Welcome to Centmin Mod Community
Become a Member

Beta Branch Centmin Mod .09 beta branch Testing

Discussion in 'Beta release code' started by eva2000, Aug 12, 2015.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    Inspect your TCP traffic i.e. wireshark etc and/or benchmark before and after. You're on your own for that though
     
  2. RoldanLT

    RoldanLT Well-Known Member

    3,875
    946
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,290
    Local Time:
    5:42 PM
    1.11
    10.2
    That's tough :D
     
    • Funny Funny x 1
  3. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
  4. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    ngx_fancyindex dynamic module support


    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Current list of all supported nginx dynamic modules in 123.09beta01 and their relevant dynamic enabling variable switches and their default state
    Code (Text):
    # Nginx Dynamic Module Switches
    NGXDYNAMIC_NJS='n'
    NGXDYNAMIC_XSLT='n'
    NGXDYNAMIC_PERL='n'
    NGXDYNAMIC_IMAGEFILTER='y'
    NGXDYNAMIC_GEOIP='n'
    NGXDYNAMIC_STREAM='y'
    NGXDYNAMIC_HEADERSMORE='n'
    NGXDYNAMIC_SETMISC='n'
    NGXDYNAMIC_ECHO='n'
    NGXDYNAMIC_LUA='n'          # leave disabled due to bug https://github.com/openresty/lua-nginx-module/issues/715
    NGXDYNAMIC_SRCCACHE='n'
    NGXDYNAMIC_DEVELKIT='n'     # leave disabled as it requires lua nginx module as dynamic but it has a bug in lua nginx
    NGXDYNAMIC_MEMC='n'
    NGXDYNAMIC_REDISTWO='n'
    NGXDYNAMIC_NGXPAGESPEED='n'
    NGXDYNAMIC_BROTLI='y'
    NGXDYNAMIC_FANCYINDEX='y'
     
    Last edited: Jun 14, 2016
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  6. Mask

    Mask Active Member

    104
    29
    28
    Nov 10, 2014
    Ratings:
    +35
    Local Time:
    2:42 PM
    Nginx 1.9.1
    MariaDB 10.0.19
    Hello eva2000,

    Just wondering if with v09, there is any plan to have custom php-fpm config per domain. And instead of having all php files under nginx:nginx, may behave them setup as user:user ?? (i.e. custom pool for each domain)

    Not asking for a perfect chroot setup. Just a way to configure php for each domain (For example a server has multiple domains and some need more resources than other). So may be a better isolation between domains ??

    Or m I asking for lil too much?
     
  7. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    wouldn't work as you need chroot etc and nginx won't be able to read the files

    probably looking for Beta Branch - Centmin Mod .08 beta03+ Multiple PHP-FPM pools support added | Centmin Mod Community just don't use the multiple php-fpm pools in a load balanced upstream setup and use them individually but for non nginx user owned you'd have to edit that yourself but still more involved if you want separate zend opcache instances instead of shared

    but with multiple pools be aware of overloading cpu and memory resources
     
    Last edited: Jun 17, 2016
  8. Sunka

    Sunka Active Member

    910
    238
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +385
    Local Time:
    11:42 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    3.0.0 stable is out for a week - PECL :: Package :: redis
    Still reinstalling it with option 13 submenu option 2 give version 3.0.0 RC1
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    it's because centmin mod still pulls php 7 detected redis php extension from github branch not official pecl stable. Will need to update that :)
     
    • Like Like x 2
  10. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 3
  11. Sunka

    Sunka Active Member

    910
    238
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +385
    Local Time:
    11:42 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    working (y)

    Code:
     php --ri redis
    
    redis
    
    Redis Support => enabled
    Redis Version => 3.0.0
     
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    Memcached Server 1.4.26 Updated



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Memcached server 1.4.26 release. Once you update your local server Centmin Mod branch code via centmin.sh menu option 23 outlined below. You will need to exit centmin.sh and re-run centmin.sh again and run centmin.sh menu option 10 to update Memcached server to 1.4.26.

    Centmin Mod script will also auto update your memcached /etc/init.d/memcached file with new Memcached 1.4.26 -o modern option if it detects Memcached 1.4.26 version running. As such you will need to exit centmin.sh after menu option 10 run and re-run centmin.sh one more time to get centmin.sh to auto update /etc/init.d/memcached.

