Join the community today
Register Now

Install Centmin Mod 1.2.3-eva2000.08 how to install & update

Discussion in 'Install & Upgrades or Pre-Install Questions' started by eva2000, Aug 7, 2015.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Update for LibreSSL downloads and LibreSSL 2.3.3



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.3.3 as well as update the LibreSSL download url mirror as the old defined mirror is down. Without updating your Centmin Mod branch version to latest code, Nginx upgrade, downgrade and recompiles via centmin.sh menu option 4 will fail to properly install and compile Nginx.


    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Updated to LibreSSL 2.3.3



    123.08stable still defaults to using OpenSSL 1.0.2g for Nginx compiles but has option to use LibreSSL. However, 123.08stable still was using LibreSSL 2.2.6 and needed updating to LibreSSL 2.3.3 (like 123.09beta01 which already had 2.3.3). The LibreSSL download url needed updating to use a mirror instead of official download url as it seems to be down or flaky Stable Branch - update libressl 2.3.3 for 123.08stable | Centmin Mod Community

    Upgrading Centmin Mod Code to Latest Version



    Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches.

    Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch swicthing via Git backed environment you can setup. For full details read the following links:
    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.
     
  3. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    OpenSSL Security Updates



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds for nginx build openssl to 1.0.2h version which has security fixes. You'll need to update Centmin Mod code on your server via centmin.sh menu option 23 submenu option 2 and then run centmin.sh menu option 4 to recompile Nginx to use updated openssl 1.0.2h. Full instructions outlined at Security - OpenSSL 1.0.h & Updating Centmin Mod Nginx SSL Support | Centmin Mod Community

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Update for LibreSSL downloads and LibreSSL 2.3.4



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.3.4 as well as update the LibreSSL download url mirror as the old defined mirror is down. Without updating your Centmin Mod branch version to latest code, Nginx upgrade, downgrade and recompiles via centmin.sh menu option 4 will fail to properly install and compile Nginx.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Memcached Server 1.4.26 Updated



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Memcached server 1.4.26 release. Once you update your local server Centmin Mod branch code via centmin.sh menu option 23 outlined below. You will need to exit centmin.sh and re-run centmin.sh again and run centmin.sh menu option 10 to update Memcached server to 1.4.26.

    Centmin Mod script will also auto update your memcached /etc/init.d/memcached file with new Memcached 1.4.26 -o modern option if it detects Memcached 1.4.26 version running. As such you will need to exit centmin.sh after menu option 10 run and re-run centmin.sh one more time to get centmin.sh to auto update /etc/init.d/memcached.

    The centmin.sh will auto patch /etc/init.d/memcached even if you do this last step later or skip it whenever the next time you run centmin.sh and it detects Memcached 1.4.26 running and the new option is not in place.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Memcached 1.4.26
    Code (Text):
    echo stats | nc 127.0.0.1 11211
    STAT pid 20349
    STAT uptime 23
    STAT time 1466523090
    STAT version 1.4.26
    STAT libevent 2.0.22-stable
    STAT pointer_size 64
    STAT rusage_user 0.019124
    STAT rusage_system 0.020595
    STAT curr_connections 5
    STAT total_connections 7
    STAT rejected_connections 0
    STAT connection_structures 6
    STAT reserved_fds 20
    STAT cmd_get 0
    STAT cmd_set 0
    STAT cmd_flush 0
    STAT cmd_touch 0
    STAT get_hits 0
    STAT get_misses 0
    STAT get_expired 0
    STAT delete_misses 0
    STAT delete_hits 0
    STAT incr_misses 0
    STAT incr_hits 0
    STAT decr_misses 0
    STAT decr_hits 0
    STAT cas_misses 0
    STAT cas_hits 0
    STAT cas_badval 0
    STAT touch_hits 0
    STAT touch_misses 0
    STAT auth_cmds 0
    STAT auth_errors 0
    STAT bytes_read 12
    STAT bytes_written 1713
    STAT limit_maxbytes 8388608
    STAT accepting_conns 1
    STAT listen_disabled_num 0
    STAT time_in_listen_disabled_us 0
    STAT threads 4
    STAT conn_yields 0
    STAT hash_power_level 16
    STAT hash_bytes 524288
    STAT hash_is_expanding 0
    STAT slab_reassign_rescues 0
    STAT slab_reassign_evictions_nomem 0
    STAT slab_reassign_inline_reclaim 0
    STAT slab_reassign_busy_items 0
    STAT slab_reassign_running 0
    STAT slabs_moved 0
    STAT lru_crawler_running 0
    STAT lru_crawler_starts 0
    STAT lru_maintainer_juggles 208
    STAT malloc_fails 0
    STAT log_worker_dropped 0
    STAT log_worker_written 0
    STAT log_watcher_skipped 0
    STAT log_watcher_sent 0
    STAT bytes 0
    STAT curr_items 0
    STAT total_items 0
    STAT slab_global_page_pool 0
    STAT expired_unfetched 0
    STAT evicted_unfetched 0
    STAT evictions 0
    STAT reclaimed 0
    STAT crawler_reclaimed 0
    STAT crawler_items_checked 0
    STAT lrutail_reflocked 0
    STAT moves_to_cold 0
    STAT moves_to_warm 0
    STAT moves_within_lru 0
    STAT direct_reclaims 0
    END
    
