Frequently Asked Questions

Find answers to common questions about installing, configuring, and managing your Centmin Mod LEMP stack.

Centmin Mod FAQ

What Linux operating systems does Centmin Mod support?

Centmin Mod supports AlmaLinux, Rocky Linux, and CentOS (x86_64 architecture only):

  • AlmaLinux 8 and AlmaLinux 9 — all branches (132.00stable, 140.00beta01, 141.00beta01)
  • AlmaLinux 10 — 141.00beta01 branch only (early beta)
  • Rocky Linux 8 and Rocky Linux 9 — all branches (132.00stable, 140.00beta01, 141.00beta01)
  • Rocky Linux 10 — 141.00beta01 branch only (early beta)
  • CentOS 7 — 132.00stable branch only; EOL June 2024, migration to AlmaLinux or Rocky Linux strongly recommended

For new installations, AlmaLinux 9 or Rocky Linux 9 is recommended. AlmaLinux and Rocky Linux are drop-in replacements for CentOS with long-term support. ARM architecture is not supported.

Does Centmin Mod work with WHM/cPanel, Plesk, DirectAdmin, Webmin, ISPConfig or other control panels?

Centmin Mod was created and tested to work as a standalone Nginx, PHP-FPM, and MariaDB MySQL stack without the use of any control panels. It does not work with WHM/cPanel, Plesk, or DirectAdmin. Only install on test servers first, not production, if you want to experiment with compatibility with other panels.

Can Centmin Mod be used for shared hosting? What about FTP/SFTP?

Centmin Mod is intended for a single root user/administrator to manage multiple or single web site domains on a VPS or dedicated server. It is not suited for shared hosting with multiple end users. For file transfers, use native SFTP via clients like FileZilla instead of FTP. Centmin Mod also includes basic isolated jailed FTP user support via Pure-FTPD virtual FTP users with FTP over explicit TLS/SSL.

How to install Centmin Mod?

Full install instructions are available on the Installation Guide page. The recommended method is the curl one-liner installer which handles downloading and configuring all components automatically.

How to upgrade Centmin Mod?

For same-branch upgrades, update the code first via menu option 23 or cmupdate, then run menu option 4 (Nginx upgrade) and option 5 (PHP upgrade) only if upgrading to new software versions. MariaDB uses YUM repo updates. For cross-branch upgrades, a fresh install on a new server is recommended.

CentOS 7 End-of-Life Notice: CentOS 7 reached EOL on June 30, 2024 and no longer receives security updates. Centmin Mod continues to work on existing CentOS 7 servers, but new installations should migrate to AlmaLinux 9 or Rocky Linux 9 (drop-in CentOS replacements with long-term support). Use Menu Option 21 backup/migration tools to migrate from CentOS 7 to AlmaLinux or Rocky Linux on a new server.
CentOS 7 is end-of-life. How do I migrate to AlmaLinux or Rocky Linux?

CentOS 7 reached end-of-life (EOL) on June 30, 2024 and no longer receives security updates. There is no in-place OS upgrade from CentOS 7 to AlmaLinux or Rocky Linux. The migration process requires:

  1. Install Centmin Mod on a new server running AlmaLinux 8/9 or Rocky Linux 8/9 (or EL10 using the 141.00beta01 branch)
  2. Use centmin.sh Menu 21 (Data Management) on the old server to back up all files and databases
  3. Transfer the backup to the new server using tunnel-transfers.sh (SSH tunnel) or S3 storage
  4. Restore on the new server and verify all sites work correctly

All three Centmin Mod branches (132.00stable, 140.00beta01, 141.00beta01) still support CentOS 7, but migration is strongly recommended. See the CentOS 7 EOL section in the upgrade guide and the Menu 21 documentation for full migration steps.

What is the default PHP version?

The default PHP version depends on the branch:

  • 132.00stable & 140.00beta01: PHP 7.4.33 default (supports PHP 7.0–8.3; can be changed during install or via menu option 5)
  • 141.00beta01: PHP 8.3.21

You can switch PHP versions using centmin.sh menu option 5. The getphpver command lists the latest available PHP versions per branch. EL8 minimum is PHP 7.2, EL9 minimum is PHP 7.4.

How to set up Nginx domain name virtual host and DNS?

Use the nv command (recommended) or centmin.sh menu option 2 to create Nginx vhost domains. For DNS, use menu option 3 (NSD) or a third-party DNS provider like Cloudflare.

The nv command is a command-line shortcut at /usr/bin/nv — equivalent to centmin.sh menu option 2 but scriptable and unattended.

Create a vhost with Let's Encrypt SSL (recommended for production):

nv -d yourdomain.com -s lelived -u FTPUSERNAME

Create a vhost with self-signed SSL (testing only):

nv -d yourdomain.com -s y -u FTPUSERNAME

Available -s SSL flag values: y (self-signed), n (no SSL), yd (self-signed + HTTPS default), le (LE staging), led (LE staging + HTTPS default), lelive (LE production), lelived (LE production + HTTPS default). For domains behind Cloudflare, use the Cloudflare DNS API validation method.

