Wordpress Nginx Auto Installer (WP Super Cache)

Centmin Mod has an inbuilt Wordpress + Wordpress Super Cache auto installer which is invoked via centmin.sh menu option 22. It is recommended to always ensure your Centmin Mod installed code is up to date before running centmin.sh menu option 22. To update follow instructions at http://centminmod.com/upgrade.html. A Wordpress7 demo site was created using this Wordpress auto installer.

Centmin Mod 123.09beta01 branch has further improved this Wordpress auto installer switching from WP Super Cache to an improved KeyCDN Cache Enable WP Plugin instead as well as general improvements in the initial Wordpress auto installation routine and Nginx security and performance setup.

This Wordpress installer uses the WP-CLI command line tool to automate the installation of Wordpress itself and Wordpress database setup along with auto installing and activating a select few Wordpress Plugins. WP-CLI tool only works for PHP versions 5.3, 5.4, 5.5, 5.6 and 7.0. PHP 7.0 is not compatible with WP-CLI tool and thus centmin.sh menu option 22 won't work properly with PHP 7.0 right now. WP-CLI issue #1842.

The auto installer routine installs some security and performance related Wordpress Plugins and auto activates some. Some other Wordpress Plugins are installed but not auto activated so you can decide yourself whether or not they are useful. You can see that Wordpress plugins are installed in the full example output at bottom of this page. The auto installed Wordpress Nginx vhost site is locked down tight out of the box with HTTP authentication password protected wp-login.php and Nginx request based rate limiting setup for wp-login.php and xmlrpc.php files.

Once the installer completes, you will also have a list of steps to complete manually to properly configure your Wordpress installation to enable Wordpress Super Cache plugin support and also properly set up other auto installed Wordpress plugins.

Additional Performance & General Notes

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                   
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ]  22

Below is a full example output from the command for creating a new Nginx vhost site - newdomain2.com with self-signed SSL certificated and SSL Nginx vhost and non-SSL Nginx vhost auto generated. This outout is also logged into a file at /root/centminlogs with filename *_wordpress_addvhost.log if you ever need to reference the information again.

ls -lArt /root/centminlogs
total 4700
-rw-r--r--. 1 root root   17209 Apr  3 01:49 centminmod_1.2.3-eva2000.08_030415-114321_yuminstall_centos7.log
-rw-r--r--. 1 root root   75088 Apr  3 01:50 centminmod_yumtimes_030415-114321.log
-rw-r--r--. 1 root root   29291 Apr  3 02:08 centminmod_1.2.3-eva2000.08_030415-114321_yum-log.log
-rw-r--r--. 1 root root 4608802 Apr  3 02:08 centminmod_1.2.3-eva2000.08_030415-114321_install.log
-rw-r--r--  1 root root    1607 Apr  5 06:46 centminmod_1.2.3-eva2000.08_050415-064607_nginx_addvhost.log
-rw-r--r--  1 root root    1205 Sep  3 04:26 centminmod_wpcli_install_030915-042610.log
-rw-r--r--  1 root root   27486 Sep  3 04:31 centminmod_1.2.3-eva2000.08_030915-042607_wordpress_addvhost.log

Of particular note are these sections of output:

The uninstall script and Wordpress auto updating cronjob which is created automatically at generation time. Also Wordpress built in cron is disabled and a system cronjob is setup in it's place as well. A random sleep time is set so that multiple Wordpress auto installs do not conflict with each other for WP Cron and Wordpress auto updating at the system level.

------------------------------------------------------------
Created uninstall script
/root/tools/wp_uninstall_newdomain2.com.sh
------------------------------------------------------------
------------------------------------------------------------
Created wp_updater_newdomain2.com.sh script
/root/tools/wp_updater_newdomain2.com.sh
------------------------------------------------------------
*/4 * * * * /usr/bin/cminfo_updater
*/15 * * * * sleep 119s ; wget -O - -q -t 1 http://newdomain2.com/wp-cron.php?doing_wp_cron=1 > /dev/null 2>&1
0 */8 * * * sleep 214s ;/root/tools/wp_updater_newdomain2.com.sh 2>/dev/null

The Pure-Ftpd virtual FTP username/login details, Wordpress site admin and MySQL database login details and the paths to whether the Nginx non-https and https vhost files are and your public web root path - /home/nginx/domains/newdomain2.com/public and where the self-signed SSL certificates are located - /usr/local/nginx/conf/ssl/newdomain2.com. The Wordpress Admin userid is also changed automatically at install time to a random generated user id instead of user id = 1.

