Upgrade PHP-FPM Beta Branch Centmin Mod .09 beta branch Testing

Updated 123.09beta01's centmin.sh menu option 22 Wordpress setups in how xmlrpc.php requests are dealt with. They'd now blocked by default at Nginx server level with exception of whitelisting Jetpack's IP ranges Beta Branch - add jetpack_ip_whitelist_cronsetup function in 123.09beta01

---

 

Centmin Mod 123.09beta01 updated with PHP 8.0 support now PHP - PHP 8.0.0 GA Stable Release

 

pip 21.x version was released on Jan 24, 2021 and it drops support for Python 2.7 and can break pip on CentOS 7 systems if you update to that version. So for CentOS systems make sure you do not upgrade to pip 21.x and if you did, downgrade to pip 20.3.4 using outlined method at Sysadmin - CentOS 7 Python 2.7 will reach the end of its life on January 1st, 2020

 

Updated Centmin Mod 123.09beta01 in preparation for some changes made into the next Nginx 1.19.7+ version to be released as outlined at Beta Branch - disable deprecated HTTP/2 variables in Nginx 1.19.7+ in 123.09beta01. Existing Centmin Mod 123.09beta01 or higher users can first run cmupdate to update local code and then run centmin.sh menu option 4 to recompile Nginx 1.19.7 to auto disable deprecated variables from nginx vhosts when Nginx 1.19.7 is eventually released.

Nginx 1.19.7 will deprecate HTTP/2 variables in nginx 1.19.7+ as per http://hg.nginx.org/nginx/rev/827202ca1269 and http://hg.nginx.org/nginx/rev/f790816a0e87 for http2_max_field_size, http2_max_header_size and http2_max_requests

If you're using these deprecated HTTP/2 variables in Nginx 1.19.7+ vhosts, on Nginx service restarts of Nginx config checks (nginx -t), you'll get Nginx warning messages as such but the Nginx service will still start and run Nginx server fine. Example warning message:

Code (Text):

nginx: [warn] the "http2_max_field_size" directive is obsolete, use the "large_client_header_buffers" directive instead in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:26
nginx: [warn] the "http2_max_header_size" directive is obsolete, use the "large_client_header_buffers" directive instead in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:27
nginx: [warn] the "http2_max_requests" directive is obsolete, use the "keepalive_requests" directive instead in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf:28

 

Updated Centmin Mod 123.09beta01 with new centmin-cli.sh script to allow unattended update/recompiles for Nginx, PHP and multi-compression tools. Details at Beta Branch - add centmin-cli.sh command line in 123.09beta01

Code (Text):

./centmin-cli.sh

./centmin-cli.sh nginx-update 1.19.7
./centmin-cli.sh php-update 7.4.15
./centmin-cli.sh php-update-all 7.4.15
./centmin-cli.sh compress-update

 

Update 123.09beta01 with a workaround fix for bugged php.net CDN download 503 errors by re-enabling Centmin Mod's local mirror with additional checks at Beta Branch - re-enable PHP local download mirror fallback in 123.09beta01

 

Just updated 123.09beta01 with a new tools/switch-nginx-ciphers.sh script you can use for now while I later will update Nginx defaults with the same switch to Mozilla intermediate recommendations including ffdhe3072 DHE param file Beta Branch - add tools/switch-nginx-ciphers.sh in 123.09beta01

 

updated Centmin Mod 123.09beta01 addons/acmetool.sh with check fix for deprecated acme-v01.api endpoint on very old Centmin Mod Nginx domain issued Letsencrypt certificates to ensure they use v02.api Letsencrypt endpoint and that addons/acmetool.sh defaults to using Letsencrypt CA provider instead of underlying acme.sh clients new ZeroSSL defaults - see Beta Branch - acmetool.sh 1.0.74 (and previous update at Beta Branch - update addons/acmetool.sh 1.0.70 set default CA to letsencrypt in 123.09beta01)

 

Updated 123.09beta01 for workaround fix for expiring Letsencrypt DST Root X3 CA certificate which expires September 30, 2021 https://community.centminmod.com/th...encrypt-dst-root-ca-x3-in-123-09beta01.21973/

See https://community.centminmod.com/threads/21965/

 

Updated Centmin Mod 123.09beta01 with an updated routine to account for ca-certificates YUM update in the previous post which removes the expiring DST Root CA X3 certificate from
/etc/pki/tls/certs/ca-bundle.crt CA Trust system bundle. So previous workaround would give an error outlined at https://community.centminmod.com/posts/90262/. This update accounts for folks updating their ca-certificates YUM package.