Full details on the DNS & Domain Setup page. Addon scripts are located in /usr/local/src/centminmod/addons/ — for example, /usr/local/src/centminmod/addons/acmetool.sh for Let's Encrypt management.

How to log the entire Centmin Mod install process?

Logging is automatic. Logs are saved to /root/centminlogs as timestamped files like centminmod_VERSION_DATETIME_*.log.

How to change the default date and timezone?

Before install, edit centmin.sh and change the ZONEINFO variable. After installation, modify the system timezone settings. The mytimes command displays several timezones’ relative times.

How long does it take to install Centmin Mod?

Varies by server power, network speed, and VPS type. Typical install times range from ~8–20 minutes on modern hardware. The curl one-liner install method provides breakdown statistics (YUM time, download time, compile time, total time).

What virtualization platforms are supported?

Mainly tested on KVM and OpenVZ-based VPS servers and dedicated servers with x86_64 architecture CPUs.

Will there be a Debian or FreeBSD version?

Currently CentOS/AlmaLinux/Rocky Linux only. The focus is on developing all planned features first. A Debian version is possible in the future once features are finalized. No plans for FreeBSD currently.

Why is MariaDB the default MySQL server?

MariaDB was chosen for its superior performance with both MyISAM and InnoDB engines (via Percona’s XtraDB). Current default versions:

  • 132.00stable: MariaDB 10.4 (EL7), 10.6 (EL8/EL9)
  • 140.00beta01: MariaDB 10.4 (EL7), 10.6 (EL8/EL9) — supports up to 11.4
  • 141.00beta01: MariaDB 10.6 (EL7-EL9), 10.11 (EL10) — supports up to 12.3
Postfix package conflicts with MariaDB on CentOS 6.x?

This was a CentOS 6.x issue with MariaDB 5.2 RPM packages. It is resolved in current versions using MariaDB 10.x packages which include the required dependencies. CentOS 6 is no longer supported.

How much memory is required for Centmin Mod?

Requirements depend on the OS version:

  • Minimum (EL8/EL9): 2 GB RAM + 4 GB swap + 40 GB disk
  • Recommended: 4 GB RAM + 4 GB swap + 60 GB disk
  • Optimal CPU: 2–4 cores (1 core works)

Add 1–4 GB extra RAM if running anti-malware software.

What are Centmin Mod command shortcuts?

Command shortcuts let you type one word to edit config files or manage services:

  • Config editing: phpedit, mycnf, fpmconf, nginxconf
  • Nginx: ngxstop / ngxstart / ngxrestart
  • PHP-FPM: fpmstop / fpmstart / fpmrestart
  • MariaDB: mysqlstop / mysqlstart / mysqlrestart
  • All services: npstop / npstart / nprestart
Where can I find Nginx rewrite rules for my web application?

The Centmin Mod community forums and the official Nginx forums are the best places to ask for specific rewrite rules. Centmin Mod includes standard Nginx rewrite rules for WordPress, Drupal, vBulletin, XenForo, and IPB.

Why does Centmin Mod compile some software from source instead of YUM?

Source compilation provides custom-tuned configurations, more recent software versions, and optimizations not available from YUM repo packages. Benefits include:

  • PHP Profile Guided Optimizations (+3–17% performance)
  • Intel/AMD CPU-optimized compiler options
  • Nginx HTTPS performance with latest OpenSSL/BoringSSL
  • HTTP/2 and HTTP/3 QUIC support
  • Brotli compression (~20% better than gzip)
  • jemalloc memory management
  • Let’s Encrypt SSL integration
Where are the log files located?
  • Nginx: /usr/local/nginx/logs/access.log and error.log
  • Per-domain: /home/nginx/domains/domain.com/log/
  • PHP-FPM: /var/log/php-fpm/www-error.log
  • MariaDB: /var/log/mysqld.log or journalctl -u mariadb
  • CSF: /var/log/lfd.log
  • System: /var/log/
How to enable PHP-FPM usage stats?

Edit /usr/local/nginx/conf/conf.d/virtual.conf, uncomment the line include /usr/local/nginx/conf/phpstatus.conf;, restart Nginx, then view with lynx --dump http://127.0.0.1/phpstatus.

How to change Memcached allocated memory size?

Edit /etc/init.d/memcached and change the MEMSIZE variable (in MB). Default is 8 MB. Restart with memcachedrestart.

What is Disk Alert and why monitor disk space?

A daily cron job at /etc/cron.daily/diskalert monitors disk usage and sends email alerts when any partition exceeds 90%. Edit the script to change the EMAIL address or ALERT threshold.

Where are PHP extensions loaded from?

Additional PHP compiled extensions are loaded from individual *.ini files in /etc/centminmod/php.d/. Each extension has its own .ini file (e.g., igbinary.ini, imagick.ini, memcached.ini).

