Preparing the server.

Handling the SSH key with putty and puttygen

To do so we have to first install Putty, PuTTYgen is normally installed as part of the normal PuTTY .msi package installation. There is no need for a separate PuTTYgen download. Download the PuTTY installation package.

After installing putty go to the installation folder and run puttygen.exe.

Click on generate

Move the mouse inside the blank area

Add a key phrase to protect the private key (optional but recommended for better security )
Then Save public and private key in a safe folder.

In your server (I am using Digital Ocean) create a new droplet and choose your plan and OS as centos 7.

To save your self a big hassle, add the SSH key BEFORE creating the droplet, to do so, In the new droplet settings, you will find a button says add ssh (may be different in other providers but the similar idea).
In Digital Ocean it will look like this

Click on it then paste the ssh key you got from putty gen name it as you want then save it.

make sure the newly created ssh key is selected next to the New SSH Key button

For your hostname, be creative.

Now back to putty, run it then type the IP and port 22.

Go to SSH->Auth from the left menu then click on browse next to private key file for auth and select your private key

Now If not to get disconnected each x seconds when being idle, go to Connection from the left, and set the ‘Seconds

between keepalives ‘ to 10.

Also, set the windows settings like this ( as eve2000 suggested at the forms of Centmin Mod).

Now, Go back to the session from the left menu then Type a name to save the settings we typed now (not to type it again each time) then click save.

Now click on open after you save and a popup will show up just click yes.
Then type root as user press enter, now if you choose a password for the private key you will have to type it here, I did so it looked like this.

Now we are done with SSH let’s start working on the server Itself :D.

Installing Centmin Mod on Centos 7

First You’re going to start with a standard clean and up to date CentOS 7 installation.

yum -y update && shutdown -r now

 

the server will restart reconnect then Install the basic default packages.

yum -y install nano wget curl

 

now for the Centmin Mod installation to complete successfully you have to be root, not a using sudo.

Then check here  for latest version.

I used the 123.09beta01 one since at the time of writing this, this has a lot of new features and soon it will be stable (I am using it on 3 websites now with no errors and recommended by eva2000)

so from the link above, you will get the install command, it will look like this

yum -y update; curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh

 

this will take around 20 minutes so calm down and if you felt that it stuck just wait it is working I hope.

When it finishes, be careful not to close the terminal and to copy all the log and save it in a safe place since it will have all the passwords that Centmin mod has generated for you.

Activating Let’s Encrypt.

Now for Lets Encrypt SSL eva2000 has created a script, but it requires some steps to set it up. ( the script is beta at the  time I am writing this, but I had no problems with it also on 3 websites).

touch /etc/centminmod/custom_config.inc
echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc

Centmin Mod and Centos 7 update (manual and automatic).

 

This is where you are gonna be most of the time while using Centmin Mod,  the script menu.
to run the script navigate to

cd /usr/local/src/centminmod

 

then we run the script

./centmin.sh

 

It will first Ask you for the admin email ( the email that will get notifications of updates and problems) so please put a valid email.

add the second email (you can skip but you will get notified to enter it every time you open this menu again which is annoying)
Then wait some time till the menu of Centmin Mod opens,

To do a manual update for Centmin Mod

type 23 and enter.

in this menu, if you want to update your current version of Centmin Mod for any bug fixes go for the 2nd option.
otherwise, if you want to upgrade to another version fully go for the 3rd option.

Automatic Updates Centmin Mod

To activate Centmin Mod auto update.

0 */6 * * * /usr/local/src/centminmod/updatecm.sh 2>/dev/null

 

Automatic Updates Centos 7 (recommended)

yum -y install yum-cron
chkconfig yum-cron on

then for centos 7

nano /etc/yum/yum-cron.conf

then search for email_to(ctrl+w in nano) and replace root with your email
save (ctrl+o then enter in nano) then exit (ctrl+x in nano)

then
nano /etc/yum/yum-cron.conf

 

change all those variables to yes
update_messages
download_updates
apply_updates
then before saving
change emit_via to  email
then save and exit the file
do the EXACT SAME CHANGES FOR 
nano /etc/yum/yum-cron-hourly.conf

 

this one to make the hourly updates only for security updates

sed -i 's|^update_cmd = default|update_cmd = security|' /etc/yum/yum-cron-hourly.conf

