Only thing I've added (not much really) is a prompt to ask you if you want to install the RPMForge Repo since I do most of the time. I did notice on one of my VPS accounts that after I installed this and rebooted I would get all sorts of weird errors (which did not occur on any other VPS).

I had Centmin working a few weeks back with ease, now that I run the install on a new vps it seems like nginx isnt recognized. I can't even access nginx directly from the address. I even tried to start the nginx and its not recognized. Any help?

nice job on this script

Nevermind, its working now.. but I am still stuck at not knowing how to make multiple domains work. I checked the virtual.conf file with a nginx expert and he says its fine.. so I am assuming its the zone file from nsd thats wrong. Can anyone give me a layout of how i should setup the zone files for multiple domains on the same ip address?

@elvis1

What do you mean by "every related app" to make WP run?

yum, vsftp ( prompting to create users instead of having to add edit the vsftpd.conf and ip tables manually ) and wget and untar automatically.

that and having kloxo installed automatically ( despite needing 3 or 4 keyboard strikes would be awesome

hello every one. can anyone tell me more about Centmin.
is it a 3rd-party software and we can install it near other panel like cpanel and directadmin or its a base manege script that we should run it on fresh OS ?

hello every one. can anyone tell me more about Centmin.
is it a 3rd-party software and we can install it near other panel like cpanel and directadmin or its a base manege script that we should run it on fresh OS ?

Its for a fresh OS, CentOS specifically. Nginx does not run with any known control panel, other than ISPManger

i have install it and then rename /home/nginx/demo.com to my domain name and then edit /usr/local/nginx/conf/conf.d/virtual.conf and change all demo.com to mydoamin.com

how can i set nameserver for my user ?

During setup it prompt if I wanted Alternative PHP Cache (APC) enabled, how do we disable this without having to reinstall everything?

Hey Ben,

If you ever can, can you add an option to install 5.2.14 + php-fpm instead of 5.3.3 since still some apps aren't 5.3.3 compatible yet.

Thanks,
Dregond

i have install it and then rename /home/nginx/demo.com to my domain name and then edit /usr/local/nginx/conf/conf.d/virtual.conf and change all demo.com to mydoamin.com

how can i set nameserver for my user ?

vi /etc/nameserverips

NS1=IP1
NS2=IP2

Should work I think.

Thank you...

is it possible that kloxo could not be installed after installing centmin? it run in something like and endless loop

root@# /etc/init.d/php-fpm restart
Stopping php-fpm: [FAILED]
Starting php-fpm: /bin/bash: line 1: 34359 Bus error php-fpm
[FAILED]

Just an update for everyone. you need to edit the script in the PHP installation section from php53- to php53u- since the rpm has been changed and php53- files are no longer there.

Indeed kinda stoped me dead in my tracks any chance of a update'd version please Ben

how to access phpmyadmin ?

I haven't seen been online in a while hope he's OK.

Nothing to do
mv: cannot move `/root/config/php-fpm/www.conf' to `/etc/php-fpm.d/www.conf': No such file or directory
chown: cannot access `/var/lib/php/session/': No such file or directory
error reading information on service php-fpm: No such file or directory
./centmin.sh: line 317: /etc/init.d/php-fpm: No such file or directory
*************************************************
* PHP installed

cool script thanks for sharing ill have to see if i can add to the collaboration

When i type in my sites domain name it does direct to my server. But after clicking a link it just takes me to the sites ip address. Any idea on how to fix this?

Thanks.

nice script...works great on 256 box...thanks

how to create ssl vhost?

is there a way to change to this from regular cent os with out doing a full reinstall?

does this mean i can host my own dns with this script?

also, i just installed this script. how can i remove it? when i stopped nginx and started httpd, after i tried to visit myphpadmin. does not work and it comes up as

"Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly."

I am happy to (finally) announce the release of Centmin v1.1.0.

This version contains software updates, bugfixes and adds CentOS 5.6 support.

- Nginx default version has been updated to v1.0 (stable).
- NSD has been updated to v3.2.8.
- PHP has been updated to v5.3.6.
- PHP now installs correctly - the official CentOS repo was updated to include PHP 5.3.3 which conflicted with the PHP-FPM installation. This issue has been resolved.
- A bugfix for the IUS repo that is no longer needed has been removed.

As always, you can grab the latest version from http://www.centmin.com.

Also I would like to take this opportunity to re-assure you that the project is not dead.
Updates have been a while in the making due to large workloads however we hope within the next 2 months we will be able to get back to maintaining the script on a regular basis.

Finally, if you find any bugs or the script no longer works - please let us know (via our website). Just one person actually reported that the script no longer worked.
While we do not provide support for the script - updates and bugfixes will obviously be worked on if reported.

