diff --git a/.travis.yml b/.travis.yml
index f1cbea3..8e1ee77 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -46,11 +46,10 @@ script:
   - sudo wo site update 1.com --wp && sudo wo site update 2.com --php73 && sudo wo site update 3.com --php73 && sudo wo site update 1.com --wpfc && sudo wo site update 1.com --wpsc && sudo wo site update 1.com --wpredis
   - sudo wp --allow-root --info
   - sudo wo info
-  - sudo tree -L 2 /etc/nginx
+  - sudo cat /etc/nginx/nginx.conf
   - sudo cat /etc/mysql/my.cnf
   - sudo wo stack upgrade --netdata --no-prompt
   - sudo wo stack upgrade --phpmyadmin --no-prompt
   - sudo wo stack upgrade --composer --no-prompt
   - sudo wo update --travis
   - sudo wo stack status
-  - sudo wo maintenance
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0132c93..e6b8858 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 #### Fixed
 
 - Kernel tweaks were not applied without server reboot
+- Fail2ban standalone install
 
 ### v3.9.6.2 - 2019-07-24
 
diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py
index 4312e84..0df27c9 100644
--- a/wo/cli/plugins/secure.py
+++ b/wo/cli/plugins/secure.py
@@ -8,8 +8,6 @@ from wo.core.git import WOGit
 from wo.core.services import WOService
 import string
 import random
-import sys
-import hashlib
 import getpass
 
 
diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py
index e093382..99d399f 100644
--- a/wo/cli/plugins/site_functions.py
+++ b/wo/cli/plugins/site_functions.py
@@ -892,7 +892,7 @@ def site_package_check(self, stype):
 
     if stype in ['mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
         Log.debug(self, "Setting apt_packages variable for MySQL")
-        if not WOShellExec.cmd_exec(self, "mysqladmin ping"):
+        if not WOShellExec.cmd_exec(self, "/usr/bin/mysqladmin ping"):
             apt_packages = apt_packages + WOVariables.wo_mysql
             packages = packages + [["https://raw.githubusercontent.com/"
                                     "major/MySQLTuner-perl/master/"
diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py
index c0dbeb1..048daf4 100644
--- a/wo/cli/plugins/stack.py
+++ b/wo/cli/plugins/stack.py
@@ -245,14 +245,24 @@ class WOStackController(CementBaseController):
 
             # Nginx configuration
             if set(WOVariables.wo_nginx).issubset(set(apt_packages)):
-                if set(["nginx"]).issubset(set(apt_packages)):
-                    # Fix for white screen death with NGINX PLUS
-                    if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
-                                            'SCRIPT_FILENAME'):
-                        with open('/etc/nginx/fastcgi_params',
-                                  encoding='utf-8', mode='a') as wo_nginx:
-                            wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
-                                           '\t$request_filename;\n')
+                # Nginx main configuration
+                if os.path.isfile('/etc/nginx/nginx.conf'):
+                    data = dict()
+                    Log.debug(self, 'Writting the nginx configuration to '
+                              'file /etc/nginx/nginx.conf')
+                    wo_nginx = open('/etc/nginx/nginx.conf',
+                                    encoding='utf-8', mode='w')
+                    self.app.render(
+                        (data), 'nginx-core.mustache', out=wo_nginx)
+                    wo_nginx.close()
+
+                # Fix for white screen death with NGINX PLUS
+                if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
+                                        'SCRIPT_FILENAME'):
+                    with open('/etc/nginx/fastcgi_params',
+                              encoding='utf-8', mode='a') as wo_nginx:
+                        wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
+                                       '\t$request_filename;\n')
 
                 if os.path.isfile('/etc/nginx/nginx.conf'):
                     data = dict(php="9000", debug="9001",
diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache
index e262d87..3638801 100644
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -1,61 +1,189 @@
-##
-# WordOps Settings
-##
+user www-data;
+worker_processes auto;
+worker_cpu_affinity auto;
+worker_rlimit_nofile 100000;
+pid /run/nginx.pid;
 
-server_tokens off;
-reset_timedout_connection on;
-add_header X-Powered-By "WordOps {{version}}";
+pcre_jit on;
 