Troubleshooting common errors
  • Permission denied on centmin.sh: Run chmod +x centmin.sh
  • Nginx upgrade 404 error: You entered an incorrect Nginx version number at the prompt
  • MySQL won’t start: Check error logs, kill lingering mysql processes, then restart
  • Can’t connect to Memcached: Verify memcached is running, check the PHP extension is loaded, and confirm iptables isn’t blocking port 11211
Can I install Nginx standalone without the full stack?

The full stack installs all components. However, you can disable unneeded services after install by setting variables in /etc/centminmod/custom_config.inc before running the installer: NSD_DISABLED='y', MEMCACHED_DISABLED='y', PHP_DISABLED='y', MYSQLSERVICE_DISABLED='y', PUREFTPD_DISABLED='y'.

Getting open_basedir restriction error?

Centmin Mod has open_basedir enabled in /usr/local/nginx/conf/php.conf. To disable globally: comment out the fastcgi_param PHP_ADMIN_VALUE open_basedir=... line and restart. To disable per-domain: create a copy without open_basedir and update the domain’s Nginx config to include the modified file.

How to keep Centmin Mod up to date?

Set up automatic nightly YUM updates via yum-cron, configure persistent settings in /etc/centminmod/custom_config.inc that survive auto-updates, and install the Linux Malware Detect (maldet) + ClamAV scanner addon for security monitoring.

How to customise php.ini settings?

Create /etc/centminmod/php.d/b_customphp.ini for persistent customizations that won’t be overwritten on PHP upgrades. PHP-FPM processes .ini files in alphabetical order — later files override earlier ones. Restart with fpmrestart.

How to whitelist dynamic IP addresses in CSF Firewall?

See the CSF Firewall documentation page for dynamic IP whitelisting instructions.

Does Centmin Mod Nginx support HTTP/2?

Yes. Centmin Mod Nginx includes full HTTP/2 and HTTP/3 QUIC support. All current branches compile Nginx with the latest HTTP/2 and HTTP/3 capabilities. Current Nginx version is 1.29.6 across all branches.

How to compile Nginx with minimal modules?

Disable modules by setting their corresponding variables to 'n' in /etc/centminmod/custom_config.inc, then recompile Nginx via menu option 4.

How to install Redis Server?

Centmin Mod includes the REMI YUM repo which provides the latest Redis Server. Install via YUM. See the community forum guide for detailed instructions.

How to use CDN providers at the Nginx level?

Use Nginx’s ngx_http_sub_module with sub_filter directives in your vhost config to rewrite domain URLs to CDN URLs at the Nginx level, without modifying the web application. Restart Nginx after changes.

How to enable Nginx IPv6 support?

IPv6 is native in current Nginx versions. Add AAAA DNS records, then update all vhost configs to add listen [::]:80; and listen [::]:443 ssl http2;. Restart with nprestart.

How to reset MySQL root password?
  1. Stop Nginx and MySQL: ngxstop then mysqlstop
  2. Start MySQL with skip grant tables: mysqld_safe --skip-grant-tables --skip-networking &
  3. Set new password via SQL UPDATE command
  4. Restart MySQL and Nginx
  5. Update /root/.my.cnf with the new password
How do I create a MySQL/MariaDB database and user?

Use Centmin Mod Menu 6 or the mysqladmin_shell.sh addon to create MySQL databases and users. Run centmin and select option 6, then choose sub-option 1 to create a MySQL user and database together interactively.

For scripted/non-interactive database creation, run:

/usr/local/src/centminmod/addons/mysqladmin_shell.sh createuserdb dbname dbuser dbpass

For batch creation of multiple databases from a file, use:

/usr/local/src/centminmod/addons/mysqladmin_shell.sh multidb /path/to/dblist.txt

See the MariaDB MySQL documentation for full details.

Can I remove MariaDB MySQL from my Centmin Mod server?

The official Centmin Mod recommendation is to disable and stop MariaDB rather than removing it. Run systemctl disable mariadb and systemctl stop mariadb. This frees memory while keeping the installation intact for future use. Do not uninstall the MariaDB packages, as this can break dependencies. To re-enable later, run systemctl enable mariadb && systemctl start mariadb.

How do I create an Nginx vhost site in Centmin Mod?

Use the nv command (recommended) or centmin.sh (alias centmin) menu option 2.

For a production site with free Let's Encrypt SSL:

/usr/bin/nv -d yourdomain.com -s lelived

For testing with self-signed SSL:

/usr/bin/nv -d yourdomain.com -s y

The nv command creates the Nginx vhost config at /usr/local/nginx/conf/conf.d/yourdomain.com.conf and web root at /home/nginx/domains/yourdomain.com/public. See the Nginx Domain DNS Setup guide for full vhost creation details and the Let's Encrypt Free SSL page for SSL certificate setup.

How do I create both an Nginx vhost and MySQL database together?

Run two commands: first create the vhost with /usr/bin/nv -d yourdomain.com -s lelived, then create the database with /usr/local/src/centminmod/addons/mysqladmin_shell.sh createuserdb dbname dbuser dbpass.

Or use the interactive menus: centmin.sh (alias centmin) menu option 2 for the vhost, then menu option 6 sub-option 1 for the database and user.

