Preparing the server.
Handling the SSH key with putty and puttygen
To do so we have to first install Putty, PuTTYgen is normally installed as part of the normal PuTTY .msi package installation. There is no need for a separate PuTTYgen download. Download the PuTTY installation package.
After installing putty go to the installation folder and run puttygen.exe.
Click on generate
Move the mouse inside the blank area
Add a key phrase to protect the private key (optional but recommended for better security )
Then Save public and private key in a safe folder.
In your server (I am using Digital Ocean) create a new droplet and choose your plan and OS as centos 7.
To save your self a big hassle, add the SSH key BEFORE creating the droplet, to do so, In the new droplet settings, you will find a button says add ssh (may be different in other providers but the similar idea).
In Digital Ocean it will look like this
Click on it then paste the ssh key you got from putty gen name it as you want then save it.
make sure the newly created ssh key is selected next to the New SSH Key button
For your hostname, be creative.
Now back to putty, run it then type the IP and port 22.
Go to SSH->Auth from the left menu then click on browse next to private key file for auth and select your private key
Now If not to get disconnected each x seconds when being idle, go to Connection from the left, and set the ‘Seconds
between keepalives ‘ to 10.
Also, set the windows settings like this ( as eve2000 suggested at the forms of Centmin Mod).
Now, Go back to the session from the left menu then Type a name to save the settings we typed now (not to type it again each time) then click save.
Now click on open after you save and a popup will show up just click yes.
Then type root as user press enter, now if you choose a password for the private key you will have to type it here, I did so it looked like this.
Now we are done with SSH let’s start working on the server Itself :D.
Installing Centmin Mod on Centos 7
First You’re going to start with a standard clean and up to date CentOS 7 installation.
yum -y update && shutdown -r now
the server will restart reconnect then Install the basic default packages.
yum -y install nano wget curl
now for the Centmin Mod installation to complete successfully you have to be root, not a using sudo.
Then check here for latest version.
I used the 123.09beta01 one since at the time of writing this, this has a lot of new features and soon it will be stable (I am using it on 3 websites now with no errors and recommended by eva2000)
so from the link above, you will get the install command, it will look like this
yum -y update; curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh
this will take around 20 minutes so calm down and if you felt that it stuck just wait it is working I hope.
When it finishes, be careful not to close the terminal and to copy all the log and save it in a safe place since it will have all the passwords that Centmin mod has generated for you.
Activating Let’s Encrypt.
Now for Lets Encrypt SSL eva2000 has created a script, but it requires some steps to set it up. ( the script is beta at the time I am writing this, but I had no problems with it also on 3 websites).
touch /etc/centminmod/custom_config.inc echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
Centmin Mod and Centos 7 update (manual and automatic).
This is where you are gonna be most of the time while using Centmin Mod, the script menu.
to run the script navigate to
cd /usr/local/src/centminmod
then we run the script
./centmin.sh
It will first Ask you for the admin email ( the email that will get notifications of updates and problems) so please put a valid email.
add the second email (you can skip but you will get notified to enter it every time you open this menu again which is annoying)
Then wait some time till the menu of Centmin Mod opens,
To do a manual update for Centmin Mod
type 23 and enter.
in this menu, if you want to update your current version of Centmin Mod for any bug fixes go for the 2nd option.
otherwise, if you want to upgrade to another version fully go for the 3rd option.
Automatic Updates Centmin Mod
To activate Centmin Mod auto update.
0 */6 * * * /usr/local/src/centminmod/updatecm.sh 2>/dev/null
Automatic Updates Centos 7 (recommended)
yum -y install yum-cron chkconfig yum-cron on
then for centos 7
nano /etc/yum/yum-cron.conf
then search for email_to(ctrl+w in nano) and replace root with your email
save (ctrl+o then enter in nano) then exit (ctrl+x in nano)
nano /etc/yum/yum-cron.conf
update_messages download_updates apply_updates
nano /etc/yum/yum-cron-hourly.conf
this one to make the hourly updates only for security updates
sed -i 's|^update_cmd = default|update_cmd = security|' /etc/yum/yum-cron-hourly.conf
and just a tip if you ever wanted to check for the cron log
grep yum.cron /var/log/cron | tail -10
and to check yum log when it does notify of updates
tail -10 /var/log/yum.log
Prepare CloudFlare
now click continue and in the next windows choose the free plan,
click continue and you will get a window like this telling you which nameservers you should use for your domain
After you waited some time, on the new page you will click recheck name servers.