---

is there a way to change to this from regular cent os with out doing a full reinstall?

You should be able to just run the installation script. (Though we would always recommend a clean install of CentOS, you will likely find it is not needed.)

Great work, thank you.

I already read this thread last year and revisited this again today because I need to setup a lowendbox for my new website and this script really helped me a lot :) Thank you

Thank you so much for this wonderful script that just made my VPS a lot slimmer and snappier!
You truly made my day! :)

Great script, thank you!

No problem, I am glad it has been useful :)

rm -rf /tmp
mkdir /tmp
mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
chmod 1777 /tmp
echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
rm -rf /var/tmp
ln -s /tmp /var/tm

What is the point of "securing /tmp and /var/tmp"?

P.S. I'm a newbie.

rm -rf /tmp
mkdir /tmp
mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
chmod 1777 /tmp
echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
rm -rf /var/tmp
ln -s /tmp /var/tm

What is the point of "securing /tmp and /var/tmp"?

P.S. I'm a newbie.

This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

What is the point of "securing /tmp and /var/tmp"?

This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.
Yes, just as Roel said it stops many, many exploits from being run on your server.
As far as we're concerned it is always something that should be done on any Linux server, especially if it's one that's running publicly accessible web-services that could potentially be exploited.

We always recommend when setting up a server, securing /tmp and /var/tmp, changing the SSH port, allowing access to SSH only via Public Keys (unless it is an environment where it is totally impractical to do so), installing an intrusion detection system with auto IP banning functionality and getting a decent software firewall in place (we generally use ConfigServer Firewall (http://www.configserver.com/cp/csf.html) for the IDS and Firewall).

As and when I get some more time to work on Centmin properly again, these are more than likely some of the things I will look into implementing.

Thanks for you infomation, I'll wait for the next secure release.

Thanks for you infomation, I'll wait for the next secure release.
You might be in for a bit of a wait if that's the case :stickout:

We are extremely busy at the moment, combine that with the fact that I am moving house in 5 weeks and it means realistically it's probably going to be the end of June/early July before I start working on additional features again (any bugfixes etc. will be a priority in the meanwhile).

You might be in for a bit of a wait if that's the case :stickout:

We are extremely busy at the moment, combine that with the fact that I am moving house in 5 weeks and it means realistically it's probably going to be the end of June/early July before I start working on additional features again (any bugfixes etc. will be a priority in the meanwhile).

Hi Ben

Just thought I'd pop in and say thanks for the nice centmin script framework, very easy to modify to suit my needs. I already scripted an equivalent script ages ago for apache based web server, but never got around to nginx version.

Been playing with local and rackspace cloud server setups and moved my existing nginx configuration settings into your script with additional nginx config options.

So now I have changed mysql to MariaDB 5.2.6 mysql, added xcache support (for vB datastore cache support), Nginx and php-fpm compiled with updated openssl from 0.9.8e to 1.0.0d, and dumped php-fpm yum install in favour of custom source compile for php-fpm with addition config options compiled in to ensure it works with vBulletin forums :)

George

Wow, very interesting, can you share your experience when creating new script base on the original?

More about new MariaDB + Xcache + costom compile php-fpm?

Yes, just as Roel said it stops many, many exploits from being run on your server.
As far as we're concerned it is always something that should be done on any Linux server, especially if it's one that's running publicly accessible web-services that could potentially be exploited.

We always recommend when setting up a server, securing /tmp and /var/tmp, changing the SSH port, allowing access to SSH only via Public Keys (unless it is an environment where it is totally impractical to do so), installing an intrusion detection system with auto IP banning functionality and getting a decent software firewall in place (we generally use ConfigServer for the IDS and Firewall).

As and when I get some more time to work on Centmin properly again, these are more than likely some of the things I will look into implementing.
Thank you for introducing me to ConfigServer.

How could the system be exploited if I don't "secure" /tmp and /var/tmp, though? What I don't understand at all is why the tmp directory is any safer under / rather than /var. Also, it's understandable why you'd want to change the access permissions, but why the tmp folder and not any other?

What I don't understand at all is why the tmp directory is any safer under / rather than /var.
Just to clear things up, I meant why is /var/tmp made to point to /tmp.

My apache version of my script has CSF install routine as well, so might migrate it over to centmin modified script :)

Wow, very interesting, can you share your experience when creating new script base on the original?

More about new MariaDB + Xcache + costom compile php-fpm?
well initially had some problems compiling the right path to openssl for nginx and php-fpm and some php-fpm paths which differed from php-fpm rpm/yum versus my custom source compile, so changed them to around.

