Install Centmin Mod 1.2.3-eva2000.08 how to install & update

Update for LibreSSL downloads and LibreSSL 2.3.3

---

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.3.3 as well as update the LibreSSL download url mirror as the old defined mirror is down. Without updating your Centmin Mod branch version to latest code, Nginx upgrade, downgrade and recompiles via centmin.sh menu option 4 will fail to properly install and compile Nginx.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

 

Updated to LibreSSL 2.3.3

123.08stable still defaults to using OpenSSL 1.0.2g for Nginx compiles but has option to use LibreSSL. However, 123.08stable still was using LibreSSL 2.2.6 and needed updating to LibreSSL 2.3.3 (like 123.09beta01 which already had 2.3.3). The LibreSSL download url needed updating to use a mirror instead of official download url as it seems to be down or flaky Stable Branch - update libressl 2.3.3 for 123.08stable | Centmin Mod Community

Upgrading Centmin Mod Code to Latest Version

Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches.

Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch swicthing via Git backed environment you can setup. For full details read the following links:

• New centmin.sh menu option 23 updating
• Centmin Mod Upgrades
• Cronjob Auto Updating Centmin Mod Code Guide

Upgrading Centmin Mod involves 2 parts.

1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.

 

OpenSSL Security Updates

Updated both Centmin Mod 123.08stable and 123.09beta01 builds for nginx build openssl to 1.0.2h version which has security fixes. You'll need to update Centmin Mod code on your server via centmin.sh menu option 23 submenu option 2 and then run centmin.sh menu option 4 to recompile Nginx to use updated openssl 1.0.2h. Full instructions outlined at Security - OpenSSL 1.0.h & Updating Centmin Mod Nginx SSL Support | Centmin Mod Community

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

 

Update for LibreSSL downloads and LibreSSL 2.3.4

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.3.4 as well as update the LibreSSL download url mirror as the old defined mirror is down. Without updating your Centmin Mod branch version to latest code, Nginx upgrade, downgrade and recompiles via centmin.sh menu option 4 will fail to properly install and compile Nginx.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

 

Security Updates

Please read Important Security Updates for Centmin Mod LEMP Users - OpenSSL, LibreSSL & ImageMagick | Centmin Mod Community

 

Centmin Mod Nginx Module/Lua Module Updates for Centmin Mod

Updated Centmin Mod 123.08stable & 123.09beta01 builds - alot of nginx module/lua module updates for compile fixes Nginx - Install Error | Centmin Mod Community

123.09beta01 commits

• Update openresty & cloudflare nginx and lua modules for 123.09beta01 · centminmod/centminmod@1dd9681 · GitHub
• update downloads/svr-setup.zip · centminmod/centminmod@75652c3 · GitHub

123.08stable commits

• update nginx and lua module versions for 123.08stable · centminmod/centminmod@b5c7432 · GitHub
• update inc/downloadlinks.inc 123.08stable · centminmod/centminmod@8032b31 · GitHub
• corrected memc-nginx-module version 123.08stable · centminmod/centminmod@0da574b · GitHub
• fix memc-nginx-module & srcache-nginx-module 123.08stable · centminmod/centminmod@5a7c6aa · GitHub

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

 

Update for LibreSSL downloads and LibreSSL 2.3.6

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.3.6 for various bug fixes

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

 

Memcached Server 1.4.26 Updated

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Memcached server 1.4.26 release. Once you update your local server Centmin Mod branch code via centmin.sh menu option 23 outlined below. You will need to exit centmin.sh and re-run centmin.sh again and run centmin.sh menu option 10 to update Memcached server to 1.4.26.

Centmin Mod script will also auto update your memcached /etc/init.d/memcached file with new Memcached 1.4.26 -o modern option if it detects Memcached 1.4.26 version running. As such you will need to exit centmin.sh after menu option 10 run and re-run centmin.sh one more time to get centmin.sh to auto update /etc/init.d/memcached.

The centmin.sh will auto patch /etc/init.d/memcached even if you do this last step later or skip it whenever the next time you run centmin.sh and it detects Memcached 1.4.26 running and the new option is not in place.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

Memcached 1.4.26

Code (Text):