Do not use manual mysqladmin or raw SQL CREATE USER/GRANT commands — the Centmin Mod tools handle the full workflow. See the Nginx Domain DNS Setup guide for vhost creation, the MariaDB MySQL page for database management, and the Command Shortcuts reference for all CLI commands.

What is the centmin command vs centmin.sh?

centmin is a shell alias (installed at /usr/bin/centmin) that runs centmin.sh from any directory. Both launch the same Centmin Mod main menu. The centmin alias is the recommended way to run the menu.

The full script path is /usr/local/src/centminmod/centmin.sh. You can also use the nv command (/usr/bin/nv) for non-interactive vhost creation without entering the menu.

See the Menu Options reference for all available menu options and the Command Shortcuts page for the full list of shell aliases and commands.

Can Centmin Mod install on a low-memory VPS server with 512MB or 1GB RAM?

Servers with 512 MB or 1 GB RAM cannot run the centmin.sh installer — the minimum supported RAM for the centmin.sh installer from centminmod.com is 2 GB RAM. Upgrade to at least 2 GB RAM before attempting installation.

For 2–4 GB RAM servers, configure a 4 GB swap file before running the centmin.sh installer from centminmod.com:

dd if=/dev/zero of=/swapfile bs=1G count=4
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' >> /etc/fstab

After swap is active, run the centmin.sh installer from centminmod.com (example for AlmaLinux 9, PHP 8.3 stable branch):

yum -y update; curl -O https://centminmod.com/installer83.sh && chmod 0700 installer83.sh && bash installer83.sh

Once the centmin.sh installer finishes, free memory on 2–4 GB RAM servers by disabling unused services:

systemctl disable --now memcached
systemctl disable --now mariadb

Use centmin.sh menu options to re-enable services when needed. The recommended configuration is 4 GB+ RAM + 4 GB swap for comfortable operation of the full LEMP stack.

How to check which PHP extensions are installed?
  • php -v — Check PHP version
  • php --ini — List loaded .ini files
  • php -m — List all loaded modules
  • php --ri redis — Details for a specific extension
How to disable or temporarily disable PHP extensions?

Temporarily: Move *.ini files from /etc/centminmod/php.d/ to /etc/centminmod/php.d-disabled/ and restart PHP-FPM. Move them back to re-enable.

Permanently: Set extension variables to =n in /etc/centminmod/custom_config.inc and recompile PHP via menu option 5.

Does Centmin Mod support Nginx dynamic module loading?

Yes. All current branches support Nginx dynamic modules. Enable via variables in /etc/centminmod/custom_config.inc (e.g., NGXDYNAMIC_BROTLI, NGXDYNAMIC_NJS, NGXDYNAMIC_IMAGEFILTER), then recompile via menu option 4. Modules are loaded via /usr/local/nginx/conf/dynamic-modules.conf.

CSF Firewall blocking multiple Pure-FTPD connections from same IP?

Multiple devices sharing one ISP IP can trigger CSF’s LF_DISTFTP setting (default: 1) in /etc/csf/csf.conf. Increase the value and restart CSF with csf -r.

Site visitors are being blocked by CSF Firewall?

Possible causes: the visitor shares an IP with an attacker (auto-blocked via sshd brute force detection), or CSF block lists are enabled in /etc/csf/csf.blocklists. Check the visitor’s IP against those lists. Use csf -g IPADDRESS to investigate and csf -w IPADDRESS to watch specific IPs.

How to park a domain on an existing Nginx vhost?

Edit the Nginx vhost domain config files to add the additional domain to the server_name directive. See the community forum guide for full instructions.

How to password protect directories and files with HTTP authentication?

Use Nginx’s ngx_http_auth_basic_module. Add auth_basic and auth_basic_user_file directives in your vhost config. Create password files using:

/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_admin USERNAME PASSWORD

What Nginx version does Centmin Mod install?

Default: Centmin Mod installs Nginx 1.29.6 or newer Nginx mainline versions automatically — the same default across all branches (132.00stable, 140.00beta01, 141.00beta01). No configuration is needed.

Custom version on fresh install: To install a different Nginx version, set NGINX_VERSION='x.y.z' in /etc/centminmod/custom_config.inc before running the Centmin Mod installer.

Post-install upgrade/downgrade: Set NGINX_VERSION='x.y.z' in /etc/centminmod/custom_config.inc then run centmin.sh menu option 4. Menu option 4 is only for upgrading or downgrading Nginx after Centmin Mod is already installed. See Nginx Upgrade / Downgrade for full details.

How do I backup my Centmin Mod server and migrate to a new server?

Use centmin.sh menu option 21 (Data Management). Run the centmin command and select option 21.

Key tools:

  • backups.sh — Full file and database backups (MariaBackup for hot backups + mysqldump for logical backups)
  • tunnel-transfers.sh — Server-to-server migration via SSH tunnels
  • keygen.sh — SSH key management for passwordless authentication
  • awscli-get.sh — S3 storage upload/download profiles
How do I upgrade Centmin Mod and migrate from CentOS 7 to AlmaLinux 9?