     
  8. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Memcached Server 1.4.27 Updated



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Memcached server 1.4.27 release. Once you update your local server Centmin Mod branch code via centmin.sh menu option 23 outlined below. You will need to exit centmin.sh and re-run centmin.sh again and run centmin.sh menu option 10 to update Memcached server to 1.4.27.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  9. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Backport NGINX_ACCESSKEY Variable for Nginx 1.11.2



    Centmin Mod 123.08stable has backported a variable added to 123.09beta01 branch for NGINX_ACCESSKEY='n' and set to disabled by default. The nginx access module is incompatible with Nginx 1.11.2 md5 internal changes (nginx 1.11.2 change log) as reported here.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Once updated, run centmin.sh once to allow auto syncing of the changes to your existing server configuration and then run centmin.sh menu option 4 to update Nginx to 1.11.2 when prompted to enter version number = 1.11.2
     
  10. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Auto Swap File Setup & Detection Routine Added



    Centmin Mod 123.09beta01 code update to add auto swap file detection and setup routine. Also backported this to 123.08stable too. If swap file is not detected, auto setup a 1GB swap file on disk to servers which are non-openvz based. This routine only runs on initial Centmin Mod install time. New auto swap file creation in action test at DigitalOcean - 512MB DigitalOcean VPS - Centmin Mod 123.09beta01 Install Test | Centmin Mod Community

    Commits
    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
    Last edited: Jul 7, 2016
  11. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  12. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    PHP-FPM Configuration Security Update HTTPoxy Vulnerability CVE-2016-5385



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds for HTTPoxy Security Vulnerability CVE-2016-5385 outlined at Mitigating the HTTPoxy Vulnerability with NGINX To fix on existing Centmin Mod systems, update latest 123.09beta01 or 123.08stable branch code via centmin.sh menu option 23 and then exit centmin.sh and re-run centmin.sh one more time. Full detail and example of update at Beta Branch - security fix for php-fpm for http proxy header CVE-2016-5385 | Centmin Mod Community

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Actual commits
    Dedicated discussion thread at PHP - Discuss HTTPoxy Security Vulnerability CVE-2016-5385 | Centmin Mod Community
     
    Last edited: Jul 19, 2016
  13. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    PHP 5.5.38 Default for 123.08stable



    Centmin Mod 123.08stable has been updated to default to PHP 5.5.38 instead of PHP 5.4.45 in light of HTTPoxy security vulnerability. PHP 5.5.38 has native fix for HTTPoxy as does PHP 5.6.24+ and PHP 7.0.9+. Details of HTTPoxy security vulnerability here.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Once updated, run centmin.sh once to allow auto syncing of the changes to your existing server configuration. Then run centmin.sh menu option 5 to upgrade PHP versions if you are still on PHP 5.4.45 or PHP versions below PHP 5.5.38 or below PHP 7.0.9.
     
  14. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Update for LibreSSL 2.4.2



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to update LibreSSL version to 2.4.2.

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
    Then select centmin.sh menu option #4 to upgrade/downgrade Nginx recompile Nginx and specify latest Nginx version i.e. 1.11.3.
     
    Last edited: Aug 3, 2016
  15. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    TCP Flaw CVE-2016-5696 Workaround



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds with workaround fixes for TCP Flaw CVE-2016-5696 outlined here. After updating your Centmin Mod installs via below instructions, run centmin.sh once and the workaround will be applied automatically. You can verify the workaround fix is in place via command
    Code (Text):
    sysctl -a | grep ack_limit                                                                
    

    Which should return output of
    Code (Text):
    sysctl -a | grep ack_limit                                                                
    net.ipv4.tcp_challenge_ack_limit = 999999999
    

    Note, OpenVZ VPS systems are unable to adjust TCP values at server level, so need your web host to do it for you.