End up with the following

free -m
total used free shared buffers cached
Mem: 3270 506 2763 0 25 314
-/+ buffers/cache: 166 3103
Swap: 5279 0 5279

top - 01:40:27 up 2 min, 1 user, load average: 0.45, 0.26, 0.10
Tasks: 140 total, 1 running, 139 sleeping, 0 stopped, 0 zombie
Cpu(s): 2.9%us, 3.3%sy, 0.0%ni, 80.6%id, 11.7%wa, 0.4%hi, 1.0%si, 0.0%st
Mem: 3348500k total, 518712k used, 2829788k free, 26544k buffers
Swap: 5406712k total, 0k used, 5406712k free, 321868k cached

nginx -V
nginx: nginx version: nginx/1.0.2
nginx: built by gcc 4.1.2 20080704 (Red Hat 4.1.2-50)
nginx: TLS SNI support enabled
nginx: configure arguments: --sbin-path=/usr/local/sbin --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_secure_link_module --with-http_flv_module --with-http_sub_module --with-http_realip_module --add-module=../ngx-fancyindex-0.3.1 --add-module=../ngx_cache_purge-1.3 --add-module=../nginx-accesskey-2.0.3 --with-google_perftools_module --with-openssl=../openssl-1.0.0d --with-ld-opt=-ltcmalloc_minimal

php -v
PHP 5.3.6 (cli) (built: May 17 2011 01:29:54)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
with XCache v1.3.1, Copyright (c) 2005-2010, by mOo

php -i | grep configure
Configure Command => '../configure' '--enable-cgi' '--enable-fpm' '--with-mcrypt' '--with-mhash' '--with-zlib' '--with-gettext' '--enable-exif' '--enable-zip' '--with-bz2' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--enable-shmop' '--with-pear' '--enable-mbstring' '--with-openssl=/usr/local' '--with-mysql=/usr/bin/' '--with-libdir=lib64' '--with-mysqli=/usr/bin/mysql_config' '--with-mysql-sock' '--with-curl' '--with-gd' '--with-xmlrpc' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-gd-native-ttf' '--without-sqlite' '--disable-pdo' '--with-fpm-user=nginx' '--with-fpm-group=nginx'

php -i | grep MariaDB
Client API version => 5.2.6-MariaDB
Client API library version => 5.2.6-MariaDB
Client API header version => 5.2.6-MariaDB

mysqladmin ver
mysqladmin Ver 9.0 Distrib 5.2.6-MariaDB, for unknown-linux-gnu on x86_64
Copyright 2000-2008 MySQL AB, 2008 Sun Microsystems, Inc,
2009 Monty Program Ab
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL license

Server version 5.2.6-MariaDB-mariadb101
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/lib/mysql/mysql.sock
Uptime: 4 min 28 sec

Threads: 1 Questions: 1 Slow queries: 0 Opens: 15 Flush tables: 1 Open tables: 8 Queries per second avg: 0.3

ulimit -aH
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 26623
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 63536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 26623
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

Thank you very much eva2000.

Also added some command shortcuts to bottom of centmin script

echo " "

cecho "**********************************************************************" $boldgreen
cecho "* Add cmd shortcuts for php.ini, my.cnf, php-fpm.conf, nginx.conf and virtual.conf " $boldgreen
cecho "* Edit php.ini = phpedit " $boldgreen
cecho "* Edit my.cnf = mycnf " $boldgreen
cecho "* Edit php-fpm.conf = fpmconf " $boldgreen
cecho "* Edit nginx.conf = nginxconf " $boldgreen
cecho "* Edit virtual.conf = vhostconf " $boldgreen
cecho "* nginx stop/start/restart = ngxstop/ngxstart/ngxrestart " $boldgreen
cecho "* php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart " $boldgreen
cecho "* mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart " $boldgreen
cecho "* nginx + php-fpm stop/start/restart = npstop/npstart/nprestart " $boldgreen
cecho "**********************************************************************" $boldgreen

echo "nano -w /usr/local/lib/php.ini" > /usr/bin/phpedit ; chmod 700 /usr/bin/phpedit
echo "nano -w /etc/my.cnf" >/usr/bin/mycnf ; chmod 700 /usr/bin/mycnf
echo "nano -w /usr/local/etc/php-fpm.conf" >/usr/bin/fpmconf ; chmod 700 /usr/bin/fpmconf
echo "nano -w /usr/local/nginx/conf/nginx.conf" >/usr/bin/nginxconf ; chmod 700 /usr/bin/nginxconf
echo "nano -w /usr/local/nginx/conf/conf.d/virtual.conf" >/usr/bin/vhostconf ; chmod 700 /usr/bin/vhostconf

