Getting Started Guide

Your server hostname should be a subdomain separate from your website domains (e.g., host.yourdomain.com if your site is yourdomain.com).

Set the hostname on AlmaLinux/Rocky Linux 8/9/10:

hostnamectl set-hostname host.yourdomain.com

Edit /etc/hosts and add both IPv4 and IPv6 entries:

111.222.333.444 host.yourdomain.com host

Then update the default Nginx vhost at /usr/local/nginx/conf/conf.d/virtual.conf (shortcut: vhostconf) — change server_name localhost; to your hostname.

Use centmin.sh menu option 2 or the nv command to add a new Nginx vhost. You will be prompted for the domain name, whether to create a self-signed SSL vhost, and optional Pure-FTPD credentials.

For free SSL certificates, use the Let's Encrypt integration. If using Cloudflare, use the DNS API validation method.

Files created for yourdomain.com:

/usr/local/nginx/conf/conf.d/yourdomain.com.conf      # HTTP vhost
/usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf  # SSL vhost
/usr/local/nginx/conf/ssl/yourdomain.com/             # SSL certificates
/home/nginx/domains/yourdomain.com/public              # Web root
/home/nginx/domains/yourdomain.com/log                 # Log files

Upload files via SFTP to /home/nginx/domains/yourdomain.com/public, then fix ownership:

chown -R nginx:nginx /home/nginx/domains/yourdomain.com/public

Use a third-party DNS provider (Cloudflare, DNSMadeEasy) rather than local NSD for better uptime and performance. Follow the Nginx domain DNS setup guide.

DNS validation tools: whatsmydns.net, intodns.com, Pingdom DNS Check.

CSF Firewall is auto-installed with Centmin Mod and pre-configured with security tweaks including IPSET support, DShield and Spamhaus blocklists, and UDP flood protection. Your SSH client IP is automatically whitelisted.

Whitelist other servers and monitoring services (Pingdom, NodePing) to prevent lockouts. See the CSF Firewall guide.

If you use a CDN or reverse proxy (Cloudflare, AWS CloudFront, Incapsula), configure Nginx's ngx_http_realip_module so access logs record visitor IPs instead of proxy IPs.

Cloudflare configuration is at /usr/local/nginx/conf/cloudflare.conf — sets real_ip_header CF-Connecting-IP with all Cloudflare IPv4 ranges. This is commented out by default in vhost configs; enable per-vhost as needed.

See the Nginx Cloudflare proxy configuration guide.

Key Nginx configuration files and their shortcut commands:

See the full Nginx configurations listing for SSL, WordPress, Xenforo, and more examples.

Centmin Mod includes 35+ standalone addon scripts in the addons/ directory. Popular addons include:

• acmetool.sh — Let's Encrypt SSL certificates
• opendkim.sh — DKIM email authentication
• maldet.sh — Linux Malware Detect + ClamAV
• wpcli.sh — WordPress CLI management
• redis-server-install.sh — Redis server
• docker.sh, golang.sh, nodejs.sh, ffmpeg.sh

See the full Addons page for the complete list.

Centmin Mod installs Postfix by default for server-level email. For @yourdomain.com email, use a third-party provider: Zoho Mail, Google Workspace, Microsoft 365, FastMail, or Amazon WorkMail.

Configure SPF, DKIM (via addons/opendkim.sh), and DMARC DNS records to prevent emails landing in spam. See the email setup guide.

Centmin Mod provides Menu 21 (Data Management) for comprehensive backup operations including:

• backups.sh — Full server backup automation
• mariabackup-restore.sh — MariaDB hot backup and restore
• tunnel-transfers.sh — SSH tunnel transfers between servers
• keygen.sh — SSH key management
• AWS S3 profiles for cloud backup storage

Additionally, use your VPS provider's snapshot/backup features as a secondary backup layer.

MariaDB 10.4 is the default version. Available versions vary by branch:

Manage users and databases via Menu 6. For a GUI, install phpmyadmin via the addons/phpmyadmin.sh addon, or connect with HeidiSQL over SSH tunnel.

Centmin Mod does not auto-install OS security updates. A checker runs every 24 hours on menu exit and prints available updates but does not execute them. Nginx, PHP, and MySQL packages are excluded from automatic updates.

Centmin Mod installs statistics pages for Zend OPcache, Memcached, PHP Info, and Nginx vhost traffic stats (via ngx_http_vhost_traffic_status_module). These are served from the default hostname web root with randomized URL prefixes unique to your install.

Find the randomized URLs in your install log. IP-restrict access via the virtual.conf vhost using Nginx allow/deny directives.

Harden PHP-FPM by disabling dangerous functions in /usr/local/etc/php-fpm.conf (shortcut: fpmconf):

php_admin_value[disable_functions] = show_source, system, shell_exec, passthru, exec, popen, proc_open

The open_basedir restriction is available via /usr/local/nginx/conf/php.conf but is commented out by default — enable manually to lock PHP execution to each vhost's document root. Restart PHP-FPM after changes: fpmrestart

Join the Centmin Mod Community Forums for support, customization guides, and advanced configuration tips. The Centmin Mod Insights section covers deeper technical details.

Centmin Mod includes several diagnostic tools:

For external monitoring, consider Nginx Amplify or services like Nixstats. See the Server Monitoring page.

Do not edit /usr/local/lib/php.ini directly — it gets overwritten on PHP upgrades. Instead, use the custom ini directory at /etc/centminmod/php.d/.

Default custom file: /etc/centminmod/php.d/a_customphp.ini

To override safely without future Centmin Mod updates overwriting your changes, create a second file with an alphabetically later name:

# Create /etc/centminmod/php.d/b_customphp.ini with your overrides
max_execution_time = 120
upload_max_filesize = 64M
post_max_size = 64M

Restart PHP-FPM after changes: fpmrestart

Configure admin email addresses via tools/email.sh, which saves to /etc/centminmod/email-primary.ini. Root mail accumulates in /var/spool/mail/root — monitor its size periodically.

Common root emails include CSF Firewall SSH login alerts and LFD brute-force block notifications.

Use centmin.sh Menu 23 to update Centmin Mod code and switch between branches. The submenu offers:

1. Setup git environment
2. Update current branch
3. Switch to another branch
4. Exit

Alternatively, use the standalone script: tools/cmupdate.sh update

See the Centmin Mod Upgrades guide for details.

Ensure server-sent emails (password resets, notifications) reach inboxes by configuring:

• SPF TXT record in DNS
• DKIM via addons/opendkim.sh (supports 1024/2048/4096-bit keys, default 2048)
• DMARC TXT record in DNS (manual setup)
• Reverse PTR record for your server IP

Advanced performance tuning options include:

• TCP BBR congestion control — enable via TCP_BBR_ENABLE
• TCP Fast Open — disabled by default, enable in /etc/centminmod/custom_config.inc
• File descriptor tuning — raised to 524,288 limit
• Kernel tuning via tools/hptweaks.sh
• I/O scheduler optimization via tools/setio.sh

After completing these steps, your server should have:

For persistent configuration changes, always use /etc/centminmod/custom_config.inc (shortcut: customconfig).