Upgrade PHP-FPM Beta Branch Centmin Mod .09 beta branch Testing

Updated Centmin Mod 123.09beta01's centmin.sh menu option 2 routine in inc/nginx_addvhost.inc for additional check_dns function to check if the site domain/subdomain you are adding has a valid DNS A record.

---

This allows an earlier stage check and opportunity for end user to abort nginx vhost setup if the domain DNS hasn't been updated so you can update domain's DNS before re-running centmin.sh menu option 2. This may save some headaches for Letsencrypt SSL integration via addons/acmetool.sh as the domain verification stay of issuing a Letsencrypt SSL certificate requires valid domain DNS A record pointing to server's IP address.

Example of 2 runs for acme000.domain1.com with invalid DNS and acme3.domain1.com with valid DNS via centmin.sh menu option 2.

Code (Text):

./centmin.sh 

--------------------------------------------------------
     Centmin Mod Menu 123.09beta01 domain1.com    
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 2
--------------------------------------------------------

invalid DNS acme000.domain1.com example

Code (Text):

---------------------------------------------

---------------------------------------------------------------
Important Information
---------------------------------------------------------------

You are about to create an Nginx vhost site account with/without
HTTPS/SSL support. Details of this process are outlined on site
at domain1.com/nginx_domain_dns_setup.html. Also read the
continually updated Getting Started Guide for Centmin Mod usage
at domain1.com/getstarted.html which covers the pure-ftpd
ftp username that is auto generated with the Nginx vhost site.

Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name to add (without www. prefix): acme000.domain1.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: n
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

---------------------------------------------------------------
To get Letsencrypt SSL certificate, you must already have updated intended
domain vhost name's DNS A record to this server's IP addresss.
If top level domain, DNS A record is needed also for www. version of domain
otherwise, Letsencrypt domain name validation will fail.
---------------------------------------------------------------
continue [y/n] ? y


acme000.domain1.com is not a top level domain
current DNS A record IP address for acme000.domain1.com is: 
!! Error: missing DNS A record for acme000.domain1.com

Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: y

valid DNS acme3.domain1.com example

Code (Text):

---------------------------------------------------------------
Important Information
---------------------------------------------------------------

You are about to create an Nginx vhost site account with/without
HTTPS/SSL support. Details of this process are outlined on site
at domain1.com/nginx_domain_dns_setup.html. Also read the
continually updated Getting Started Guide for Centmin Mod usage
at domain1.com/getstarted.html which covers the pure-ftpd
ftp username that is auto generated with the Nginx vhost site.

Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name to add (without www. prefix): acme3.domain1.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: n
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

---------------------------------------------------------------
To get Letsencrypt SSL certificate, you must already have updated intended
domain vhost name's DNS A record to this server's IP addresss.
If top level domain, DNS A record is needed also for www. version of domain
otherwise, Letsencrypt domain name validation will fail.
---------------------------------------------------------------
continue [y/n] ? y


acme3.domain1.com is not a top level domain
your server IP address: 111.222.333.444
current DNS A record IP address for acme3.domain1.com is: 111.222.333.444

Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: n

 

Updated 123.09beta01 centmin.sh menu option 22 wordpress auto installer routines to exclude mobile/tablet devices from keycdn cache enabler and redis nginx level caching.

• Beta Branch - inc/wpsetup.inc cache enabler & redis cache exclude mobile/tablet dev… | Centmin Mod Community
• Beta Branch - update inc/wpsetup.inc revise order redisupstream.conf & wpcacheenabl… | Centmin Mod Community

 

Centmin Mod 123.09beta01 updated to support OpenSSL 1.1.0 for Nginx pairing

Commits

• Beta Branch - update Nginx OpenSSL 1.1.0 patch for final release | Centmin Mod Community
• Beta Branch - update nginx openssl 1.1.0 compile routine 123.09beta01 | Centmin Mod Community
• Beta Branch - update nginx install & upgrade routine for openssl 1.1.0 123.09beta01 | Centmin Mod Community

 

The custom include file info outlined at Wordpress - How to customise Wordpress centmin.sh menu option 22 installs in 123.09beta01 | Centmin Mod Community and Beta Branch - update inc/wpsetup.inc add new mywpcmds routine | Centmin Mod Community But that wouldn't automatically touch these changes of excluding mobile from caching.