    The centmin.sh will auto patch /etc/init.d/memcached even if you do this last step later or skip it whenever the next time you run centmin.sh and it detects Memcached 1.4.26 running and the new option is not in place.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Memcached 1.4.26
    Code (Text):
    echo stats | nc 127.0.0.1 11211
    STAT pid 20349
    STAT uptime 23
    STAT time 1466523090
    STAT version 1.4.26
    STAT libevent 2.0.22-stable
    STAT pointer_size 64
    STAT rusage_user 0.019124
    STAT rusage_system 0.020595
    STAT curr_connections 5
    STAT total_connections 7
    STAT rejected_connections 0
    STAT connection_structures 6
    STAT reserved_fds 20
    STAT cmd_get 0
    STAT cmd_set 0
    STAT cmd_flush 0
    STAT cmd_touch 0
    STAT get_hits 0
    STAT get_misses 0
    STAT get_expired 0
    STAT delete_misses 0
    STAT delete_hits 0
    STAT incr_misses 0
    STAT incr_hits 0
    STAT decr_misses 0
    STAT decr_hits 0
    STAT cas_misses 0
    STAT cas_hits 0
    STAT cas_badval 0
    STAT touch_hits 0
    STAT touch_misses 0
    STAT auth_cmds 0
    STAT auth_errors 0
    STAT bytes_read 12
    STAT bytes_written 1713
    STAT limit_maxbytes 8388608
    STAT accepting_conns 1
    STAT listen_disabled_num 0
    STAT time_in_listen_disabled_us 0
    STAT threads 4
    STAT conn_yields 0
    STAT hash_power_level 16
    STAT hash_bytes 524288
    STAT hash_is_expanding 0
    STAT slab_reassign_rescues 0
    STAT slab_reassign_evictions_nomem 0
    STAT slab_reassign_inline_reclaim 0
    STAT slab_reassign_busy_items 0
    STAT slab_reassign_running 0
    STAT slabs_moved 0
    STAT lru_crawler_running 0
    STAT lru_crawler_starts 0
    STAT lru_maintainer_juggles 208
    STAT malloc_fails 0
    STAT log_worker_dropped 0
    STAT log_worker_written 0
    STAT log_watcher_skipped 0
    STAT log_watcher_sent 0
    STAT bytes 0
    STAT curr_items 0
    STAT total_items 0
    STAT slab_global_page_pool 0
    STAT expired_unfetched 0
    STAT evicted_unfetched 0
    STAT evictions 0
    STAT reclaimed 0
    STAT crawler_reclaimed 0
    STAT crawler_items_checked 0
    STAT lrutail_reflocked 0
    STAT moves_to_cold 0
    STAT moves_to_warm 0
    STAT moves_within_lru 0
    STAT direct_reclaims 0
    END
    
     
    • Like Like x 1
  13. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    Add Nginx SPDY + HTTP/2 Patch Support



    Disabled by default with NGINX_SPDYPATCHED='n'. Experimental HTTP/2 + SPDY Cloudflare Nginx patch support as outlined at Open sourcing our NGINX HTTP/2 + SPDY code and discussed here. Nginx patch made for Nginx 1.9.7 and forked by Felix for Nginx 1.9.15 at GitHub - felixbuenemann/sslconfig at updated-nginx-1.9.15-spdy-patch so no guarantees it works on Nginx 1.11.1+ or new versions in future.

    Nginx deprecated and removed SPDY support but Cloudflare open sourced a Nginx HTTP/2 + SPDY patch so that Nginx can run both HTTP/2 and SPDY/3.1 depending on the client. Centmin Mod 123.09beta01 latest commit update adds this Nginx SPDY patch originally from Cloudflare for Nginx 1.9.7 which was forked by Felix for Nginx 1.9.15+ support. Details of Centmin Mod commit/patch at Beta Branch - add NGINX_SPDYPATCHED variable support 123.09beta01 | Centmin Mod Community and discussion at Nginx - HTTP/2 + SPDY PATCH for NGINX 1.10 + NGINX 1.11 | Centmin Mod Community

    Upgrading Centmin Mod Code to Latest Version



    Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches.

    Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch swicthing via Git backed environment you can setup. For full details read the following links:
    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.