Setting up page rules for WordPress
cloud flare gives you 3-page rules for free.
You have to add those not to have a problem in admin panel and in login page (like users will log in but still see the login button)
to do so go to Cloudflare and from up go to page rules then add those rules
https://*yourdomain.com/wp-login.php*
https://*yourdomain.com/wp-admin/*
https://*yourdomain.com/*
Adding website on Centmin Mod server.
PLEASE MAKE SURE THAT YOUR DOMAIN CLOUDFLARE SSL IS SET TO ‘flexible’ AT THIS POINT.
OTHERWISE, YOU WILL GET ERROR CREATING LET’s ENCRYPT CERTIFICATE (we will turn the SSL in Cloudflare to strict full when we are done)
Now Let’s start by running centmin mod script
cd /usr/local/src/centminmod ./centmin.sh
go for option 22(if you don’t want the auto WordPress website then choose option 2)
when it asks
Do you want to continue with Nginx vhost site creation ?
type Y and click enter
Enter vhost domain name you want to add (without www. prefix)
now if you want to use the let’s encrypt SSL on this website (recommended)
Create a self-signed SSL certificate Nginx vhost?
type Y and click enter
Get Letsencrypt SSL certificate Nginx vhost? [y/n]:
type Y and click enter
You have 4 options:
1. issue staging test cert with HTTP + HTTPS (untrusted) 2. issue staging test cert with HTTPS default (untrusted) 3. issue live cert with HTTP + HTTPS (trusted) 4. issue live cert with HTTPS default (trusted)
Theme Setup: Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]:
WordPress Setup: Set custom WP Admin Display Name ? [y/n]:
Install WordPress in subdirectory /blog ? [y/n]:
if you want your WordPress installation to be in /blog like yourdomain.com/blog
I don’t want to, so N for me
Disable Auto Generated WP Admin Username / Password ? [y/n]:
Disable wp-login.php password protection? (less security) [y/n]:
Enter the email address for Admin User for WordPress Installation:
Default is to install KeyCDN WP Cache Enabler Plugin as it's more stable and reliable than WP Super Cache. Redis cache may have issues with caching due to long 6hr cache TTL You can select which caching method to use below: -------------------------------------------------------- Wordpress Caching -------------------------------------------------------- 1). KeyCDN Cache Enabler (default & recommended) 2). Redis Nginx Level Caching (may have issues with some wp plugins) 3). WordPress Super Cache
so I go for 1
Create FTP username for vhost domain (enter username):
Do you want to auto-generate FTP password (recommended) [y/n]:
up to you, I would go for yes
then copy the username and password that the script returned and save them somewhere safe
Do you want to exclude mobile/tablet devices from Cache Enabler caching? [y/n]
up to you but I went for n since I had no problem with my theme when it was on but if you are not sure, then go for Y
then it will start downloading WordPress etc..
then it will stop and asks
------------------------------------------------- acmetool.sh is in beta testing phase please read & provide bug reports & feedback for this tool via the forums https://centminmod.com/acmetool ------------------------------------------------- continue [y/n] ?
click y and enter
now everything should be ready for you :D.
Note: in case you got too many redirects error, that is because you are using the Cloudflare SSL as flexible (which I warned that before starting turn off the SSL of Cloudflare)
then, in this case, your let’s encrypt wasn’t installed correctly,
So after changing the Cloudflare SSL to full and your website opens with no errors, I recommend fixing the let’s encrypt by typing
cd /usr/local/src/centminmod/addons ./acmetool.sh reissue yourdomain.com lived
which should fix the SSL for you, with full SSL, Cloudflare serves visitors the Cloudflare SSL but communicates with your site via let’s encrypt SSL https so both ends are encrypted. Flexible SSL is less secure as Cloudflare communicates with your site via non-https so not encrypted.