 

and just a tip if you ever wanted to check for the cron log

grep yum.cron /var/log/cron | tail -10

and to check yum log when it does notify of updates

tail -10 /var/log/yum.log

 

Prepare CloudFlare

Sign up for Cloudflare from here,
then after you login, it will ask you to type your domain,
Type it then it will scan your DNS.
it will get the current settings, but If you don’t have any previous setting, modify your dns to look like this
we will add the mx and txt for the email later (Yandex)
now click continue and in the next windows choose the free plan,
click continue and you will get a window like this telling you which nameservers you should use for your domain
change them and click continue, it might take up to 48 hours to work (but most of the time 10 minutes is enough).
After you waited some time, on the new page you will click recheck name servers.
keep refreshing this page every 5 minutes or so to check if the nameservers have been changed, and when it does, it should look like this.
.

Setting up page rules for WordPress

cloud flare gives you 3-page rules for free.
You have to add those not to have a problem in admin panel and in login page (like users will log in but still see the login button)

to do so go to Cloudflare and from up go to page rules then add those rules

https://*yourdomain.com/wp-login.php*

https://*yourdomain.com/wp-admin/*

https://*yourdomain.com/*

 

Adding website on Centmin Mod server.

PLEASE MAKE SURE THAT YOUR DOMAIN CLOUDFLARE SSL IS SET TO ‘flexible’ AT THIS POINT.

OTHERWISE, YOU WILL GET ERROR CREATING LET’s ENCRYPT CERTIFICATE (we will turn the SSL in Cloudflare to strict full when we are done)

Now Let’s start by running centmin mod script

cd /usr/local/src/centminmod
./centmin.sh

 

go for option 22(if you don’t want the auto WordPress website then choose option 2)

when it asks

Do you want to continue with Nginx vhost site creation ?

type Y and click enter

then for

Enter vhost domain name you want to add (without www. prefix)

type your domain without www like this yourdomain.com

now if you want to use the let’s encrypt SSL on this website (recommended)

Create a self-signed SSL certificate Nginx vhost?

type Y and click enter

Get Letsencrypt SSL certificate Nginx vhost? [y/n]:

type Y and click enter
You have 4 options:

1. issue staging test cert with HTTP + HTTPS (untrusted)
2. issue staging test cert with HTTPS default (untrusted)
3. issue live cert with HTTP + HTTPS (trusted)
4. issue live cert with HTTPS default (trusted)

 

I will go to option 4
then
Theme Setup:
Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]:

 

I don’t want a theme so type N and click enter
then
WordPress Setup:
Set custom WP Admin Display Name ? [y/n]:
if you don’t want the auto-generated admin name (up to you because I am ok with it so I will click no)
Install WordPress in subdirectory /blog ? [y/n]:

 

if you want your WordPress installation to be in /blog like yourdomain.com/blog
I don’t want to, so N for me

then
Disable Auto Generated WP Admin Username / Password ? [y/n]:
I will click n because I want it to generate password and username for me
Disable wp-login.php password protection? (less security) [y/n]:
I wouldn’t since it is kinda annoying every time I want to access my admin panel so I will go Y to disable it
Enter the email address for Admin User for WordPress Installation:
You know what to do here:D
Default is to install KeyCDN WP Cache Enabler Plugin
as it's more stable and reliable than WP Super Cache.
Redis cache may have issues with caching due to long 6hr cache TTL
You can select which caching method to use below:
--------------------------------------------------------
Wordpress Caching
--------------------------------------------------------
1). KeyCDN Cache Enabler (default & recommended)
2). Redis Nginx Level Caching (may have issues with some wp plugins)
3). WordPress Super Cache

 

Here I will go for keycdn (I have it working on 3 websites perfectly ) (you can also uninstall later and install whatever you want)
so I go for 1
Create FTP username for vhost domain (enter username):
the username for this website’s ftp
Do you want to auto-generate FTP password (recommended) [y/n]:

up to you, I would go for yes

then copy the username and password that the script returned and save them somewhere safe

Do you want to exclude mobile/tablet devices from Cache Enabler caching? [y/n]

up to you but I went for n since I had no problem with my theme when it was on but if you are not sure, then go for Y
then it will start downloading WordPress etc..
then it will stop and asks

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------
continue [y/n] ?

 

click y and enter

now everything should be ready for you :D.