    Live Nginx HTTP/2 + SPDY Testing



    Doing live testing of Centmin Mod 123.09beta01's Nginx 1.11.1 with HTTP/2 + SPDY patch at sslspdy.com
    Code (Text):
    echo QUIT | openssl s_client -connect sslspdy.com:443 -nextprotoneg ' ' 2>&1 | grep 'Protocols advertised'
    Protocols advertised by server: h2, spdy/3.1, http/1.1

    is-http2 tool test
    Code (Text):
    is-http2 https://sslspdy.com
    ✓ HTTP/2 supported by https://sslspdy.com
    Supported protocols: h2 spdy/3.1 http/1.1
    

    curl
    Code (Text):
    curl -Ivs https://sslspdy.com
    * Rebuilt URL to: https://sslspdy.com/
    *   Trying 192.184.89.66...
    * Connected to sslspdy.com (192.184.89.66) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    

    nghttp2 client
    Code (Text):
     nghttp -nav https://sslspdy.com    
    [  0.109] Connected
    The negotiated protocol: h2
    [  0.252] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]

    testssl test - notice the protocol's tested include spdy/3.1 and NPN and h2
    Code (Text):
    testssl https://sslspdy.com
    
    ###########################################################
        testssl       2.7dev from https://testssl.sh/dev/
        (1.502 2016/06/15 19:31:09)
    
          This program is free software. Distribution and
                 modification under GPLv2 permitted.
          USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
    
           Please file bugs @ https://testssl.sh/bugs/
    
    ###########################################################
    Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)
    
    SSLv2      not offered (OK)
    SSLv3      not offered (OK)
    TLS 1      offered
    TLS 1.1    offered
    TLS 1.2    offered (OK)
    SPDY/NPN   h2, spdy/3.1, http/1.1 (advertised)
    HTTP2/ALPN h2, spdy/3.1, http/1.1 (offered)
    
    Testing ~standard cipher lists
    
    Null Ciphers                 not offered (OK)
    Anonymous NULL Ciphers       not offered (OK)
    Anonymous DH Ciphers         not offered (OK)
    40 Bit encryption            not offered (OK)
    56 Bit encryption            not offered (OK)
    Export Ciphers (general)     not offered (OK)
    Low (<=64 Bit)               not offered (OK)
    DES Ciphers                  not offered (OK)
    Medium grade encryption      not offered (OK)
    Triple DES Ciphers           not offered (OK)
    High grade encryption        offered (OK)
    
    
    Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here
    
    PFS is offered (OK)  ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA
    
    
    Testing server preferences
    
    Has server cipher order?     yes (OK)
    Negotiated protocol          TLSv1.2
    Negotiated cipher            OLD-ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH
    Cipher order
        TLSv1:     ECDHE-ECDSA-AES128-SHA
        TLSv1.1:   ECDHE-ECDSA-AES128-SHA
        TLSv1.2:   OLD-ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA
        h2:        OLD-ECDHE-ECDSA-CHACHA20-POLY1305
        spdy/3.1:  OLD-ECDHE-ECDSA-CHACHA20-POLY1305
        http/1.1:  OLD-ECDHE-ECDSA-CHACHA20-POLY1305
    
    
    Testing server defaults (Server Hello)
    
    TLS extensions (standard)    "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "status request/#5" "next protocol/#13172"
    Session Tickets RFC 5077     600 seconds (PFS requires session ticket keys to be rotated <= daily)
    SSL Session ID support       yes
    TLS clock skew               random values, no fingerprinting possible
    Signature Algorithm          ECDSA with SHA256
    Server key size              ECDSA 256 bits
    Fingerprint / Serial         SHA1 155AA462E9EBFC2C608D18AB83DD32C17245C89A / 6F2CECA22E73F3FFA5266435705B5390
                                  SHA256 91A3930E8F38C7B1EBBC265953B8773E888544BD7C45F5A6927AF50D80D31C11
    Common Name (CN)             "*.sslspdy.com" (wildcard certificate match) (works w/o SNI)
    subjectAltName (SAN)         "*.sslspdy.com" "sslspdy.com"
    Issuer                       "COMODO ECC Domain Validation Secure Server CA" ("COMODO CA Limited" from "GB")
    EV cert (experimental)       no
    Certificate Expiration       123 >= 60 days (2014-10-24 00:00 --> 2016-10-23 23:59 +0000)
    # of certificates provided   3
    Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
    Certificate Revocation List  http://crl.comodoca.com/COMODOECCDomainValidationSecureServerCA.crl
    OCSP URI                     http://ocsp.comodoca.com
    OCSP stapling                offered
    