echo "service nginx stop" >/usr/bin/ngxstop ; chmod 700 /usr/bin/ngxstop
echo "service nginx start" >/usr/bin/ngxstart ; chmod 700 /usr/bin/ngxstart
echo "service nginx restart" >/usr/bin/ngxrestart ; chmod 700 /usr/bin/ngxrestart
echo "service php-fpm stop" >/usr/bin/fpmstop ; chmod 700 /usr/bin/fpmstop
echo "service php-fpm start" >/usr/bin/fpmstart ; chmod 700 /usr/bin/fpmstart
echo "service php-fpm restart" >/usr/bin/fpmrestart ; chmod 700 /usr/bin/fpmrestart
echo "service mysql stop" >/usr/bin/mysqlstop ; chmod 700 /usr/bin/mysqlstop
echo "service mysql start" >/usr/bin/mysqlstart ; chmod 700 /usr/bin/mysqlstart
echo "service mysql restart" >/usr/bin/mysqlrestart ; chmod 700 /usr/bin/mysqlrestart
echo "service nginx stop;service php-fpm stop" >/usr/bin/npstop ; chmod 700 /usr/bin/npstop
echo "service nginx start;service php-fpm start" >/usr/bin/npstart ; chmod 700 /usr/bin/npstart
echo "service nginx restart;service php-fpm restart" >/usr/bin/nprestart ; chmod 700 /usr/bin/nprestart

echo " "

cecho "**********************************************************************" $boldgreen
cecho "* Installation complete, congratulations!" $boldgreen
cecho "* For security reasons this script will now be deleted." $boldgreen
cecho "* " $boldgreen
cecho "* We would highly recommend that you reboot your server now." $boldgreen
cecho "* " $boldgreen
cecho "* Enjoy CentOS - BTCentral" $boldgreen
cecho "**********************************************************************" $boldgreen

Hi George,

Firstly no problem, glad you have found it useful :)

The changes you have been making sound very interesting, in particular for me MariaDB support - that's always something I have meant to look into but just have not found the time yet.

If you're interested in having changes you have made implemented into Centmin just drop me a PM (http://www.webhostingtalk.com/private.php?do=newpm&u=319324) or drop us an email (http://www.btcentral.org.uk/contact.php) and I will get back to you - for example I could get it to give the option for MariaDB instead of standard MySQL, custom php-fpm instead of pre-compiled, etc. which I am sure would be very useful for some people. Full credit would be given for any contributions of course.

We have big plans for Centmin in the not too distant future, as I said it's just a matter of finding the time to implement them :)

Alternatively if you just fancy making a fork of Centmin that's just fine too.

Thanks,
Ben

Hi Ben

I'd love to share my version but last time i linked to my site on this forum to provide useful and on topic info for a thread, a moderator gave me an infraction warning :( :confused:

I've since last post, added memcached server support to my version of the script so libevent, memcached, memcache along with xcache support has been added.

MariaDB is mainly 64bit so is the rest of the focus of my version as it's what i mainly use for servers. So maybe you could add in necessarily routines and checks for 32bit vs 64bit.

My apache version also has CSF, chkrootkit, rkhunter and varnish cache options, I'm thinking of at least adding CSF to my modified version of centmin, I can share the changes once that's done and tested :)

I'd love to share my version but last time i linked to my site on this forum to provide useful and on topic info for a thread, a moderator gave me an infraction warning :( :confused:
Hmm, depending on how you worded your post/what you linked to it may have been considered self-promotion.

In that case what I will do is PM you my email address so that you can get in touch that way. So if you have a website I can have a look at or links to any changes you can just send them that way :)
Edit: Done.

I've since last post, added memcached server support to my version of the script so libevent, memcached, memcache along with xcache support has been added.

MariaDB is mainly 64bit so is the rest of the focus of my version as it's what i mainly use for servers. So maybe you could add in necessarily routines and checks for 32bit vs 64bit.

My apache version also has CSF, chkrootkit, rkhunter and varnish cache options, I'm thinking of at least adding CSF to my modified version of centmin, I can share the changes once that's done and tested :)
Sounds good, 32bit checks are not a problem, there's already an architecture check in the script and I'm more than happy to make changes as necessary. We have VPS specifically for testing and could also easily setup a VM in the likes of VirtualBox if needed.

Thanks,
Ben

Thanks Ben email sent. I uploaded a copy of the modified centmin version here (http://cdn.vbtechsupport.com/centmin/mariadb/centmin-mariadbmemc_v0.4.zip) - it has MariaDB 5.2.6 support, xcache v1.3.1, memcached 1.4.5, memcache 3.0.5, libevent 2.0.10, csf firewall and siege benchmark install. Feel free to correct and outline any errors or bugs I introduced into the script :)

Thanks Ben email sent. I uploaded a copy of the modified centmin version here (http://cdn.vbtechsupport.com/centmin/mariadb/centmin-mariadbmemc_v0.4.zip) - it has MariaDB 5.2.6 support, xcache v1.3.1, memcached 1.4.5, memcache 3.0.5, libevent 2.0.10, csf firewall and siege benchmark install. Feel free to correct and outline any errors or bugs I introduced into the script :)

Thanks George - From the quick look I have had everything looks fine for 64bit CentOS.