echo stats | nc 127.0.0.1 11211
STAT pid 20349
STAT uptime 23
STAT time 1466523090
STAT version 1.4.26
STAT libevent 2.0.22-stable
STAT pointer_size 64
STAT rusage_user 0.019124
STAT rusage_system 0.020595
STAT curr_connections 5
STAT total_connections 7
STAT rejected_connections 0
STAT connection_structures 6
STAT reserved_fds 20
STAT cmd_get 0
STAT cmd_set 0
STAT cmd_flush 0
STAT cmd_touch 0
STAT get_hits 0
STAT get_misses 0
STAT get_expired 0
STAT delete_misses 0
STAT delete_hits 0
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT touch_hits 0
STAT touch_misses 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 12
STAT bytes_written 1713
STAT limit_maxbytes 8388608
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT time_in_listen_disabled_us 0
STAT threads 4
STAT conn_yields 0
STAT hash_power_level 16
STAT hash_bytes 524288
STAT hash_is_expanding 0
STAT slab_reassign_rescues 0
STAT slab_reassign_evictions_nomem 0
STAT slab_reassign_inline_reclaim 0
STAT slab_reassign_busy_items 0
STAT slab_reassign_running 0
STAT slabs_moved 0
STAT lru_crawler_running 0
STAT lru_crawler_starts 0
STAT lru_maintainer_juggles 208
STAT malloc_fails 0
STAT log_worker_dropped 0
STAT log_worker_written 0
STAT log_watcher_skipped 0
STAT log_watcher_sent 0
STAT bytes 0
STAT curr_items 0
STAT total_items 0
STAT slab_global_page_pool 0
STAT expired_unfetched 0
STAT evicted_unfetched 0
STAT evictions 0
STAT reclaimed 0
STAT crawler_reclaimed 0
STAT crawler_items_checked 0
STAT lrutail_reflocked 0
STAT moves_to_cold 0
STAT moves_to_warm 0
STAT moves_within_lru 0
STAT direct_reclaims 0
END

 

Memcached Server 1.4.27 Updated

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Memcached server 1.4.27 release. Once you update your local server Centmin Mod branch code via centmin.sh menu option 23 outlined below. You will need to exit centmin.sh and re-run centmin.sh again and run centmin.sh menu option 10 to update Memcached server to 1.4.27.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

 

Backport NGINX_ACCESSKEY Variable for Nginx 1.11.2

Centmin Mod 123.08stable has backported a variable added to 123.09beta01 branch for NGINX_ACCESSKEY='n' and set to disabled by default. The nginx access module is incompatible with Nginx 1.11.2 md5 internal changes (nginx 1.11.2 change log) as reported here.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread

Once updated, run centmin.sh once to allow auto syncing of the changes to your existing server configuration and then run centmin.sh menu option 4 to update Nginx to 1.11.2 when prompted to enter version number = 1.11.2

 

Auto Swap File Setup & Detection Routine Added

Centmin Mod 123.09beta01 code update to add auto swap file detection and setup routine. Also backported this to 123.08stable too. If swap file is not detected, auto setup a 1GB swap file on disk to servers which are non-openvz based. This routine only runs on initial Centmin Mod install time. New auto swap file creation in action test at DigitalOcean - 512MB DigitalOcean VPS - Centmin Mod 123.09beta01 Install Test | Centmin Mod Community

Commits

• 123.09beta01 - Beta Branch - add auto swap file setup and detection on initial installs | Centmin Mod Community
• 123.08stable - Stable Branch - backport 123.09beta01 auto swap setup & detection routine to 123.08stable | Centmin Mod Community

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread

 

Backported addons/wget.sh from 123.09beta01

For wget CVE-2016-4971 security vulnerability fix, have backported a new centmin mod 123.09beta01 addons/wget.sh installer to 123.08stable. Full details on how to update wget and use addons/wget.sh at Security - wget security vulnerability CVE-2016-4971 | Centmin Mod Community

 

PHP-FPM Configuration Security Update HTTPoxy Vulnerability CVE-2016-5385

Updated both Centmin Mod 123.08stable and 123.09beta01 builds for HTTPoxy Security Vulnerability CVE-2016-5385 outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. Full detail and example of update at Beta Branch - security fix for php-fpm for http proxy header CVE-2016-5385 | Centmin Mod Community

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

Actual commits

• Beta Branch - security fix for php-fpm for http proxy header CVE-2016-5385 | Centmin Mod Community
• Beta Branch - ensure fixphpfpm_httpproxy restarts php-fpm | Centmin Mod Community

Dedicated discussion thread at PHP - Discuss HTTPoxy Security Vulnerability CVE-2016-5385 | Centmin Mod Community

 

PHP 5.5.38 Default for 123.08stable

Centmin Mod 123.08stable has been updated to default to PHP 5.5.38 instead of PHP 5.4.45 in light of HTTPoxy security vulnerability. PHP 5.5.38 has native fix for HTTPoxy as does PHP 5.6.24+ and PHP 7.0.9+. Details of HTTPoxy security vulnerability here.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread

Once updated, run centmin.sh once to allow auto syncing of the changes to your existing server configuration. Then run centmin.sh menu option 5 to upgrade PHP versions if you are still on PHP 5.4.45 or PHP versions below PHP 5.5.38 or below PHP 7.0.9.

 

Update for LibreSSL 2.4.2

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.4.2.

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.

Then select centmin.sh menu option #4 to upgrade/downgrade Nginx recompile Nginx and specify latest Nginx version i.e. 1.11.3.