Note: in case you got too many redirects error, that is because you are using the Cloudflare SSL as flexible (which I warned that before starting turn off the SSL of Cloudflare)
then, in this case, your let’s encrypt wasn’t installed correctly,
So after changing the Cloudflare SSL to full and your website opens with no errors, I recommend fixing the let’s encrypt by typing

cd /usr/local/src/centminmod/addons
./acmetool.sh reissue yourdomain.com lived

 

which should fix the SSL for you, with full SSL, Cloudflare serves visitors the Cloudflare SSL but communicates with your site via let’s encrypt SSL https so both ends are encrypted. Flexible SSL is less secure as Cloudflare communicates with your site via non-https so not encrypted.

now we have let’s encrypt and Full SSL support from Cloudflare
for more information about Cloudflare’s SSL click here

WWW or non-WWW

Now that everything is working perfectly, you might want to make your website redirects to www instead of non-www.

cd /usr/local/nginx/conf/conf.d/
ls
sudo nano yourdomain.ssl.conf

 

then change it to this

server {
   server_name yourdomain.com www.yourdomain.com;
   return 302 https://www.$server_name$request_uri;
   include /usr/local/nginx/conf/staticfiles.conf;
}

 

then save and restart
service nginx restart

Note: After everything is working after your changes, you can change 302 in the code above again to 301 and restart the server again. key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don’t let go of 301 permanent redirect browser cache that willingly.

You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
curl -I http://domain.com
curl -I http://www.domain.com

Redirecting *.yourdomain.com to yourdomain.com

In Centmin Mod hosted websites if you entered a subdomain that doesn’t exist it takes you to the centmin mod index page.

the page is located at

/usr/local/nginx/html

but to redirect them always to your main domain, go to

cd /usr/local/nginx/conf/conf.d

then do an ls command then

sudo nano yourdomain.ssl.conf

and add this part of the code. (remove the www from www.yourdomain.com to redirect to non-www version)

server {
server_name *.yourdomain.com;

return 301 https://www.yourdomain.com;
include /usr/local/nginx/conf/staticfiles.conf;
}
then save and restart using
service nginx restart

Fix WordPress Sitemap.xml

If you faced some problems with your SEO plugin like YOAST.

The Yoast SEO XML sitemap URL uses a pretty permalink of example.com/sitemap_index.xml but, behind the scenes, this URL also has a non-pretty permalink of example.com/?sitemap=1. If you can load and see the sitemap using the non-pretty permalink, your server is not set up to redirect and, thus, you’ll need to add redirect rules.

so to fix it go to

cd /usr/local/nginx/conf/conf.d

then do an ls command then

sudo nano yourdomain.ssl.conf

then add this code block inside the server {}

#Yoast SEO Sitemaps
location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
## this redirects sitemap.xml to /sitemap_index.xml
rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
## this makes the XML sitemaps work
rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
## The following lines are optional for the premium extensions
## News SEO
rewrite ^/news-sitemap.xml$ /index.php?sitemap=wpseo_news last;
## Local SEO
rewrite ^/locations.kml$ /index.php?sitemap=wpseo_local_kml last;
rewrite ^/geo-sitemap.xml$ /index.php?sitemap=wpseo_local last;
## Video SEO
rewrite ^/video-sitemap.xsl$ /index.php?xsl=video last;
}
then save and restart using
service nginx restart

 

 

About the email server

Adding your own mail server is an overkill and most of the time it won’t work correctly.

It is like you wanted to eat bread so you decided to open a bakery shop :D.

So as eva2000 suggested (me too) is not to load your own mail server ( even though you can),

but instead you can choose a third party company which will do the job for you (way better than hosting your own server) and some of them are FREE:D.

Ok so I tried ZOHO, it was ok but the free version is limited too much. But if you won’t have too much email accounts then it is perfect, it even allows you to create your own login page like mail.yourdomain.com and put a custom logo on it.

The second option is Yandex, I know, I hate Yandex too but hey it is FREE 😀 and it gives allot more mail accounts (1000) compared to Zoho which was 50 I think, it also allows you to create your own login page like mail.yourdomain.com.

Now If you are ok paying some money then I recommend going to google since hey, who likes Yandex man 😀 and you will pay only 5 dollars a month.

Note: I am using Zoho and Yandex and Gmail and ALL OF THEM works perfectly (if you set them up correctly).

 

The most important part in not getting your emails into spam is to set up your SPF and dkim correctly ( while using any of the 3 providers up they will show you how to do it step by step so no need to duplicate their tutorial here ).