-------------------------------------------------------------
FTP hostname : IPADDRESS
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for newdomain2.com : wpftpuser01
FTP password created for newdomain2.com : SxxQgOdV1v1PSBweqo57M
-------------------------------------------------------------
vhost for newdomain2.com created successfully

domain: http://newdomain2.com
vhost conf file for newdomain2.com created: /usr/local/nginx/conf/conf.d/newdomain2.com.conf

vhost ssl for newdomain2.com created successfully

domain: https://newdomain2.com
vhost ssl conf file for newdomain2.com created: /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.csr

upload files to /home/nginx/domains/newdomain2.com/public
vhost log files directory is /home/nginx/domains/newdomain2.com/log

------------------------------------------------------------
SSH commands to uninstall created Wordpress install and Nginx vhost:
  /root/tools/wp_uninstall_newdomain2.com.sh
------------------------------------------------------------

------------------------------------------------------------
Wordpress Auto Updater created at:
  /root/tools/wp_updater_newdomain2.com.sh
cronjob set for every 8 hours update (3x times per day)
------------------------------------------------------------

Wordpress domain: newdomain2.com
Wordpress DB Name: wp20480db_8333
Wordpress DB User: wpdb8333u21571
Wordpress DB Pass: wpdbskyTckdBbFJSp7982
Wordpress Admin User ID: 265902
Wordpress Admin User: zfDawCEvFRqn0U4VQ+wp28801
Wordpress Admin Pass: zNOnATs3Mutwps15760
Wordpress Admin Email: MY@EMAILADDRESS

Wordpress wp-login.php password protection info:
wp-login.php protection file /home/nginx/domains/newdomain2.com/htpasswd_wplogin
wp-login.php protection Username: ueZ7ghBHIxMlTnx6972
wp-login.php protection Password: pTRnQhwn6Vin6o6mRlY2y6972
http://ueZ7ghBHIxMlTnx6972:pTRnQhwn6Vin6o6mRlY2y6972@newdomain2.com/wp-login.php

Rate limiting by requests/s. Rate limiting per IP connections is commented out by default.

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/newdomain2.com/htpasswd_wplogin;    
    include /usr/local/nginx/conf/php-wpsc.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwplogin burst=2 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
}


Full example output below:

------------------------------------------------------------
Installing wpcli.sh
------------------------------------------------------------
installing...

Error: /usr/bin/wp not found !!! Downloading now......
2015-09-03 04:26:12 URL:https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar [1386662/1386662] -> "/usr/bin/wp" [1]
Download done.

Error: /root/wpcli/wp-completion.bash not found !!! Downloading now......
2015-09-03 04:26:13 URL:https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash [495/495] -> "/root/wpcli/wp-completion.bash" [1]
Download done.

-------------------------------------------------------------
PHP binary:     /usr/local/bin/php
PHP version:    5.4.44
php.ini used:   /usr/local/lib/php.ini
WP-CLI root dir:        phar://wp-cli.phar
WP-CLI global config:
WP-CLI project config:
WP-CLI version: 0.20.0
-------------------------------------------------------------

-------------------------------------------------------------
wp-cli install completed
Read http://wp-cli.org/ for full usage info

-------------------------------------------------------------
Please log out of SSH session and log back in
You can then call wp-cli via command: wp
i.e. wp --info --allow-root
-------------------------------------------------------------

-------------------------------------------------------------
Setup full Nginx vhost + Wordpress + WP Super Cache
-------------------------------------------------------------

Enter vhost domain name you want to add (without www. prefix): newdomain2.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: y

Enter email address for Wordpress Installation: MY@EMAILADDRESS

Create FTP username for vhost domain (enter username): wpftpuser01

Do you want to auto generate FTP password (recommended) [y/n]: y

FTP username you entered: wpftpuser01
FTP password auto generated: SxxQgOdV1v1PSBweqo57M

Password: 
Enter it again: 
/usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/newdomain2.com/htpasswd_wplogin ueZ7ghBHIxMlTnx6972 pTRnQhwn6Vin6o6mRlY2y6972