    
    Testing HTTP header response @ "/"
    
    HTTP Status Code             200 OK
    HTTP clock skew              -1464583848 sec from localtime
    Strict Transport Security    365 days=31536000 s, includeSubDomains
    Public Key Pinning           # of keys: 2, 604800 s = 7 days (<30 days is not good enough), includeSubDomains
                                  matching host key: QYBZo54E74EGPmprgubrqe39L01K0kkNQBfJ6hRFUyE
    Server banner                nginx centminmod
    Application banner           X-Powered-By: centminmod
    Cookie(s)                    (none issued at "/")
    Security headers             --
    Reverse Proxy banner         --
    
    
    Testing vulnerabilities
    
    Heartbleed (CVE-2014-0160)                not vulnerable (OK) (no heartbeat extension)
    CCS (CVE-2014-0224)                       not vulnerable (OK)
    Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
    Secure Client-Initiated Renegotiation     not vulnerable (OK)
    CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
    BREACH (CVE-2013-3587)                    potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
                                               Can be ignored for static pages or if no secrets in the page
    POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
    TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
    FREAK (CVE-2015-0204)                     not vulnerable (OK)
    DROWN (2016-0800, CVE-2016-0703), exper.  not vulnerable on this port (OK)
                                               make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                               https://censys.io/ipv4?q=91A3930E8F38C7B1EBBC265953B8773E888544BD7C45F5A6927AF50D80D31C11 could help you to find out
    LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
    BEAST (CVE-2011-3389)                     TLS1: ECDHE-ECDSA-AES128-SHA
                                               VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
    RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
    
    
    Testing all 183 locally available ciphers against the server, ordered by encryption strength
    
    Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits
    ------------------------------------------------------------------------
    xcc14   OLD-ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 256   ChaCha20  256     
    xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM    256     
    xc024   ECDHE-ECDSA-AES256-SHA384         ECDH 256   AES       256     
    xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM    128     
    xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES       128     
    xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES       128     
    
    
    Running browser simulations (experimental)
    
    Android 2.3.7                 No connection
    Android 4.0.4                 TLSv1 ECDHE-ECDSA-AES128-SHA
    Android 4.1.1                 TLSv1 ECDHE-ECDSA-AES128-SHA
    Android 4.2.2                 TLSv1 ECDHE-ECDSA-AES128-SHA
    Android 4.3                   TLSv1.0 ECDHE-ECDSA-AES128-SHA
    Android 4.4.2                 TLSv1.1 ECDHE-ECDSA-AES128-SHA
    Android 5.0.0                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    Baidu Jan 2015                TLSv1 ECDHE-ECDSA-AES128-SHA
    BingPreview Jan 2015          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Chrome 47 / OSX               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    Firefox 31.3.0ESR / Win7      TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    Firefox 42 / OSX              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    GoogleBot Feb 2015            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    IE6 / XP                      No connection
    IE7 / Vista                   TLSv1.0 ECDHE-ECDSA-AES128-SHA
    IE8 / XP                      No connection
    IE8-10 / Win7                 TLSv1.0 ECDHE-ECDSA-AES128-SHA
    IE11 / Win7                   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE11 / Win8.1                 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE10 / Win Phone 8.0          TLSv1.0 ECDHE-ECDSA-AES128-SHA
    IE11 / Win Phone 8.1          TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE11 / Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    IE11 / Win10                  TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Edge 13 / Win10               TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Edge 12 / Win Phone 10        TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Java 6u45                     No connection
    Java 7u25                     TLSv1 ECDHE-ECDSA-AES128-SHA
    Java 8u31                     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
    OpenSSL 0.9.8y                No connection
    OpenSSL 1.0.1l                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    OpenSSL 1.0.2e                TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Safari 5.1.9/ OSX 10.6.8      TLSv1 ECDHE-ECDSA-AES128-SHA
    Safari 6 / iOS 6.0.1          TLSv1.2 ECDHE-ECDSA-AES128-SHA256
    Safari 6.0.4/ OS X 10.8.4     TLSv1 ECDHE-ECDSA-AES128-SHA
    Safari 7 / iOS 7.1            TLSv1.2 ECDHE-ECDSA-AES128-SHA256
    Safari 7 / OS X 10.9          TLSv1.2 ECDHE-ECDSA-AES128-SHA256
    Safari 8 / iOS 8.4            TLSv1.2 ECDHE-ECDSA-AES128-SHA256
    Safari 8 / OS X 10.10         TLSv1.2 ECDHE-ECDSA-AES128-SHA256
    Safari 9 / iOS 9              TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    Safari 9 / OS X 10.11         TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
    