CentOS 7 is end-of-life (EOL). OS migration requires a fresh Centmin Mod installation on a new server with the target OS, then migrating your data using menu option 21 backup/migration tools.

Branch versions:

  • 132.00stable — CentOS 7, AlmaLinux 8/9, Rocky Linux 8/9
  • 140.00beta01 — CentOS 7, AlmaLinux 8/9, Rocky Linux 8/9
  • 141.00beta01 — Adds AlmaLinux 10, Rocky Linux 10 (EL10) support

Switch branches: cmupdate update-stable, cmupdate update-beta, cmupdate update-betanext. See OS Migration guide.

Where is the Nginx configuration file in Centmin Mod?

The main Nginx configuration file is at /usr/local/nginx/conf/nginx.confNOT /etc/nginx/nginx.conf.

Centmin Mod compiles Nginx from source and installs to /usr/local/nginx/. Per-domain vhost configs: /usr/local/nginx/conf/conf.d/yourdomain.com.conf.

See Configuration Files for the full path reference.

How do I get Let's Encrypt SSL for a domain behind Cloudflare proxy?

Use Cloudflare DNS API validation. Add to /etc/centminmod/custom_config.inc:

CF_DNSAPI='y'
CF_Token='your_cloudflare_api_token'
CF_Account_ID='your_cloudflare_account_id'

Then issue the certificate:

/usr/local/src/centminmod/addons/acmetool.sh issue yourdomain.com lived --dns dns_cf

See DNS Validation and Cloudflare SSL with Let's Encrypt.

How do I install a Centmin Mod addon?

Centmin Mod addons are shell scripts located at /usr/local/src/centminmod/addons/. Install and run addons by executing the specific addon script with its full path via SSH:

# Let's Encrypt SSL management addon
/usr/local/src/centminmod/addons/acmetool.sh issue domain.com lived

# Redis PHP extension addon
/usr/local/src/centminmod/addons/redis.sh install

# Golang addon
/usr/local/src/centminmod/addons/golang.sh install

# WP-CLI addon
/usr/local/src/centminmod/addons/wpcli.sh install

# OpenDKIM email signing addon
/usr/local/src/centminmod/addons/opendkim.sh

Some addons are also accessible via centmin.sh menu options (e.g., menu option 13 for Redis PHP extension). See the full Addons catalog for all available addon scripts.

How do I install PHP extensions in Centmin Mod?

Three methods to install PHP extensions in Centmin Mod:

  1. PECL installpecl install extension_name, then create a .ini file in /etc/centminmod/php.d/
  2. phpize compile — Build from source using phpize, ./configure, make, make install
  3. Menu option 5 rebuild — Set PHP_EXTRAOPTS in /etc/centminmod/custom_config.inc and rebuild PHP

Some extensions have dedicated addon scripts (e.g., addons/php72-mcrypt.sh). See PHP Extensions documentation.

Where is the PHP-FPM pool configuration in Centmin Mod?

The default PHP-FPM pool config is at /usr/local/etc/php-fpm.d/www.confNOT /etc/php-fpm.d/www.conf.

All vhosts share a single default [www] pool (listening on port 9000) via the php.conf include. Optional numbered pools (pool2–pool5) at /usr/local/nginx/conf/phpfpmd/ are disabled by default.

See PHP-FPM Pool Configuration.

How do I set up disk space monitoring alerts?

Centmin Mod includes a disk space alert script at /etc/cron.daily/diskalert. Edit it to configure:

  • Set EMAIL='you@example.com' with your email address
  • Set DISKSPACE_ALERTPERCENTAGE='80' to configure the threshold percentage

The script runs daily via cron and sends an email when disk usage exceeds the threshold. For mobile push notifications, consider integrating with pushover.net.

For more details, see the forum discussion. Also see Troubleshooting — Disk Space Monitoring.

How do I troubleshoot slow SSH logins?

Centmin Mod SSH login runs checks (yum updates, Nginx version). Slow logins are often caused by IPv6 timeouts when the server tries to resolve IPv6 addresses. Fixes:

  • Add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf and run sysctl -p
  • Or set DISABLE_IPVSIX='y' in /etc/centminmod/custom_config.inc

Diagnose with: curl -Iv https://nginx.org/en/download.html — look for IPv6 connection delays.

For more details, see the forum discussion. Also see Troubleshooting — Slow SSH Logins.

How do I reset the MariaDB MySQL database directory?

Warning: This is a destructive operation. Always backup first.

  1. Backup: mysqldump --all-databases > /home/mysqlbackup/alldatabases.sql
  2. Stop MySQL: mysqlstop
  3. Backup datadir: cp -a /var/lib/mysql/ /var/lib/mysql.orig
  4. Wipe and rebuild: rm -rf /var/lib/mysql/* then mysql_install_db --user=mysql
  5. Start MySQL: mysqlstart
  6. Restore: mysql < /home/mysqlbackup/alldatabases.sql

For corrupted InnoDB, try innodb_force_recovery = 1 (or 2) in /etc/my.cnf under [mysqld].