I'll work on modification & testing for 32bit CentOS over the weekend and double check any changes that have been made :)

Thanks George - From the quick look I have had everything looks fine for 64bit CentOS.

I'll work on modification & testing for 32bit CentOS over the weekend and double check any changes that have been made :)
Good to hear... i tried my hand at modifying the script for scientific linux 6 as well, so far okay. Adding more stuff to my version, vsftpd 2.3.4, snmp, python 2.7.1 etc.

Thanks for all the hard work on this Ben and eva2000 and the others who contributed.

Adding the excellent CSF to this is most welcome.

But I was originally looking for the best way to install from scratch a minimal CentOS 5 when I found centmin - so what is the best practice for the initial minimal clean install? Should I just start with the original ISO or is there a better recommended build? Should I just use the netinstall?

eva2000 I had to modify your script for 32bit since I am testing in a VM on a 32bit OS

I did these search/replaces, just to help others in the future:

.x86_64 -> .i386
/x86_64 -> /i386
amd64 -> x86
lib64 -> lib

It kinda sorta looks like everything is mostly working
Apache is working but not nginx, so investigating that...

BTW are the wget fetched files cleaned up at any point?
Because when I rerun the script I see wget often renaming .gz.1 .gz.2 .gz.3 instead of overwriting or skipping any existing.

I also noticed these two errors:

./centmin.sh: line 629: /usr/local/bin/phpize: No such file or directory
./centmin.sh: line 630: ./configure: No such file or directory

Also vsftp was not working out of the box.
Had to edit /etc/vftpd/vftpd.conf and change
local_enable=YES
and comment out
#one_process_model=yes

update: okay nginx wasn't working because for some reason it was never chmod +x in /etc/init.d/nginx so it could not execute - manually fixed that but not sure why the script couldn't do it

aww, original centmin script was written for install/run once only and not for re-running successive times. I modified mine based on this assumption too, so you're not meant to re-run the script - once only runs.

I however, have updated script from centmin-mariadbmemc_v0.4.zip to centmin-mariadbmemc_v0.4.1.zip so at least not redownload some of the scripts with checks, but still i wouldn't do re-runs as i have custom settings added which would duplicate in config files if reran. Testing v0.4.1 right now.

Apologies for the delay in getting the 32bit version of eva2000's script done - the last couple of weeks have been much more hectic than I thought they would be and I was out all last weekend so did not get a chance to look at it then.
Thankfully things are starting to slow down a bit now.

I'll be looking into it this afternoon/evening and so should be posting a new version either this evening or tomorrow after testing etc.

Sounds like an amazing script.

What's also great about this script is for learning purposes on a very basic level. Just studying it and doing parts manually teach a bunch.

If anyone is interested, I made a vmware player vmx file suitable for learning how to do centos5 installs from scratch using the netinstaller and for testing this script. When I screw up I just nuke the files and start over (but I'm past that learning stage now).

It's interesting that the final file image size is 3gb with centos 5.6 + eva2000's version, I thought it would be a little lighter but I guess that's because the vmware image doesn't self-shrink, only grows to max needed and I guess the OS has a swap file in there too.

Oh by the way, xcache 1.3.2 just released yesterday.

I easily added phpmyadmin. I'm exploring if there is any way to run the CSF web interface or if only the shell will work in this environment.

What's also great about this script is for learning purposes on a very basic level. Just studying it and doing parts manually teach a bunch.
I've tried to keep the script as clean as possible, which is why I've used standard spacing and added comments throughout - it's good to know this is useful.

Oh by the way, xcache 1.3.2 just released yesterday.
Thanks for letting me know, I'm working on a new official version of Centmin right now and am implementing eva2000's modifications while cleaning things up a bit (and adding 32bit support) - my dual monitor setup at home comes in very useful for 4 way file comparison - I've changed the script to grab the latest version of xcache.

I'm exploring if there is any way to run the CSF web interface or if only the shell will work in this environment.
CSF web interface? You mean the cPanel interface or is there another interface I am not aware of? If so I could look into implementing this in the next release (if you could provide me with a link to it).

Apologies for the delay in getting the 32bit version of eva2000's script done - the last couple of weeks have been much more hectic than I thought they would be and I was out all last weekend so did not get a chance to look at it then.
Thankfully things are starting to slow down a bit now.