 

TCP Flaw CVE-2016-5696 Workaround

Updated both Centmin Mod 123.08stable and 123.09beta01 builds with workaround fixes for TCP Flaw CVE-2016-5696 outlined here. After updating your Centmin Mod installs via below instructions, run centmin.sh once and the workaround will be applied automatically. You can verify the workaround fix is in place via command

Code (Text):

sysctl -a | grep ack_limit                                                                

Which should return output of

Code (Text):

sysctl -a | grep ack_limit                                                                
net.ipv4.tcp_challenge_ack_limit = 999999999

Note, OpenVZ VPS systems are unable to adjust TCP values at server level, so need your web host to do it for you.

If for whatever reason the auto fix doesn't apply, you can do it manually via these 2 commands

For CentOS 6

Code (Text):

echo "net.ipv4.tcp_challenge_ack_limit = 999999999" >> /etc/sysctl.conf; sysctl -p;
sysctl -a | grep ack_limit

For CentOS 7

Code (Text):

echo "net.ipv4.tcp_challenge_ack_limit = 999999999" >> /etc/sysctl.d/101-sysctl.conf; sysctl -p;
sysctl -a | grep ack_limit

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.
• How to upgrade Centmin Mod + backing up customisations

 

wget pcre update

Updated both Centmin Mod 123.08stable and 123.09beta01 builds

Fix wget 1.18 routine's pcre compile which was missing UTF8 support. See bug report at https://community.centminmod.com/posts/35540/. Just update your local install via centmin.sh menu option 23 submenu 2 then exiting centmin.sh and change into /usr/local/src/centminmod once again and then re-run centmin.sh once after and centmin.sh will auto detect if pcre has UTF8 support and recompile.

Code (Text):

./centmin.sh

fix pcre install for missing UTF8 support... one time task

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.
• How to upgrade Centmin Mod + backing up customisations

 

TCP Recycle Fix

Updated both Centmin Mod 123.08stable and 123.09beta01 builds for a TCP fix to disable tcp_tw_recycle which causes problems when multiple local lan devices try to connect to the server from same ISP IP. Problem was reported by @pamamolf at CSF - Can ping but can't open page | Page 4 | Centmin Mod Community Thanks for the bug report and making Centmin Mod that one step better

To apply the fix, update your local server's Centmin Mod branch code using below listed instructions for centmin.sh menu option 23 submenu option 2. Then re-run centmin.sh once to auto apply the fix. This fix and issue only applies to non-OpenVZ systems. OpenVZ VPS servers are not able to edit TCP settings so Centmin Mod never applies any in the first place.

Commit: Beta Branch - disable tcp_tw_recycle | Centmin Mod Community

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread
• Example of centmin.sh menu option 23 git updating code.
• How to upgrade Centmin Mod + backing up customisations

 

Nginx 1.11.4 & MariaDB Security Updates for CVE-2016-6662

There's been security updates for MariaDB versions for Remote Root Code Execution CVE-2016-6662 vulnerability outlined here. Also Nginx 1.11.4 version has been released. Centmin Mod users can upgrade Nginx versions themselves without waiting on Centmin Mod branch updates via centmin.sh menu option 4 illustrated here.

For MariaDB you can check which version you're currently running using via SSH command below.

Code (Text):

mysqladmin ver

and list which version is installed

Code (Text):

yum list installed MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared -q

example outputs

Code (Text):

mysqladmin ver
mysqladmin  Ver 9.1 Distrib 10.1.17-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Server version          10.1.17-MariaDB
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /var/lib/mysql/mysql.sock
Uptime:                 3 sec

Threads: 1  Questions: 1  Slow queries: 0  Opens: 18  Flush tables: 1  Open tables: 11  Queries per second avg: 0.333

Code (Text):

yum list installed MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared -q
Installed Packages
MariaDB-client.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-common.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-compat.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-devel.x86_64     10.1.17-1.el7.centos      @mariadb
MariaDB-server.x86_64    10.1.17-1.el7.centos      @mariadb
MariaDB-shared.x86_64    10.1.17-1.el7.centos      @mariadb

MariaDB YUM Updates

If you need to upgrade MariaDB within same branch, use yum update SSH command

Code (Text):

yum update MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared

 

Heads up seems github.com is having some issues right now with their servers returning 504 gateway timeouts for me across several of my servers. So any centmin.sh menu option 23 updates or reported github centmin mod url change prompts should be ignored (don't answer yes when prompt says github centmin mod url changed and whether you want to update it).

Code (Text):

curl -Is https://github.com/centminmod/centminmod/raw/123.09beta01/installer.sh
HTTP/1.1 504 Gateway Time-out
Cache-Control: no-cache
Content-Type: text/html
Date: Fri, 21 Oct 2016 12:50:51 GMT
Age: 0
X-GitHub-Request-Id: C61B43A9:0B41:2A7303A:580A0F21
X-Frame-Options: DENY

Seems to be github.com's DNS provider is undergoing a DDOS attack https://twitter.com/githubstatus/status/789433336083001344 !

Will update folks when github.com is working again.

More details at Centmin Mod github.com repo 504 Timeouts | Centmin Mod Community