/home/nginx/domains/newdomain2.com/htpasswd_wplogin contents:
ueZ7ghBHIxMlTnx6972:$apr1$7AKvqTxS$nkfr5kBdLhnuW.sIwrGVu0
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------

---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keep both private key and CSR safe
creating CSR File: newdomain2.com.csr
creating private key: newdomain2.com.key
creating self-signed SSL certificate: newdomain2.com.crt
Generating a 2048 bit RSA private key
.+++
...............................................................................................................................................................................+++
writing new private key to 'newdomain2.com.key'
-----
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=newdomain2.com/OU=newdomain2.com/CN=newdomain2.com
Getting Private key

---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....+....................................................++*++*
dhparam file generation time: 21.867212782
------------------------------------------------------------
Setup Wordpress + Super Cache for newdomain2.com
------------------------------------------------------------
Downloading WordPress 4.3 (en_US)...
Success: WordPress downloaded.
Success: Generated wp-config.php file.
*/4 * * * * /usr/bin/cminfo_updater
*/15 * * * * sleep 119s ; wget -O - -q -t 1 http://newdomain2.com/wp-cron.php?doing_wp_cron=1 > /dev/null 2>&1
Success: WordPress installed successfully.

------------------------------------------------------------
Installing Responsive (1.9.7.7)
Downloading install package from https://downloads.wordpress.org/theme/responsive.1.9.7.7.zip...
Unpacking the package...
Installing the theme...
Theme installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'responsive'...
Success: Switched to 'Responsive' theme.
------------------------------------------------------------
------------------------------------------------------------
Installing WP Super Cache (1.4.4)
Downloading install package from https://downloads.wordpress.org/plugin/wp-super-cache.1.4.4.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'wp-super-cache'...
Success: Plugin 'wp-super-cache' activated.
------------------------------------------------------------
Installing WP Super Cache - Clear all cache (1.3.1)
Downloading install package from https://downloads.wordpress.org/plugin/wp-super-cache-clear-cache-menu.1.3.1.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'wp-super-cache-clear-cache-menu'...
Success: Plugin 'wp-super-cache-clear-cache-menu' activated.
------------------------------------------------------------
Installing Autoptimize (1.9.4)
Downloading install package from https://downloads.wordpress.org/plugin/autoptimize.1.9.4.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'autoptimize'...
Success: Plugin 'autoptimize' activated.
------------------------------------------------------------
Installing Rocket Lazy Load (1.0.4)
Downloading install package from https://downloads.wordpress.org/plugin/rocket-lazy-load.1.0.4.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'rocket-lazy-load'...
Success: Plugin 'rocket-lazy-load' activated.
------------------------------------------------------------
Installing Acunetix WP Security (4.0.5)
Downloading install package from https://downloads.wordpress.org/plugin/wp-security-scan.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'wp-security-scan'...
Success: Plugin 'wp-security-scan' activated.
------------------------------------------------------------
Installing Sucuri Security - Auditing, Malware Scanner and Security Hardening (1.7.13)
Downloading install package from https://downloads.wordpress.org/plugin/sucuri-scanner.1.7.13.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'sucuri-scanner'...
Success: Plugin 'sucuri-scanner' activated.
------------------------------------------------------------
Installing Disable XML-RPC (1.0.1)
Downloading install package from https://downloads.wordpress.org/plugin/disable-xml-rpc.1.0.1.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'disable-xml-rpc'...
Success: Plugin 'disable-xml-rpc' activated.
------------------------------------------------------------
Installing Limit Login Attempts (1.7.1)
Downloading install package from https://downloads.wordpress.org/plugin/limit-login-attempts.1.7.1.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'limit-login-attempts'...
Success: Plugin 'limit-login-attempts' activated.
------------------------------------------------------------
Installing WP Updates Notifier (1.4.3)
Downloading install package from https://downloads.wordpress.org/plugin/wp-updates-notifier.1.4.3.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'wp-updates-notifier'...
Success: Plugin 'wp-updates-notifier' activated.
------------------------------------------------------------
Installing No Longer in Directory (1.0.43)
Downloading install package from https://downloads.wordpress.org/plugin/no-longer-in-directory.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'no-longer-in-directory'...
Success: Plugin 'no-longer-in-directory' activated.
------------------------------------------------------------