I'll be looking into it this afternoon/evening and so should be posting a new version either this evening or tomorrow after testing etc.
Awesome indeed for 32bit folks... i don't think i could go back to 32bit knowing how much better 64bit mysql performs for me :D

Looking forward to contributing more to your new 32/64bit version :)

4 way compare, which software app allows that ? using beyond compare 3.2 now and that only has 3 way compare.


It's interesting that the final file image size is 3gb with centos 5.6 + eva2000's version, I thought it would be a little lighter but I guess that's because the vmware image doesn't self-shrink, only grows to max needed and I guess the OS has a swap file in there too.

Oh by the way, xcache 1.3.2 just released yesterday.

I easily added phpmyadmin. I'm exploring if there is any way to run the CSF web interface or if only the shell will work in this environment.

Yes indeed i learn something from looking at original centmin script as well - better structure than my original apache version i did. Haven't had time to rewrite my apache version with better structure.

4 way compare, which software app allows that ? using beyond compare 3.2 now and that only has 3 way compare.
None that I'm aware of actually - I use Araxis Merge (http://www.araxis.com/merge/index.html) for 3 way comparison (previous version of Centmin, your version, new version of Centmin), then have a modified version (http://code.google.com/p/notepad2-mod/) of Notepad2 open on my second (smaller) monitor as that supports shell script syntax highlighting - which is what I use to actually do the editing for the new version.

Things are coming along nicely, I'm currently still going through your changes and adding them, re-structuring code and adding other options I think are needed, updating software versions etc. while I'm at it.
I have been working on this for the last one and a half hours or so and there's still a fair bit to do before testing ;)

Ah i see :)

I have v0.4.1 (http://vbtechsupport.com/centmin/mariadb/centmin-mariadbmemc_v0.4.1.zip) of mine uploaded with a few fixes mentioned above in my previous post.

Ah i see :)

I have v0.4.1 of mine uploaded http://vbtechsupport.com/centmin/mariadb/centmin-mariadbmemc_v0.4.1.zip with a few fixes.

Thanks, I actually checked your website and grabbed that earlier before I started making any changes :D
Time for a coffee break & something to eat I think :)

Ah, i had to do some quick fixes so uploaded a fresh v0.4.1 zip :)

Ah, i had to do some quick fixes so uploaded a fresh v0.4.1 zip :)

Just downloaded a fresh copy and the only changes you made to the centmin.sh script are actually incorrect? - You're trying to extract various files before downloading them now instead of after.
Lines 323 to 350 should be like this (http://pastie.org/2023013) - It's not something that would have effected my new version anyway as I've been re-writing those as I go.

Are there any other changes (e.g. configuration files) to what you originally uploaded, or was it just that?

Yeah those are the changes same in the nginx /extras update script

Dumb question for eva2000:

Since nginx is essentially running "userless" with the domains all under it's own user (ie. /home/nginx/demo.com ) how is vsftpd meant to be used in this configuration? chroot_list is disabled in your setup, root is prohibited, so how is it meant to have a user login?

After around eight and a half hours of coding and testing today, I am happy to announce the release of Centmin 1.2.0.

This incorporates the majority of eva2000's changes (Memcached was not added, as it did not work correctly), fixes various bugs in his code and also adds 32bit CentOS support.
As always, you can grab the latest version from http://www.centmin.com.

Note that MariaDB is rather a memory hog in comparison to standard MySQL, due to this MySQL is still installed as default.

To use MariaDB instead simply set the following configuration options:
MYSQL_INSTALL=n
MDB_INSTALL=y

Because of the amount of changes made, rather than re-type them here I will simply quote the changelog:

v1.2.0 - 06/06/2011
There are major feature updates in this version, the script size has almost tripled!

Many of updates in this version have been contributed by "eva2000" of vbtechsupport.com - we have cleaned up his code,
fixed bugs and added support for 32bit CentOS (as he released changes only for 64bit OS).

- PHP now compiled from source instead of installed via external repository.
- Various other libraries, modules and applications now compiled from source.
- Development Tools list updated.
- UPDATE: nginx updated to version 1.0.4, nginx configuration tweaked, various nginx addons installed by default.
- UPDATE: Both Nginx and PHP compiled with OpenSSL 1.0.0d support instead of OpenSSL 0.9.8e.
- FEATURE: Added IPv6 support installation option for nginx.
- FEATURES: Added Siege, Sproxy, MariaDB, XCache, ConfigServer Firewall, PCRE, Script shortcuts.
- EXTRAS: Nginx update script updated.
- The majority of services are now started at the end of the script to allow additonal memory usage during compilation.
- Readme updated.
- Minor bugfixes, various new script checks.

Enjoy!