Existing users, just run cmupdate command to update your local 123.09beta01 code

 

Updated Centmin Mod 123.09beta01 with specific fixes only if you created Centmin Mod Nginx HTTPS sites with Letsencrypt front facing SSL certificates and need for older CentOS 6 OpenSSL/wget/curl clients to be able to connect to those Centmin Mod Nginx HTTPS sites. If you don't have such use case, there is no need to do a reissue for the updated preferred chain outlined at https://community.centminmod.com/threads/update-acmetool-sh-1-0-76.22024/.

 

November 30, 2021: Heads up made some Centmin Mod 123.09beta01 updates to improve initial install times for Nginx and PHP etc which will reduce the time it takes to install them and thus reduce overall Centmin Mod initial install times https://community.centminmod.com/th...mod-install-in-123-09beta01.22198/#post-90821. So make a mental note when comparing install times after November 30, 2021

 

Updated 123.09beta01 with optional libgd external library support for PHP GD features for PHP 7.4+ and 8.0+ so that PHP can use libgd 2.3.3 instead of bundled libgd versions included with PHP. For example PHP 8.1.0 uses bundled libgd 2.1.0 which is actually 14yrs old now! Details at https://community.centminmod.com/th...-php-extension-support-in-123-09beta01.22211/

 

Cloudflare's Firewall seems to have added JA3 fingerprint profiling as evidenced in their CF Firewall event log fields. So decided to test and add JA3 fingerprint profiling support to Centmin Mod 123.09beta01+ and higher https://community.centminmod.com/th...t-nginx-module-support-in-123-09beta01.22259/ to see what JA3 fingerprint profiling can be used for security wise

 

Holidays update

Update 123.09beta01 to install Redis server by default https://community.centminmod.com/threads/install-redis-server-by-default-in-123-09beta01.22297/

 

If folks want to help test Nginx 1.21.5 and new PCRE2 support in Centmin Mod 123.09beta01, I've posted a dedicated thread outlining the 2 step process for beta testing Centmin Mod Nginx PCRE2 support at https://community.centminmod.com/threads/centmin-mod-nginx-1-21-5-pcre2-beta-testing.22326/

 

As at January 27, 2022 AEST time, the new code outlined above has now been merged into the main Centmin Mod 123.09beta01 branch via commit at https://community.centminmod.com/th...upport-related-updates-in-123-09beta01.22397/. This includes updated support to optionally automatically sent Nginx upgrade logs to a specified Dropbox account as outlined here https://community.centminmod.com/threads/sending-nginx-upgrade-logs-to-dropbox-via-rclone.22402/

By default step 1 above config is in place so the same older PCRE v8.45 is installed with Nginx but changed installation location from PREFIX = /usr/local to PREFIX = /usr/local/nginx-dep for new installs. Existing users can update via SSH command = cmupdate.

Existing Beta Test Users Update

Existing Centmin Mod 123.09beta01 users who did take part in beta testing outlined here. Need one extra step to remove /usr/local/src/centminmod/inc/sync.inc before cmupdate can run. So for those users, run these 3 commands below:

Code (Text):

cd /usr/local/src/centminmod
rm -f /usr/local/src/centminmod/inc/sync.inc
cmupdate

 

optional ngx_pagespeed module update to 1.14.33.1-RC1 with PSOL/mod-pagespeed binary 1.14.36.1 https://community.centminmod.com/threads/update-ngx_pagespeed-module-version-in-123-09beta01.22415/

 

Centmin Mod 124.00stable and 130.00beta01 have been released now. Details at https://community.centminmod.com/threads/centmin-mod-124-00stable-130-00beta01-releases.22673/