Installing WP-Optimize (1.8.9.10)
Downloading install package from https://downloads.wordpress.org/plugin/wp-optimize.1.8.9.10.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'wp-optimize'...
Success: Plugin 'wp-optimize' activated.
------------------------------------------------------------
Installing TPC! Memory Usage (0.9.1)
Downloading install package from https://downloads.wordpress.org/plugin/tpc-memory-usage.0.9.1.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'tpc-memory-usage'...
Success: Plugin 'tpc-memory-usage' activated.
------------------------------------------------------------
Installing GTmetrix for WordPress (0.4.1)
Downloading install package from https://downloads.wordpress.org/plugin/gtmetrix-for-wordpress.0.4.1.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'gtmetrix-for-wordpress'...
Success: Plugin 'gtmetrix-for-wordpress' activated.
------------------------------------------------------------
Installing P3 (Plugin Performance Profiler) (1.5.3.9)
Downloading install package from https://downloads.wordpress.org/plugin/p3-profiler.1.5.3.9.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'p3-profiler'...
Success: Plugin 'p3-profiler' activated.
------------------------------------------------------------
Installing Yoast SEO (2.3.4)
Downloading install package from https://downloads.wordpress.org/plugin/wordpress-seo.2.3.4.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'wordpress-seo'...
Success: Plugin 'wordpress-seo' activated.
------------------------------------------------------------
Installing UpdraftPlus Backup and Restoration (1.11.5)
Downloading install package from https://downloads.wordpress.org/plugin/updraftplus.1.11.5.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'updraftplus'...
Success: Plugin 'updraftplus' activated.
------------------------------------------------------------
Installing Google Analytics by Yoast (5.4.6)
Downloading install package from https://downloads.wordpress.org/plugin/google-analytics-for-wordpress.5.4.6.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'google-analytics-for-wordpress'...
Success: Plugin 'google-analytics-for-wordpress' activated.
------------------------------------------------------------
------------------------------------------------------------
Installing Query Monitor (2.7.4)
Downloading install package from https://downloads.wordpress.org/plugin/query-monitor.2.7.4.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
------------------------------------------------------------
Installing Gigaom New Relic (0.3)
Downloading install package from https://downloads.wordpress.org/plugin/go-newrelic.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
PHP Warning:  An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /home/nginx/domains/newdomain2.com/public/wp-includes/update.php on line 302
Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /home/nginx/domains/newdomain2.com/public/wp-includes/update.php on line 302
------------------------------------------------------------
Installing DB Cache Reloaded Fix (2.3)
Downloading install package from https://downloads.wordpress.org/plugin/db-cache-reloaded-fix.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
------------------------------------------------------------
Installing Google Authenticator (0.47)
Downloading install package from https://downloads.wordpress.org/plugin/google-authenticator.0.47.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
------------------------------------------------------------
Installing Smart Layers by AddThis (1.0.10)
Downloading install package from https://downloads.wordpress.org/plugin/addthis-smart-layers.1.0.10.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
------------------------------------------------------------
Installing Search Regex (1.4.15)
Downloading install package from https://downloads.wordpress.org/plugin/search-regex.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
------------------------------------------------------------
Success: Updated 0/0 plugins.

26 installed plugins:
  A wp-security-scan                4.0.5
  I addthis-smart-layers            1.0.10
  I akismet                         3.1.3
  A autoptimize                     1.9.4
  I db-cache-reloaded-fix           2.3
  A disable-xml-rpc                 1.0.1
  I go-newrelic                     0.3
  A google-analytics-for-wordpress  5.4.6
  I google-authenticator            0.47
  A gtmetrix-for-wordpress          0.4.1
  I hello                           1.6
  A limit-login-attempts            1.7.1
  A no-longer-in-directory          1.0.43
  A p3-profiler                     1.5.3.9
  I query-monitor                   2.7.4
  A rocket-lazy-load                1.0.4
  I search-regex                    1.4.15
  A sucuri-scanner                  1.7.13
  A tpc-memory-usage                0.9.1
  A updraftplus                     1.11.5
  A wp-optimize                     1.8.9.10
  A wp-super-cache                  1.4.4
  A wp-super-cache-clear-cache-menu 1.3.1
  A wp-updates-notifier             1.4.3
  A wordpress-seo                   2.3.4
  M p3-profiler                    