    If for whatever reason the auto fix doesn't apply, you can do it manually via these 2 commands

    For CentOS 6
    Code (Text):
    echo "net.ipv4.tcp_challenge_ack_limit = 999999999" >> /etc/sysctl.conf; sysctl -p;
    sysctl -a | grep ack_limit
    

    For CentOS 7
    Code (Text):
    echo "net.ipv4.tcp_challenge_ack_limit = 999999999" >> /etc/sysctl.d/101-sysctl.conf; sysctl -p;
    sysctl -a | grep ack_limit
    

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
    Last edited: Aug 13, 2016
  16. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    wget pcre update



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds

    Fix wget 1.18 routine's pcre compile which was missing UTF8 support. See bug report at https://community.centminmod.com/posts/35540/. Just update your local install via centmin.sh menu option 23 submenu 2 then exiting centmin.sh and change into /usr/local/src/centminmod once again and then re-run centmin.sh once after and centmin.sh will auto detect if pcre has UTF8 support and recompile.

    Code (Text):
    ./centmin.sh
    
    fix pcre install for missing UTF8 support... one time task


    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  17. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    TCP Recycle Fix



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds for a TCP fix to disable tcp_tw_recycle which causes problems when multiple local lan devices try to connect to the server from same ISP IP. Problem was reported by @pamamolf at CSF - Can ping but can't open page | Page 4 | Centmin Mod Community Thanks for the bug report and making Centmin Mod that one step better :)

    To apply the fix, update your local server's Centmin Mod branch code using below listed instructions for centmin.sh menu option 23 submenu option 2. Then re-run centmin.sh once to auto apply the fix. This fix and issue only applies to non-OpenVZ systems. OpenVZ VPS servers are not able to edit TCP settings so Centmin Mod never applies any in the first place.

    Commit: Beta Branch - disable tcp_tw_recycle | Centmin Mod Community

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  18. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Nginx 1.11.4 & MariaDB Security Updates for CVE-2016-6662



    There's been security updates for MariaDB versions for Remote Root Code Execution CVE-2016-6662 vulnerability outlined here. Also Nginx 1.11.4 version has been released. Centmin Mod users can upgrade Nginx versions themselves without waiting on Centmin Mod branch updates via centmin.sh menu option 4 illustrated here.

    For MariaDB you can check which version you're currently running using via SSH command below.
    Code (Text):
    mysqladmin ver

    and list which version is installed
    Code (Text):
    yum list installed MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared -q


    example outputs
    Code (Text):
    mysqladmin ver
    mysqladmin  Ver 9.1 Distrib 10.1.17-MariaDB, for Linux on x86_64
    Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
    
    Server version          10.1.17-MariaDB
    Protocol version        10
    Connection              Localhost via UNIX socket
    UNIX socket             /var/lib/mysql/mysql.sock
    Uptime:                 3 sec
    
    Threads: 1  Questions: 1  Slow queries: 0  Opens: 18  Flush tables: 1  Open tables: 11  Queries per second avg: 0.333

    Code (Text):
    yum list installed MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared -q
    Installed Packages
    MariaDB-client.x86_64    10.1.17-1.el7.centos      @mariadb
    MariaDB-common.x86_64    10.1.17-1.el7.centos      @mariadb
    MariaDB-compat.x86_64    10.1.17-1.el7.centos      @mariadb
    MariaDB-devel.x86_64     10.1.17-1.el7.centos      @mariadb
    MariaDB-server.x86_64    10.1.17-1.el7.centos      @mariadb
    MariaDB-shared.x86_64    10.1.17-1.el7.centos      @mariadb
    


    MariaDB YUM Updates



    If you need to upgrade MariaDB within same branch, use yum update SSH command
    Code (Text):
    yum update MariaDB-client MariaDB-common MariaDB-compat MariaDB-devel MariaDB-server MariaDB-shared
     
  19. eva2000

    eva2000 Administrator Staff Member

    55,197
    12,251
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,829
    Local Time:
    6:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Heads up seems github.com is having some issues right now with their servers returning 504 gateway timeouts for me across several of my servers. So any centmin.sh menu option 23 updates or reported github centmin mod url change prompts should be ignored (don't answer yes when prompt says github centmin mod url changed and whether you want to update it).
    Code (Text):
    curl -Is https://github.com/centminmod/centminmod/raw/123.09beta01/installer.sh
    HTTP/1.1 504 Gateway Time-out
    Cache-Control: no-cache
    Content-Type: text/html
    Date: Fri, 21 Oct 2016 12:50:51 GMT
    Age: 0
    X-GitHub-Request-Id: C61B43A9:0B41:2A7303A:580A0F21
    X-Frame-Options: DENY

    Seems to be github.com's DNS provider is undergoing a DDOS attack https://twitter.com/githubstatus/status/789433336083001344 !

    Will update folks when github.com is working again.

    More details at Centmin Mod github.com repo 504 Timeouts | Centmin Mod Community
     
    Last edited: Oct 21, 2016
Thread Status:
Not open for further replies.