Though with your own custom shell scripting Beta Branch - update inc/wpsetup.inc add new mywpcmds routine | Centmin Mod Community you could strip or disable such exclusions. I just updated 123.09beta01 so the mobile exclusions are one line of code for easier linux command line replacement i.e. via sed etc

So for wp cache enabler include file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpcacheenabler_${vhostname}.conf where vhostname is domain.com name

you'd do a custom replacement via custom include file /etc/centminmod/customwp_default.inc outlined at Beta Branch - update inc/wpsetup.inc add new mywpcmds routine | Centmin Mod Community

Code (Text):

if ($cmwpcache_device = mobile) { set $cache_uri 'nullcache'; }

with a commented out one with a hash # in front

Code (Text):

#if ($cmwpcache_device = mobile) { set $cache_uri 'nullcache'; }

so something like this sed replacement in /etc/centminmod/customwp_default.inc within
mywpdftcmds function where vhostname is domain.com name

Code (Text):

sed -i "s|^if (\$cmwpcache_device = mobile) { set \$cache_uri 'nullcache'; }|#if (\$cmwpcache_device = mobile) { set \$cache_uri 'nullcache'; }|" /usr/local/nginx/conf/wpincludes/${vhostname}/wpcacheenabler_${vhostname}.conf

actually, i could add a question to wordpress auto install routine via centmin.sh menu option 22 to whether mobile/tablet devices should be excluded from caching ?

 

updated 123.09beta01 inc/wpsetup.inc to ask if user wants to exclude mobile/tablet from caching for wp cache enabler and redis cache.

Beta Branch - update inc/wpsetup.inc ask if exclude mobile cache in 123.09beta01 | Centmin Mod Community

 

Updated Centmin Mod 123.09beta01 with LETSENCRYPT_DETECT variable to control integration detection of addons/acmetool.sh Beta Branch - add LETSENCRYPT_DETECT variable to control addons/acmetool.sh detecti… | Centmin Mod Community

In 123.09beta01, add LETSENCRYPT_DETECT variable to control Letsencrypt integration via addons/acmetool.sh auto detection in centmin.sh menu option 2, 22, and /usr/bin/nv nginx vhost generators. You can control whether or not to enable or disable integration detection in these menu options using persistent config file which you can create if it doesn't exist at /etc/centminmod/custom_config.inc.

Currently, defaults to LETSENCRYPT_DETECT='n' to disable detection integration support of addons/acmetool.sh during beta testing phase Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 so that beta testers only can enable it for beta testing.

You can enable addons/acmetool.sh integration detection by setting LETSENCRYPT_DETECT='y' in persistent config file /etc/centminmod/custom_config.inc.

 

wget pcre update

Updated both Centmin Mod 123.08stable and 123.09beta01 builds

Fix wget 1.18 routine's pcre compile which was missing UTF8 support. See bug report at https://community.centminmod.com/posts/35540/. Just update your local install via centmin.sh menu option 23 submenu 2 then exiting centmin.sh and change into /usr/local/src/centminmod once again and then re-run centmin.sh once after and centmin.sh will auto detect if pcre has UTF8 support and recompile.

Code (Text):

./centmin.sh

fix pcre install for missing UTF8 support... one time task

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.
• How to upgrade Centmin Mod + backing up customisations

 

Just updated Centmin Mod 123.09beta01 latest to support detection of PHP 7.1.0* from the new download url at Index of /~davey. You'd need to specify php version as = 7.1.0RC1

Dedicated thread at PHP - PHP 7.1.0RC1 Released

 

TCP Recycle Fix

Updated both Centmin Mod 123.08stable and 123.09beta01 builds for a TCP fix to disable tcp_tw_recycle which causes problems when multiple local lan devices try to connect to the server from same ISP IP. Problem was reported by @pamamolf at CSF - Can ping but can't open page | Page 4 | Centmin Mod Community Thanks for the bug report and making Centmin Mod that one step better

To apply the fix, update your local server's Centmin Mod branch code using below listed instructions for centmin.sh menu option 23 submenu option 2. Then re-run centmin.sh once to auto apply the fix. This fix and issue only applies to non-OpenVZ systems. OpenVZ VPS servers are not able to edit TCP settings so Centmin Mod never applies any in the first place.

Commit: Beta Branch - disable tcp_tw_recycle | Centmin Mod Community

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.
• How to upgrade Centmin Mod + backing up customisations

 

ngx_stream_realip_module support

Add nginx 1.11.4 newly added stream realip module support in 123.09beta01. Nginx 1.11.4 is due for release in ~4+ days.