    SSLLabs test reports NPN and SPDY/3.1 support + ALPN and HTTP/2 support

    sslspdycom-spdy-http2-patch-ssllabs-01.png
    sslspdycom-spdy-http2-patch-ssllabs-02.png
     
    Last edited: Jun 23, 2016
    • Winner Winner x 2
  14. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    Memcached Server 1.4.27 Updated



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Memcached server 1.4.27 release. Once you update your local server Centmin Mod branch code via centmin.sh menu option 23 outlined below. You will need to exit centmin.sh and re-run centmin.sh again and run centmin.sh menu option 10 to update Memcached server to 1.4.27.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
    • Informative Informative x 1
  15. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Jul 5, 2016
  16. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    Update default nginx log_format = main_ext



    For Centmin Mod 123.09beta01 switched to a new custom extended nginx log_format named main_ext which allows Centmin Mod Nginx servers to natively support the full Nginx Amplify additional metrics out of the box community.centminmod.com/posts/33090/ which allow you to better utilise Nginx Amplify's custom dashboards.
     
    Last edited: Jul 5, 2016
  17. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    Auto Swap File Setup & Detection Routine Added



    Centmin Mod 123.09beta01 code update to add auto swap file detection and setup routine. Also backported this to 123.08stable too. If swap file is not detected, auto setup a 1GB swap file on disk to servers which are non-openvz based. This routine only runs on initial Centmin Mod install time. New auto swap file creation in action test at DigitalOcean - 512MB DigitalOcean VPS - Centmin Mod 123.09beta01 Install Test | Centmin Mod Community

    Commits
    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
    Last edited: Jul 7, 2016
    • Like Like x 1
  18. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Jul 8, 2016
  19. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5

    Update Nginx Google gperftools + libunwind routines



    These Google gperftools + libunwind routines are disabled by default (variable GPERFTOOLS_SOURCEINSTALL='n') and haven't been updated in ages. So long overdue for an update in 123.09beta01. To enable, set in persistent config file /etc/centminmod/custom_config.inc the variable:
    Code (Text):
    GPERFTOOLS_SOURCEINSTALL='y'
    

    Then run centmin.sh menu option 4 to recompile nginx. A new gperftools.conf include file will be appended to your existing /usr/local/nginx/conf/nginx.conf file just under the pcre_jit option.
    Code (Text):
    pcre_jit on;
    include /usr/local/nginx/conf/gperftools.conf;
    

    You can tell if Google perftools enabled tcmalloc has replaced glibc malloc and is in use by nginx via command
    Code (Text):
    lsof -n | grep tcmalloc
    

    example output
    Code (Text):
    lsof -n | grep tcmalloc
    nginx     22447   nginx   17w      REG                7,0         0         16 /tmp/tcmalloc.22447
    nginx     22448   nginx   19w      REG                7,0         0         17 /tmp/tcmalloc.22448
    

    However, you should not need to enable this as Centmin Mod 123.09beta01 installed nginx server uses jemalloc instead of usual default glibc malloc (as does MariaDB mysql server).
    Code (Text):
    lsof -n | grep jemalloc
    mysqld     1832   mysql  mem       REG              253,0    210024      21272 /usr/lib64/libjemalloc.so.1
    nginx     22446    root  mem       REG              253,0    210024      21272 /usr/lib64/libjemalloc.so.1
    nginx     22447   nginx  mem       REG              253,0    210024      21272 /usr/lib64/libjemalloc.so.1
    nginx     22448   nginx  mem       REG              253,0    210024      21272 /usr/lib64/libjemalloc.so.1
    

    You can read up about performance benefits of jemalloc over glibc malloc and tcmalloc in article posted by Facebook at Scalable memory allocation using jemalloc

    upload_2016-7-9_3-5-58.png

    As you can see, Centmin Mod installed Nginx server is no ordinary Nginx build (jemalloc vs malloc) ;) :D

    Commits
    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
    Last edited: Jul 9, 2016
    • Winner Winner x 1
  20. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:42 PM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Jul 9, 2016
    • Like Like x 2