For more details, see the forum discussion. Also see MariaDB — Reset MySQL Directory.

How do I debug PHP-FPM crashes and segfaults?

To debug PHP-FPM SIGSEGV Signal 11 crashes:

  1. Set PHPDEBUGMODE='y' and AUTODETECPHP_OVERRIDE='y' in /etc/centminmod/custom_config.inc
  2. Recompile PHP via centmin.sh menu option 5
  3. Core dumps are saved at /tmp/core-*
  4. Run gdb backtrace: gdb -q $(which php-fpm) /tmp/core-FILE -ex 'thread apply all bt full' -ex quit

To disable debug mode, set PHPDEBUGMODE='n' and recompile.

For more details, see the forum discussion. Also see Troubleshooting — PHP-FPM Debug Mode.

How do I install PHP APCu on PHP 8.x?

Manual PECL download and phpize compile:

  1. cd /svr-setup && pecl download apcu
  2. Extract, then phpize && ./configure --with-php-config=/usr/local/bin/php-config && make -j$(nproc) && make install
  3. Create /etc/centminmod/php.d/apcu.ini with extension=apcu.so
  4. Restart: fpmrestart. Verify: php --ri apcu

Note: APCu must be reinstalled after each PHP upgrade via menu option 5.

For more details, see the forum discussion. Also see PHP-FPM — APCu Installation.

How do I password protect a directory or file with Nginx?

Use the htpasswd.sh tool at /usr/local/src/centminmod/tools/htpasswd.sh:

  1. Create credentials: htpasswd.sh create /usr/local/nginx/conf/htpasswd user1 pass1
  2. Add auth_basic and auth_basic_user_file directives to the Nginx vhost location block
  3. Test and restart: nginx -t && ngrestart

For more details, see the forum discussion. Also see Nginx — Password Protection.

What is the cminfo command and what does it show?

The cminfo command (/usr/bin/cminfo) displays comprehensive system information including:

  • Centmin Mod version and branch
  • Nginx, PHP, and MariaDB versions
  • Server specs (CPU, RAM, disk usage)
  • Kernel info and OS version

Run via SSH: cminfo

For more details, see the forum discussion. Also see Command Shortcuts — cminfo.

How do I configure Nginx for JSON-based access logging?

The log_format main_json is already defined in the default /usr/local/nginx/conf/nginx.conf template — do NOT add it manually.

Simply add the access_log directive to your vhost config:

access_log /home/nginx/domains/domain.com/log/access_log.json main_json buffer=256k flush=5m;

Parse with jq (pre-installed): jq '.' access_log.json. Centmin Mod logrotate auto-handles JSON logs.

For more details, see the forum discussion. Also see Nginx — JSON Access Logging.

How do I set up SSH login email alerts?

Add a login alert script to /root/.bashrc that sends an email on each SSH login:

  • Set SSH_ALERTEMAIL='you@example.com' in the script
  • Uses ipinfo.io for IP geolocation lookup
  • Sends email via the mail command with login IP, hostname, and location details

For a complete setup guide with the full script, see the SSH Login Email Alerts documentation. For more details, see the forum discussion.

How do I add additional IP addresses to my server?

Two methods to add additional IPs:

  • CentOS 6/7 alias method: Create alias interface files at /etc/sysconfig/network-scripts/ifcfg-eth0:0, ifcfg-eth0:1, etc.
  • CentOS 7 IPADDRx method: Add IPADDR1, IPADDR2, etc. directly in the main ifcfg-eth0 file

Apply changes: service network restart

For more details, see the forum discussion.

How do I customize centmin.sh menu option 22 WordPress routines?

Two methods to customize WordPress routines:

  • wpsetup-custom.inc: Create /usr/local/src/centminmod/inc/wpsetup-custom.inc to customize menu option 22 WordPress installation routines
  • mycmupdate: Create /usr/local/bin/mycmupdate with your preferred cmupdate flags and make it executable

For more details, see the forum discussion.

How do I customize default Nginx vhost templates?

Vhost template files:

  • inc/nginx_addvhost.inc — used by menu option 2 and menu option 22
  • tools/nv.sh — used by the nv command shortcut

Important: Templates use shell variables (${DEDI_IP}, ${vhostname}, $LISTENOPT) that must be preserved. Native Nginx $ variables must be backslash-escaped (e.g., \$request_uri). Customizations are overwritten on cmupdate.

For more details, see the forum discussion. Also see Vhost — Template Customization.

How do I enable BoringSSL TLS 1.3 with Nginx?

Set BORINGSSL_SWITCH='y' in /etc/centminmod/custom_config.inc, run cmupdate, then centmin.sh menu option 4 to recompile Nginx. Requires Nginx 1.15.3+.

Note: BoringSSL does not support OCSP stapling or dual RSA+ECDSA certificates. Alternative: OpenSSL 1.1.1+ supports TLS 1.3 with full feature set.

For more details, see the forum discussion. Also see Nginx — BoringSSL TLS 1.3.

Why is CSF Firewall blocking my Pure-FTPD connections?