---

Since nginx is essentially running "userless" with the domains all under it's own user (ie. /home/nginx/demo.com ) how is vsftpd meant to be used in this configuration? chroot_list is disabled in your setup, root is prohibited, so how is it meant to have a user login?

Personally as far as I'm concerned unless you are running a public hosting business, then you should be using SSH (SFTP) to upload files rather than regular FTP. How you chose to setup the SFTP configuration is up to you - the easiest way would be to simply change the login shell for the nginx user so you could login using that account and access the domain folders via SFTP using that.

CSF web interface? You mean the cPanel interface or is there another interface I am not aware of? If so I could look into implementing this in the next release (if you could provide me with a link to it).

There is a web ui for csf in /etc/csf/csfui.pl which he uses across a few kinds of control panels, not only cpanel but even webmin.

So I figured out a straightforward way to get a perl fastcgi wrapper installed and I can execute most perl/cgi through nginx but still hitting a bug that is blocking csfui from running.

Y'all have much more skill so you might be able to more easily figure it out. Let me know if you want instructions on the perl fastcgi wrapper.

Dumb question for eva2000:

Since nginx is essentially running "userless" with the domains all under it's own user (ie. /home/nginx/demo.com ) how is vsftpd meant to be used in this configuration? chroot_list is disabled in your setup, root is prohibited, so how is it meant to have a user login???? 0.4.0 of mine doesn't have vsftp included ? you'd have to setup and configure users/vsftp yourself.

After around eight and a half hours of coding and testing today, I am happy to announce the release of Centmin 1.2.0.

This incorporates the majority of eva2000's changes (Memcached was not added, as it did not work correctly), fixes various bugs in his code and also adds 32bit CentOS support.
As always, you can grab the latest version from http://www.centmin.com.

Note that MariaDB is rather a memory hog in comparison to standard MySQL, due to this MySQL is still installed as default.

To use MariaDB instead simply set the following configuration options:
MYSQL_INSTALL=n
MDB_INSTALL=y

Because of the amount of changes made, rather than re-type them here
Awesome Ben thanks for all the hard work, great to have a choice between mysql versions. Yes mariadb uses more memory but it's between 25-82% faster than mysql community 5.1/5.5 versions :)

What troubles you have with memcached ? Only trouble i had is with memcache 3.0.6 php extension something must of changed as 3.0.5 works fine.

Whoops Ben you copied over my boo boos for nginx prerequisites ;)


if [ -s ngx-fancyindex-0.3.1.tar.gz ]; then
cecho "ngx-fancyindex 0.3.1 Archive found, skipping download..." $boldgreen
else
wget -c http://furi-ku.org/+/cgit/code/ngx-fancyindex/snapshot/ngx-fancyindex-0.3.1.tar.gz
fi

tar zvxf ngx-fancyindex-0.3.1.tar.gz

if [ -s ngx_cache_purge-1.3.tar.gz ]; then
cecho "ngx_cache_purge 1.3 Archive found, skipping download..." $boldgreen
else
wget -c http://labs.frickle.com/files/ngx_cache_purge-1.3.tar.gz
fi

tar zvxf ngx_cache_purge-1.3.tar.gz

if [ -s Nginx-accesskey-2.0.3.tar.gz ]; then
cecho "Nginx-accesskey 2.0.3 Archive found, skipping download..." $boldgreen
else
wget -c http://wiki.nginx.org/images/5/51/Nginx-accesskey-2.0.3.tar.gz
fi

Also mysqltuner.pl v1.12 no longer works author of the script is looking for a new maintainer for the script or waiting on forked version from another DBA to update their status on their work on mysqltuner.pl v2.x. For now the script is at https://github.com/rackerhacker/MySQLTuner-perl in v1.20 form

What troubles you have with memcached ? Only trouble i had is with memcache 3.0.6 php extension something must of changed as 3.0.5 works fine.

Ah. That would explain it, I set my script to grab memcache 3.0.6, and the PHP status script did not work so I removed it in order to get the script out fully tested in a reasonable time frame. I'll look into re-adding this to the next version.

Whoops Ben you copied over my boo boos for nginx prerequisites ;)
Am I missing something here?

It checks if the prerequisites have already been download, if they have not been it downloads them and extracts them. What's wrong with that? :confused:
They're added to the nginx compilation and work just fine - in fact I just enabled fancyindex on my test VPS.

I was aware mysqltuner.pl was not being downloaded but just thought that the website was down temporarily - I'll update the URL in the next version.

May I suggest that y'all store the files in the distribution one subdirectory deeper and not keep them in the archive "root".

ie. make a subdirectory centmin within the archive - otherwise it might surprise some people that it unpacks right in the very directory they are at

centmin 1.2 is borking on the mysql install

At the end since it didn't find mysqld running I went and opened another terminal and restarted mysqld but it still would not login no matter what (password or not).