Preparing upcoming nginx 1.11.4+ support for ngx_stream_realip_module support nginx: 9cac11efb205 Enabled by default and only when nginx 1.11.4 and higher versions are detected and is controlled by 2 variables you can add to persistent config file /etc/centminmod/custom_config.inc

Code (Text):

NGINX_STREAMREALIP='n'
NGXDYNAMIC_STREAMREALIP='n'

1st disables ngx_stream_realip_module as a static nginx module. While 2nd variable controls dynamic module configuration instead of static nginx module. As of this commit ngx_stream_realip_module dynamic support doesn't seem to be added so already defaults to disabled NGXDYNAMIC_STREAMREALIP='n'

After making persistent config file changes, you'd need to recompile nginx via centmin.sh menu option 4

 

Updated centmin.sh menu option 22 wordpress created wpsecure include file to support an optional /usr/local/nginx/conf/wpincludes/${vhostname}/wpwhitelist_common.conf include file in each wp plugin whitelisted location matches Beta Branch - update inc/wpsetup.inc add support for wpwhitelist_common.conf includ… | Centmin Mod Community

 

add tools/regen_wpsecure.sh companion for centmin.sh menu option 22 community.centminmod.com/posts/36058/

 

new nginx stream realip module lands in 1.11.4 and enabled in Centmin Mod 123.09beta01 Nginx - [nginx-announce] nginx-1.11.4 | Centmin Mod Community

 

Nginx 1.11.4 & MariaDB Security Updates for CVE-2016-6662

There's been security updates for MariaDB versions for Remote Root Code Execution CVE-2016-6662 vulnerability outlined here. Also Nginx 1.11.4 version has been released. Centmin Mod users can upgrade Nginx versions themselves without waiting on Centmin Mod branch updates via centmin.sh menu option 4 illustrated here.

For MariaDB you can check which version you're currently running using via SSH command below.

Code (Text):

mysqladmin ver

and list which version is installed

Code (Text):

yum list installed MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared -q

example outputs

Code (Text):

mysqladmin ver
mysqladmin  Ver 9.1 Distrib 10.1.17-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Server version          10.1.17-MariaDB
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /var/lib/mysql/mysql.sock
Uptime:                 3 sec

Threads: 1  Questions: 1  Slow queries: 0  Opens: 18  Flush tables: 1  Open tables: 11  Queries per second avg: 0.333

Code (Text):

yum list installed MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared -q
Installed Packages
MariaDB-client.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-common.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-compat.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-devel.x86_64     10.1.17-1.el7.centos      @mariadb
MariaDB-server.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-shared.x86_64    10.1.17-1.el7.centos      @mariadb

MariaDB YUM Updates

If you need to upgrade MariaDB within same branch, use yum update SSH command

Code (Text):

yum update MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared

 

Updated 123.09beta01 to raise CSF Firewall LF_DISTFTP & LF_DISTFTP_UNIQ default tweaked values from 1 to 8 and from 6 to 8 respectively. Also raised pure-ftpd max connections from 500 to 1000 and max ip connections from 200 to 500 just to give more head room. You can get these updates by just updating 123.09beta01 via centmin.sh menu option 23 submenu option 2 and running centmin.sh once will auto apply the settings.

May help in instances if many users simultaneously connect to the same pure-ftpd virtual ftp user account behind a local private lan.

 

Latest committed fixes in 123.09beta01 branch have working nginx passenger now. Problem was the compiler -O3 flag, so updated to detect NGINX_PASSENGER=y and switch automatically to -O2

Phusion Passenger Nginx Module for Python & Ruby Deployments | Page 2 | Centmin Mod Community

 

Updated Centmin Mod 123.09beta01 branch code with 2 new variables to control what the dynamic motd banner dmotd.sh script can display on initial log in https://community.centminmod.com/th...to-support-2-new-variables-in-123-09be….8746/

 

Updated Centmin Mod 123.09beta01 to default to MariaDB 10.1 chartset and collation of utf8 instead of latin1 https://community.centminmod.com/th...ult-to-utf8-instead-of-latin1-in-123-0….8748/

 

Updated Centmin Mod 123.09beta01 branch's addons/mysqladmin_shell.sh multidb option to support detecting if the db list file has multiple mysql databases assigned to same mysql user/pass and add those mysql databases to the same mysql user/pass mysqladmin_shell.sh Shell based Addon | Page 3 | Centmin Mod Community