Legend: A = Active, I = Inactive, M = Must Use
------------------------------------------------------------
------------------------------------------------------------
Created uninstall script
/root/tools/wp_uninstall_newdomain2.com.sh
------------------------------------------------------------
------------------------------------------------------------
Created wp_updater_newdomain2.com.sh script
/root/tools/wp_updater_newdomain2.com.sh
------------------------------------------------------------
*/4 * * * * /usr/bin/cminfo_updater
*/15 * * * * sleep 119s ; wget -O - -q -t 1 http://newdomain2.com/wp-cron.php?doing_wp_cron=1 > /dev/null 2>&1
0 */8 * * * sleep 214s ;/root/tools/wp_updater_newdomain2.com.sh 2>/dev/null

-------------------------------------------------------------
service nginx reload
systemctl restart pure-ftpd.service

-------------------------------------------------------------
FTP hostname : IPADDRESS
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for newdomain2.com : wpftpuser01
FTP password created for newdomain2.com : SxxQgOdV1v1PSBweqo57M
-------------------------------------------------------------
vhost for newdomain2.com created successfully

domain: http://newdomain2.com
vhost conf file for newdomain2.com created: /usr/local/nginx/conf/conf.d/newdomain2.com.conf

vhost ssl for newdomain2.com created successfully

domain: https://newdomain2.com
vhost ssl conf file for newdomain2.com created: /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.csr

upload files to /home/nginx/domains/newdomain2.com/public
vhost log files directory is /home/nginx/domains/newdomain2.com/log

------------------------------------------------------------
SSH commands to uninstall created Wordpress install and Nginx vhost:
  /root/tools/wp_uninstall_newdomain2.com.sh
------------------------------------------------------------

------------------------------------------------------------
Wordpress Auto Updater created at:
  /root/tools/wp_updater_newdomain2.com.sh
cronjob set for every 8 hours update (3x times per day)
------------------------------------------------------------

Wordpress domain: newdomain2.com
Wordpress DB Name: wp20480db_8333
Wordpress DB User: wpdb8333u21571
Wordpress DB Pass: wpdbskyTckdBbFJSp7982
Wordpress Admin User ID: 265902
Wordpress Admin User: zfDawCEvFRqn0U4VQ+wp28801
Wordpress Admin Pass: zNOnATs3Mutwps15760
Wordpress Admin Email: MY@EMAILADDRESS

Wordpress wp-login.php password protection info:
wp-login.php protection file /home/nginx/domains/newdomain2.com/htpasswd_wplogin
wp-login.php protection Username: ueZ7ghBHIxMlTnx6972
wp-login.php protection Password: pTRnQhwn6Vin6o6mRlY2y6972
http://ueZ7ghBHIxMlTnx6972:pTRnQhwn6Vin6o6mRlY2y6972@newdomain2.com/wp-login.php

Resetting wp-login.php protection:
Step 1. remove protection file at /home/nginx/domains/newdomain2.com/htpasswd_wplogin
     rm -rf /home/nginx/domains/newdomain2.com/htpasswd_wplogin
Step 2. run command:
     /usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/newdomain2.com/htpasswd_wplogin YOURUSERNAME YOURPASSWORD
Step 3. restart Nginx + PHP-FPM services
     nprestart

-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/

                       
Apr 3   01:58   798    ssl.conf
Apr 3   01:58   1.1K   demodomain.com.conf
Apr 5   07:48   1.1K   newdomain1.com.conf
Apr 5   11:42   1.4K   virtual.conf
Sep 3   04:27   2.1K   newdomain2.com.conf
Sep 3   04:27   3.7K   newdomain2.com.ssl.conf

-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/newdomain2.com

                       
Sep 3   04:27   1.7K   newdomain2.com.key
Sep 3   04:27   1.1K   newdomain2.com.csr
Sep 3   04:27   1.3K   newdomain2.com.crt
Sep 3   04:27   424    dhparam.pem