now we have let’s encrypt and Full SSL support from Cloudflare
for more information about Cloudflare’s SSL click here
WWW or non-WWW
Now that everything is working perfectly, you might want to make your website redirects to www instead of non-www.
cd /usr/local/nginx/conf/conf.d/ ls sudo nano yourdomain.ssl.conf
then change it to this
server {
server_name yourdomain.com www.yourdomain.com;
return 302 https://www.$server_name$request_uri;
include /usr/local/nginx/conf/staticfiles.conf;
}
service nginx restart
Note: After everything is working after your changes, you can change 302 in the code above again to 301 and restart the server again. key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don’t let go of 301 permanent redirect browser cache that willingly.
curl -I http://domain.comcurl -I http://www.domain.com
Redirecting *.yourdomain.com to yourdomain.com
In Centmin Mod hosted websites if you entered a subdomain that doesn’t exist it takes you to the centmin mod index page.
the page is located at
/usr/local/nginx/html
but to redirect them always to your main domain, go to
cd /usr/local/nginx/conf/conf.d
then do an ls command then
sudo nano yourdomain.ssl.conf
and add this part of the code. (remove the www from www.yourdomain.com to redirect to non-www version)
server {
server_name *.yourdomain.com;
return 301 https://www.yourdomain.com;
include /usr/local/nginx/conf/staticfiles.conf;
}service nginx restart
Fix WordPress Sitemap.xml
If you faced some problems with your SEO plugin like YOAST.
The Yoast SEO XML sitemap URL uses a pretty permalink of example.com/sitemap_index.xml but, behind the scenes, this URL also has a non-pretty permalink of example.com/?sitemap=1. If you can load and see the sitemap using the non-pretty permalink, your server is not set up to redirect and, thus, you’ll need to add redirect rules.
so to fix it go to
cd /usr/local/nginx/conf/conf.d
then do an ls command then
sudo nano yourdomain.ssl.conf
then add this code block inside the server {}
#Yoast SEO Sitemaps
location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
## this redirects sitemap.xml to /sitemap_index.xml
rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
## this makes the XML sitemaps work
rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
## The following lines are optional for the premium extensions
## News SEO
rewrite ^/news-sitemap.xml$ /index.php?sitemap=wpseo_news last;
## Local SEO
rewrite ^/locations.kml$ /index.php?sitemap=wpseo_local_kml last;
rewrite ^/geo-sitemap.xml$ /index.php?sitemap=wpseo_local last;
## Video SEO
rewrite ^/video-sitemap.xsl$ /index.php?xsl=video last;
}service nginx restart
About the email server
Adding your own mail server is an overkill and most of the time it won’t work correctly.
It is like you wanted to eat bread so you decided to open a bakery shop :D.
So as eva2000 suggested (me too) is not to load your own mail server ( even though you can),
but instead you can choose a third party company which will do the job for you (way better than hosting your own server) and some of them are FREE:D.
Ok so I tried ZOHO, it was ok but the free version is limited too much. But if you won’t have too much email accounts then it is perfect, it even allows you to create your own login page like mail.yourdomain.com and put a custom logo on it.
The second option is Yandex, I know, I hate Yandex too but hey it is FREE 😀 and it gives allot more mail accounts (1000) compared to Zoho which was 50 I think, it also allows you to create your own login page like mail.yourdomain.com.
Now If you are ok paying some money then I recommend going to google since hey, who likes Yandex man 😀 and you will pay only 5 dollars a month.
Note: I am using Zoho and Yandex and Gmail and ALL OF THEM works perfectly (if you set them up correctly).
The most important part in not getting your emails into spam is to set up your SPF and dkim correctly ( while using any of the 3 providers up they will show you how to do it step by step so no need to duplicate their tutorial here ).
Thanks for great guide!
if using Cloudflare then you don’t need Lets Encrypt SSL cuz anyway free self-signed SSL like OpenSSL will pairing with Cloudflare automatic and easier to maintain …. problem is CentOS do not package OpenSSL but Ubuntu did…
so its working like that in SlickStack script (Ubuntu) but I think you can use OpenSSL in Centminmod too
Thank you, awesome article
it helped me alot
eva should add this article as a starter guide for WordPress users 😀
Thank You!
Thank you for so detail guide