Installed:
mysql-devel.i386 0:5.0.77-4.el5_6.6 mysql-server.i386 0:5.0.77-4.el5_6.6 perl-DBD-MySQL.i386 0:3.0007-2.el5

Complete!
--2011-06-06 10:46:06-- http://thisfile.net/mysqlreport
Resolving thisfile.net... 96.30.51.48
Connecting to thisfile.net|96.30.51.48|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 38873 (38K) [text/plain]
Saving to: `mysqlreport'

100%[==========================================================================================>] 38,873 109K/s in 0.3s

2011-06-06 10:46:07 (109 KB/s) - `mysqlreport' saved [38873/38873]

--2011-06-06 10:46:07-- http://mysqltuner.pl/
Resolving mysqltuner.pl... failed: Name or service not known.
wget: unable to resolve host address `mysqltuner.pl'
chmod: cannot access `mysqltuner.pl': No such file or directory
Initializing MySQL database: Installing MySQL system tables...
110606 10:46:08 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
110606 10:46:08 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
ERROR: 1004 Can't create file '/tmp/#sql25f4_1_0.frm' (errno: 13)
110606 10:46:08 [ERROR] Aborting

110606 10:46:08 [Note] /usr/libexec/mysqld: Shutdown complete

Installation of system tables failed!

Examine the logs in /var/lib/mysql for more information.
You can try to start the mysqld daemon with:
/usr/libexec/mysqld --skip-grant &
and use the command line tool
/usr/bin/mysql to connect to the mysql
database and look at the grant tables:

shell> /usr/bin/mysql -u root mysql
mysql> show tables

Try 'mysqld --help' if you have problems with paths. Using --log
gives you a log in /var/lib/mysql that may be helpful.

The latest information about MySQL is available on the web at
http://www.mysql.com
Please consult the MySQL manual section: 'Problems running mysql_install_db',
and the manual section that describes problems on your OS.
Another information source is the MySQL email archive.
Please check all of the above before mailing us!
And if you do mail us, you MUST use the /usr/bin/mysqlbug script!
[FAILED]
*************************************************
* Starting MySQL Secure Installation
*************************************************




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Enter current password for root (enter for none):


(mysqld restart)


Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Also for some reason it could not resolve the xcache host.

It worked a second time, maybe wget needs to be set to do retries for safety with --tries=3


* Installing XCache
*************************************************
--2011-06-06 10:58:25-- http://xcache.lighttpd.net/pub/Releases/1.3.2/xcache-1.3.2.tar.gz
Resolving xcache.lighttpd.net... failed: Temporary failure in name resolution.
wget: unable to resolve host address `xcache.lighttpd.net'
tar: xcache-1.3.2.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors
./centmin.sh: line 671: cd: xcache-1.3.2: No such file or directory
./centmin.sh: line 672: /usr/local/bin/phpize: No such file or directory
./centmin.sh: line 673: ./configure: No such file or directory
make: *** No targets specified and no makefile found. Stop.


Since that failed, I told it to try APC
but, my default CentOS 5.6 install could not find APC

Install APC? (By default uses 32MB RAM) [y/n] y
*************************************************
* Installing Alternative PHP Cache
*************************************************
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.omnispring.com
* extras: hpc.arc.georgetown.edu
* updates: mirror.steadfast.net
Setting up Install Process
No package php53-pecl-apc available.
Nothing to do


So does the default yum repository list need to be appended by the script first?

Thanks for the feedback, I'll likely look into the any issues on Wednesday (as I have a busy evening and a new large site for one of our clients is going live tomorrow) and post a bugfix release.
Out of interest are you running it on 32bit or 64bit CentOS?

As for APC, it must have been included in one of the repos that has now been removed from the script, which means it's fairly likely that that will now need to be compiled from source (or for you to re-add the repos and install via that).

As for the MySQL error, I'm sure i've seen that once before but was not able to ever reproduce it.
Can you try changing your /etc/my.cnf to this (http://pastie.org/2027862) and then run /etc/init.d/mysqld start to see if it makes any difference?

Am I missing something here?



sorry was looking at wrong file when comparising those lines heh.

No rush on fixes, I was just testing it for you for feedback.

Testing is done on a freshly installed copy of CentOS 5.6 32-bit in a vmware player box.

Memory use after install is actually higher than I think I've seen reported in this thread but we can look at that later once the script is stable again.

I found this little ditty about unfound 53 packages
packages have been renamed from php53-* to php53u-*

IUS renamed the packages to have a suffix of “u”.
This was done to avoid conflicts with CentOS’s recently released PHP 5.3 packages.