------------------------------------------------------------
To complete setup:
1. Enable Permalinks (DO NOT use links with .html extensions for performance reasons) i.e. /%post_id%/%postname%/
2. Settings Menu > Super Cache > Easy tab and enable it by checking Caching On (Recommended) and hit Update Status
3. Advanced tab & check Use mod_rewrite serve cache files & Don’t cache pages with GET parameters and Known User. 
   (Recommended), Cache rebuild for anonymous users, clear all cache when a post or page updated & hit Update Status
4. WP Security Menu > Settings > Check All except Enable Live Traffic tool and hit Update settings
5. Settings Menu > Updates Notifier and setup your notify email address and cronjob (save and test button to check)
6. Settings Mnenu > Autoptimize and check Optimize HTML, JavaScript and CSS options (show advanced settings)
7. Settings Menu > Limit Login Attempts and configure as desired or leave as defaults
8. Sucuri Security Menu and top left click Generate API key for your domain/email and configure your Settings tab
9. WP-Optimize Menu and configure as needed
10. Memory Usage Menu > Settings and adjust accordingly
11. GTmetrix Menu > setup and register your GTmetrix Account and API Key
12. go-newrelic plugin installed but not activated read https://wordpress.org/plugins/go-newrelic/installation/
13. Tools > P3 Plugin Profiler > Start Scan to profile all your plugins
14. Plugins > Query Monitor is disabled by default, enable to check MySQL query stats
15. Plugins > DB Cache Reloaded disabled by default unsure if works with Wordpress 4.x ?
16. Appearance > Theme Options (Responsive theme) > Home Page nav bar > Uncheck Overrides Wordpress front page option
17. Seo Menu (Yoast SEO) > configure accordingly
18. Settings > UpdraftPlus Backups > Settings set file/database backup intervals & optional backup to remote storage
19. Analytics > Settings > configure your Google Analytics UA Code
------------------------------------------------------------

Additionl Steps

Once installed at bottom of output you will see the steps needed to complete WP Super Cache setup along with configuring and setting up the other automatically installed WP Plugins. The first three steps are important for a working Wordpress + WP Super Cache setup.

------------------------------------------------------------
To complete setup:
1. Enable Permalinks (DO NOT use links with .html extensions for performance reasons) i.e. /%post_id%/%postname%/
2. Settings Menu > Super Cache > Easy tab and enable it by checking Caching On (Recommended) and hit Update Status
3. Advanced tab & check Use mod_rewrite serve cache files & Don’t cache pages with GET parameters and Known User. 
   (Recommended), Cache rebuild for anonymous users, clear all cache when a post or page updated & hit Update Status
4. WP Security Menu > Settings > Check All except Enable Live Traffic tool and hit Update settings
4. WP Security Menu > Settings > Check All except Enable Live Traffic tool and hit Update settings
5. Settings Menu > Updates Notifier and setup your notify email address and cronjob (save and test button to check)
6. Settings Mnenu > Autoptimize and check Optimize HTML, JavaScript and CSS options (show advanced settings)
7. Settings Menu > Limit Login Attempts and configure as desired or leave as defaults
8. Sucuri Security Menu and top left click Generate API key for your domain/email and configure your Settings tab
9. WP-Optimize Menu and configure as needed
10. Memory Usage Menu > Settings and adjust accordingly
11. GTmetrix Menu > setup and register your GTmetrix Account and API Key
12. go-newrelic plugin installed but not activated read https://wordpress.org/plugins/go-newrelic/installation/
13. Tools > P3 Plugin Profiler > Start Scan to profile all your plugins
14. Plugins > Query Monitor is disabled by default, enable to check MySQL query stats
15. Plugins > DB Cache Reloaded disabled by default unsure if works with Wordpress 4.x ?
16. Appearance > Theme Options (Responsive theme) > Home Page nav bar > Uncheck Overrides Wordpress front page option
17. Seo Menu (Yoast SEO) > configure accordingly
18. Settings > UpdraftPlus Backups > Settings set file/database backup intervals & optional backup to remote storage
19. Analytics > Settings > configure your Google Analytics UA Code
------------------------------------------------------------


Verifying WP Super Cache is Working

To verify if Wordpress Super Cache is working you can in a private incognito web browser session view a Wordpress page's source code and at bottom near the footer you should see something like this

<!-- Dynamic page generated in 0.209 seconds. -->
<!-- Cached page generated by WP-Super-Cache on 2015-09-03 17:58:31 -->