The default PORTFLOOD = "21;tcp;5;300" in /etc/csf/csf.conf limits FTP to 5 connections per 300 seconds per IP. This can block legitimate uploads.

  • Check: grep 'Port Flood' /var/log/messages
  • Fix: Increase hit count (max 20): PORTFLOOD = "21;tcp;20;300"
  • Backup first: csf --profile backup
  • Restart: csf -ra

For more details, see the forum discussion. Also see CSF Firewall — Port Flood & FTP.

How do I create per Nginx vhost PHP.ini settings?

Enable separate PHP-FPM pools for per-vhost PHP settings:

  1. Uncomment include=/usr/local/nginx/conf/phpfpmd/*.conf in /usr/local/etc/php-fpm.conf
  2. Use pre-existing pool configs (e.g., phpfpm_pool5.conf on port 9005)
  3. Create a custom Nginx vhost include referencing the pool port
  4. Add php_admin_value directives in the pool config for per-site settings

For more details, see the forum discussion. Also see PHP-FPM — Per Vhost PHP.ini.

How do I backup and restore file/directory permissions?

Use the backup-perm.sh tool at /home/nginx/domains/domain.com/tools/backup-perm.sh:

  • Saves file ownership and permissions to a backup file
  • Can restore permissions from the backup
  • Set up a cronjob for regular automated backups
  • Auto-fixes nginx user/group ownership when needed

For more details, see the forum discussion.

How do I enable PHP version update notifications on SSH login?

Set DMOTD_PHPCHECK='y' in /etc/centminmod/custom_config.inc to enable PHP and Nginx version update alerts on every SSH login. The notification appears as part of the SSH login MOTD (Message of the Day).

For more details, see the forum discussion. Also see Command Shortcuts — PHP Update Notifications.

How do I change a site’s domain name with HTTPS and Let’s Encrypt?

Six-step process:

  1. Copy SSL cert dir: cp -a /usr/local/nginx/conf/ssl/olddomain.com /usr/local/nginx/conf/ssl/newdomain.com
  2. Copy vhost config: cp /usr/local/nginx/conf/conf.d/olddomain.com.ssl.conf /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
  3. Replace domain: sed -i 's/olddomain.com/newdomain.com/g' /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
  4. Copy web root: cp -a /home/nginx/domains/olddomain.com/ /home/nginx/domains/newdomain.com/
  5. Clean up old config (optional)
  6. Reissue SSL: acmetool.sh reissue-only newdomain.com live

Important: Ensure DNS for the new domain points to your server before reissuing SSL certificates.

For more details, see the forum discussion. Also see Vhost — Domain Rename.

Can I host multiple websites on one Centmin Mod server?

Yes. You can host unlimited websites on one Centmin Mod server. Run /usr/bin/nv once per domain — each domain gets its own Nginx vhost configuration at /usr/local/nginx/conf/conf.d/ and document root at /home/nginx/domains/.

# Add each website with its own nv command
/usr/bin/nv -d site1.com -s lelived -u user1
/usr/bin/nv -d site2.com -s lelived -u user2

Always use -s lelived (Let’s Encrypt) for production sites. See the Hosting Multiple Websites guide for more details.

I set up a secondary server as a clone using the same hostname or domain. Will running opendkim.sh cause a DNS record conflict?

Yes — but the conflict depends on whether you’re referring to the server’s main hostname or a hosted site domain (vhostname). opendkim.sh handles these as two separate cases. Running it independently on both servers generates different private keys. Since DNS only holds one public key per DKIM selector (e.g., default2026._domainkey.yourdomain.com), one server’s signatures will fail verification.

Scenario 1 — Same server main hostname on both servers

This applies when both servers share the same FQDN (e.g., server.example.com), which opendkim.sh auto-detects via hostname -f. Running addons/opendkim.sh without arguments triggers this path.

Option A — Share the same DKIM private key (recommended for standby/failover clones)

Run opendkim.sh on the secondary first to set up the service and populate KeyTable/SigningTable/TrustedHosts, then replace its generated keys with the primary’s keys:

# On secondary: run opendkim.sh first to install and configure everything
cd /usr/local/src/centminmod
addons/opendkim.sh

# Stop opendkim on secondary before replacing keys
systemctl stop opendkim

# On primary: rsync keys to secondary (overwrites secondary's generated keys)
rsync -avz --no-perms --no-owner --no-group \
  /etc/opendkim/keys/server.example.com/ \
  root@secondary-ip:/etc/opendkim/keys/server.example.com/

# On secondary: fix ownership and restart
chown -R opendkim: /etc/opendkim/keys/server.example.com/
systemctl start opendkim

One DNS TXT record covers both servers. The public key is in /etc/opendkim/keys/server.example.com/default2026.txt on the primary server.

Option B — Use a unique selector on the secondary server

# On secondary: generate with a custom selector suffix
cd /usr/local/src/centminmod
SELECTOR="default2026sec" addons/opendkim.sh

# Verify secondary config
addons/opendkim.sh check

# Verify DNS record propagated for the secondary selector
dig +short default2026sec._domainkey.server.example.com TXT

With Option B, two DNS TXT records are required: default2026._domainkey (primary) and default2026sec._domainkey (secondary).