-# Limit Request
-limit_req_status 403;
-limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
-
-# Proxy Settings
-# set_real_ip_from	proxy-server-ip;
-# real_ip_header	X-Forwarded-For;
-
-fastcgi_read_timeout 300;
-client_max_body_size 100m;
-
-# SSL Settings
-ssl_protocols TLSv1.2;
-ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES';
-ssl_session_cache shared:SSL:50m;
-ssl_session_timeout 1d;
-ssl_session_tickets off;
-{{#Ubuntu}}
-ssl_prefer_server_ciphers on;
-{{/Ubuntu}}
-
-# Log format Settings
-log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
-'$http_host "$request" $status $body_bytes_sent '
-'"$http_referer" "$http_user_agent"';
+events {
+	multi_accept on;
+	worker_connections 50000;
+	accept_mutex on;
+	use epoll;
+}
 
 
-# GZip settings
-gzip_vary on;
-gzip_proxied any;
-gzip_comp_level 6;
-gzip_buffers 16 8k;
-gzip_http_version 1.1;
-# Compress all output labeled with one of the following MIME-types.
-gzip_types
+http {
+	##
+	# WordOps Settings
+	##
+
+	sendfile on;
+	sendfile_max_chunk 512k;
+
+	tcp_nopush on;
+	tcp_nodelay on;
+
+	keepalive_timeout 8;
+	keepalive_requests 500;
+	keepalive_disable msie6;
+
+	lingering_time 20s;
+	lingering_timeout 5s;
+
+	# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
+	# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
+	aio threads;
+
+	server_tokens off;
+	reset_timedout_connection on;
+	more_set_headers "X-Powered-By : WordOps";
+
+	# Limit Request
+	limit_req_status 403;
+	limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
+
+	# Proxy Settings
+	# set_real_ip_from	proxy-server-ip;
+	# real_ip_header	X-Forwarded-For;
+
+	fastcgi_read_timeout 300;
+	client_max_body_size 100m;
+
+	# ngx_vts_module
+	vhost_traffic_status_zone;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_session_timeout 1d;
+	ssl_session_cache shared:SSL:50m;
+	ssl_session_tickets off;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ecdh_curve secp521r1:secp384r1;
+	# Previous TLS v1.2 configuration
+	# ssl_protocols TLSv1.2;
+	# ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
+
+	# Common security headers
+	more_set_headers "X-Frame-Options : SAMEORIGIN";
+	more_set_headers "X-Xss-Protection : 1; mode=block";
+	more_set_headers "X-Content-Type-Options : nosniff";
+	more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
+	more_set_headers "X-Download-Options : noopen";
+
+	# oscp settings
+	resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
+	resolver_timeout 10;
+	ssl_stapling on;
+
+	##
+	# Basic Settings
+	##
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log off;
+	error_log /var/log/nginx/error.log;
+
+	# Log format Settings
+	log_format wo_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
+	'$http_host "$request" $status $body_bytes_sent '
+	'"$http_referer" "$http_user_agent" "$server_protocol"';
+
+	##
+	# Gzip Settings
+	##
+
+	# mitigation for CRIME/BREACH attacks
+	gzip off;
+
+	##
+	# Brotli Settings
+	##
+
+	brotli on;
+	brotli_static on;
+	brotli_buffers 16 8k;
+	brotli_min_length 64000;
+	brotli_comp_level 4;
+	brotli_types
 	application/atom+xml
+	application/geo+json
 	application/javascript
 	application/json
+	application/ld+json
+	application/manifest+json
+	application/rdf+xml
 	application/rss+xml
 	application/vnd.ms-fontobject
+	application/wasm
+	application/x-font-opentype
+	application/x-font-truetype
 	application/x-font-ttf
+	application/x-javascript
 	application/x-web-app-manifest+json
 	application/xhtml+xml
 	application/xml
+	application/xml+rss
+	font/eot
 	font/opentype
+	font/otf
+	image/bmp
 	image/svg+xml
+	image/vnd.microsoft.icon
 	image/x-icon
+	image/x-win-bitmap
+	text/cache-manifest
+	text/calendar
 	text/css
+	text/javascript
+	text/markdown
 	text/plain
+	text/vcard
+	text/vnd.rim.location.xloc
+	text/vtt
 	text/x-component
-	text/xml
-	text/javascript;
-	# text/html is always compressed by HttpGzipModule
+	text/x-cross-domain-policy
+	text/xml;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen	 localhost:110;
+#		protocol   pop3;
+#		proxy	  on;
+#	}
+#
+#	server {
+#		listen	 localhost:143;
+#		protocol   imap;
+#		proxy	  on;
+#	}
+#}