Or from SSH command line type

curl -s http://yourwpdomain.com | tail -5

output would be something like below - of particular need to ensure there is a line that says Cached page generated by WP-Super-Cache

curl -s http://yourwpdomain.com | tail -5
<!-- Dynamic page generated in 0.209 seconds. -->
<!-- Cached page generated by WP-Super-Cache on 2015-09-03 17:58:31 -->


Wordpress Nginx Vhost Contents

The contents of auto generated Nginx vhost for non-https site at /usr/local/nginx/conf/conf.d/newdomain2.com.conf

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www 
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name newdomain2.com;
#            return 301 $scheme://www.newdomain2.com$request_uri;
#       }

server {
  server_name newdomain2.com www.newdomain2.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain2.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/newdomain2.com/log/error.log;

  root /home/nginx/domains/newdomain2.com/public;

  # prevent access to ./directories and files
  #location ~ (?:^|/)\. {
  # deny all;
  #}

include /usr/local/nginx/conf/wpsupercache_newdomain2.com.conf;  

  location / {

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;  

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/newdomain2.com/htpasswd_wplogin;    
    include /usr/local/nginx/conf/php-wpsc.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwplogin burst=2 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

  include /usr/local/nginx/conf/wpsecure_newdomain2.com.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}


The contents of auto generated Nginx vhost for https self-signed SSL certificate site at /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf.

To switch to using paid and web browser trusted SSL certificates follow instructions at http://centminmod.com/nginx_domain_dns_setup.html#switchssl and http://centminmod.com/nginx_configure_https_ssl_spdy.html to switch the following parameters:

  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key;

and enable (uncomment - remove hash # in front of the lines for the following)

  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com-trusted.crt;


Note, Nginx now has switched from SPDY to HTTP/2 for SSL, so need to follow the changes outlined at http://centminmod.com/http2-nginx.html#http2spdy

listen directive changes with replacing spdy with http2 parameter

  listen 443 ssl spdy;

becomes

  listen 443 ssl http2;

If you do not replace the listen directive and have Nginx HTTP/2 compiled, you will receive an error on Nginx restart similar to the one below.

ngxrestart
nginx: [emerg] invalid parameter "spdy": the SPDY module was deprecated, use the HTTP/2 module instead in /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf:15
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

Some SPDY specific options will need to be removed for Nginx HTTP/2 patched server to start up properly. These options include:

Error on Nginx restart after HTTP/2 patch applied for unsupported SPDY options

  nginx: [emerg] unknown directive "spdy_keepalive_timeout"

contents of /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf for HTTP/2

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY or HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#   server_name newdomain2.com www.newdomain2.com;
#    return 302 https://$server_name$request_uri;
# }

server {
  listen 443 ssl http2;
  server_name newdomain2.com www.newdomain2.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain2.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
  
  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com-trusted.crt;  

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain2.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/newdomain2.com/log/error.log;

  root /home/nginx/domains/newdomain2.com/public;

  # prevent access to ./directories and files
  #location ~ (?:^|/)\. {
  # deny all;
  #}

include /usr/local/nginx/conf/wpsupercache_newdomain2.com.conf;  

  location / {

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;  

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/newdomain2.com/htpasswd_wplogin;    
    include /usr/local/nginx/conf/php-wpsc.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwplogin burst=2 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

  include /usr/local/nginx/conf/wpsecure_newdomain2.com.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

contents of /usr/local/nginx/conf/conf.d/newdomain2.com.ssl.conf for SPDY/3.1

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY or HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#   server_name newdomain2.com www.newdomain2.com;
#    return 302 https://$server_name$request_uri;
# }

server {
  listen 443 ssl spdy;
  server_name newdomain2.com www.newdomain2.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain2.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
  
  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/newdomain2.com/newdomain2.com-trusted.crt;  

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/newdomain2.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/newdomain2.com/log/error.log;

  root /home/nginx/domains/newdomain2.com/public;

  # prevent access to ./directories and files
  #location ~ (?:^|/)\. {
  # deny all;
  #}

include /usr/local/nginx/conf/wpsupercache_newdomain2.com.conf;  

  location / {

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;  

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/newdomain2.com/htpasswd_wplogin;    
    include /usr/local/nginx/conf/php-wpsc.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwplogin burst=2 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
}

  include /usr/local/nginx/conf/wpsecure_newdomain2.com.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}