Scenario 2 — Same hosted site domain (vhostname) on both servers

This applies when both servers host the same domain (e.g., mysite.com) and you pass it as an argument. Running addons/opendkim.sh mysite.com triggers this path.

Option A — Share the same DKIM private key (recommended for standby/failover clones)

# On secondary: run opendkim.sh for the vhostname first
cd /usr/local/src/centminmod
addons/opendkim.sh mysite.com

# Stop opendkim on secondary before replacing keys
systemctl stop opendkim

# On primary: rsync vhostname keys to secondary
rsync -avz --no-perms --no-owner --no-group \
  /etc/opendkim/keys/mysite.com/ \
  root@secondary-ip:/etc/opendkim/keys/mysite.com/

# On secondary: fix ownership and restart
chown -R opendkim: /etc/opendkim/keys/mysite.com/
systemctl start opendkim

Option B — Use a unique selector on the secondary server

# On secondary: generate with a custom selector suffix
SELECTOR="default2026sec" addons/opendkim.sh mysite.com

# Verify DNS record for secondary selector
dig +short default2026sec._domainkey.mysite.com TXT

Which option to choose:

Setup Recommended
Standby/failover — only one server sends email at a time Option A (share key via rsync)
Active-active HA — both servers send email simultaneously Option B (unique selector per server)

Verify DKIM configuration on either server:

cd /usr/local/src/centminmod
addons/opendkim.sh check

# Verify DNS TXT record is live (main hostname)
dig +short default2026._domainkey.server.example.com TXT

# Verify DNS TXT record is live (vhostname)
dig +short default2026._domainkey.mysite.com TXT

See the OpenDKIM Multi-Server Setup guide for full details.

How do I troubleshoot a failed Centmin Mod initial install?

Check the install logs at /root/centminlogs/ for error details. Common causes include YUM/DNF repo failures, network/DNS timeouts, insufficient disk space or swap, and SELinux interference. The installer can be safely re-run after fixing the underlying issue.

For the full troubleshooting guide, see Troubleshooting — Initial Install Failures. Also see the forum discussion.

What WordPress caching options does menu option 22 support?

Four caching options via the wpscache variable: Cache Enabler (default), Redis nginx-level cache, WP Super Cache, and FastCGI cache. Redis requires the Redis Nginx module, and FastCGI cache requires WP_FASTCGI_CACHE='y' in /etc/centminmod/custom_config.inc.

For full details, see WordPress Caching Options. Also see the forum discussion.

How do I switch WordPress caching from Cache Enabler to Redis?

Deactivate and delete the Cache Enabler plugin, then run tools/wp-cache-enabler-generate.sh to clean up Nginx configs. Reinstall WordPress on the same domain via menu option 22, selecting the Redis cache option.

For the full switching guide, see Switching Cache Plugins. Also see the forum discussion.

How do I manage WordPress via WP-CLI on Centmin Mod?

Install WP-CLI with addons/wpcli.sh install. After installation, use the wp alias (runs WP-CLI with --allow-root). Common commands: wp plugin update --all, wp core update.

For full details, see WP-CLI Management. Also see the forum discussion.

How do I troubleshoot high CPU load on my server?

Use top/htop to identify the process consuming CPU. Common causes: PHP-FPM worker storms, MySQL slow queries, and OPcache misconfiguration. Use sar and dstat for historical analysis.

For the full diagnosis guide, see Troubleshooting — High CPU Load. Also see the forum discussion.

How do I set up Cloudflare Authenticated Origin Pulls?

Run tools/cf-authenticated-origin-cert-update.sh to download and configure the Cloudflare origin pull certificate. A weekly cron job auto-renews the certificate before its 180-day expiry. Enable ssl_verify_client in the Nginx vhost to enforce mTLS.

For full details, see Cloudflare — Authenticated Origin Pulls. Also see the forum discussion.

How do I fix WordPress 403 Permission Denied errors?

WordPress 403 errors are usually caused by tools/autoprotect.sh blocking wp-login.php and xmlrpc.php. Create a .autoprotect-bypass file in the domain’s public directory to skip protection, or adjust the VHOSTCTRL_AUTOPROTECTINC variable. Also verify file ownership is nginx:nginx.

For the full guide, see Troubleshooting — WordPress 403 Errors. Also see the forum discussion.

How do I ensure server emails don’t end up in spam?

Follow the email deliverability checklist: PTR/rDNS record, SPF record, DKIM via addons/opendkim.sh, DMARC record progression (none → quarantine → reject), and HELO hostname match. Test with mail-tester.com. For production email, use a transactional service like Amazon SES, SendGrid, or Mailgun.

For the complete checklist, see Email — Deliverability Checklist. Also see the forum discussion.

Site FAQ

Questions about the centminmod.com website and community resources are answered on the community forums.

Forums FAQ

For forum-specific questions, please visit the Centmin Mod Community Forums.