Welcome to Centmin Mod Community
Register Now

Centmin Mod CentOS 9, Alma Linux 9, Rocky Linux 9 Compatibility Worklog

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, May 30, 2022.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Like the CentOS/Alma Linux/Rocky Linux 8 (EL8) compatibility worklog thread, this thread is for Centmin Mod's compatibility work for CentOS Stream 9, Alma Linux 9 and Rocky Linux 9 operating systems. Luckily, the hardest part and biggest changes were in EL7 to EL8, so my current work with Centmin Mod and EL8 compatibility is making it a lot easier to work with EL9 compatibility.

    All current EL8 and EL9 compatibility work as at May 30, 2022, is being done in Centmin Mod 130.00beta01 onwards. Right now EL8 and EL9 work is hidden behind optional flags so out of the box Centmin Mod 130.00beta01 will only work with CentOS 7 right now. Once compatibility work is done with EL8, then Centmin Mod 130.00beta01 will eventually enable those optional flags. Then finally when EL9 compatibility is done, those respective flags will also be enabled.


    Redhat/CentOS/Alma Linux/Rocky Linux 9 Release Notes, Manual & Info


    EL9 Community Forums


    Notes For EL9


    • EL8 vs EL9 Differences: Major differences between RHEL 8 and RHEL 9, including removed functionality, are documented in Considerations in adopting RHEL 9. Including:
      • The RPM database is now based on the sqlite library. Read-only support for BerkeleyDB databases has been retained for migration and query purposes. So how you handle YUM database corruption will differ in EL9 vs EL7/EL8.
      • RPM now supports the Zstandard (zstd) compression algorithm. In RHEL 9, the default RPM compression algorithm has switched to Zstandard (zstd). As a result, packages now install faster, which can be especially noticeable during large transactions.
      • In RHEL 9, TLS configuration is performed using the system-wide cryptographic policies mechanism. TLS versions below 1.2 are not supported anymore. DEFAULT, FUTURE and LEGACY cryptographic policies allow only TLS 1.2 and 1.3. See Using system-wide cryptographic policies for more information.
      • SCP not supported in RHEL 9. The secure copy protocol (SCP) protocol is no longer supported because it is difficult to secure. It has already caused security issues, for example CVE-2020-15778. In RHEL 9, SCP is replaced by the SSH File Transfer Protocol (SFTP) by default.
      • OpenSSH root password login disabled by default. The default configuration of OpenSSH in RHEL 9 disallows users to log in as root with a password to prevent attackers from gaining access through brute-force attacks on passwords.
      • NSS no longer support DBM and pk12util defaults changed. The Network Security Services (NSS) libraries no longer support the DBM file format for the trust database. In RHEL 8, the SQLite file format became the default format, and the existing DBM databases were opened on read-only mode and automatically converted to SQLite. Before you upgrade to RHEL 9, update all trust databases from DBM to SQLite. Additionally, the pk12util tool now uses the AES and SHA-256 algorithms instead of DES-3 and SHA-1 by default when exporting private keys.
      • RHEL 9 does not contain the legacy network scripts. RHEL 9 does not contain the network-scripts package that provided the deprecated legacy network scripts in RHEL 8. To configure network connections in RHEL 9, use NetworkManager. For details, see the Configuring and managing networking documentation.
      • Boot loader configuration files are unified across CPU architectures. Configuration files for the GRUB boot loader are now stored in the /boot/grub2/ directory on all supported CPU architectures. The /boot/efi/EFI/redhat/grub.cfg file, which GRUB previously used on UEFI systems, is now a symbolic link to the /boot/grub2/grub.cfg file.
      • NFSv2 is no longer supported. RHEL 9 NFS client and server no longer support NFSv2.
      • The unversioned form of the python command (/usr/bin/python) is available in the python-unversioned-command package. On some systems, this package is not installed by default. To install the unversioned form of the python command manually, use the dnf install /usr/bin/python command. In RHEL 9, the unversioned form of the python command points to the default Python 3.9 version and it is an equivalent to the python3 and python3.9 commands. The python command is intended for interactive sessions. In production, Red Hat recommends using python3 or python3.9 explicitly. You can uninstall the unversioned python command by using the dnf remove /usr/bin/python command. If you need a different python command, you can create custom symlinks in /usr/local/bin or ~/.local/bin or a Python virtual environment. Several other unversioned commands are available, such as /usr/bin/pip in the python3-pip package. In RHEL 9, all unversioned commands point to the default Python 3.9 version.
      • VM machine types based on RHEL 7.5 and earlier are unsupported. In RHEL 9, virtual machines (VMs) no longer support machine types based on RHEL 7.5 and earlier. For example, these include s390-ccw-virtio-rhel7.5.0
    • OpenSSL 3.0 Compatibility Issues: Looks like with Redhat Enterprise Linux 9, CentOS Stream 9, Alma Linux 9 or Rocky Linux 9, the default OpenSSL version 3.0 is installed instead of OpenSSL 1.0.2 for CentOS 7 and OpenSSL 1.1.1 for CentOS 8. This means to use EL9 distros out of the box, PHP web apps would need to use PHP 8.1 and higher as PHP 8.1 or higher are only versions that support EL9's OpenSSL 3.0.x PHP :: Doc Bug #81540 :: OpenSSL 3.0.0 is not supported prior to 8.1.0. With how slow newer PHP versions get adopted, you'd have to hope by EL9 mainstream release/usage, that all PHP applications are 100% working with PHP 8.1+ :) Luckily, for Centmin Mod 130.00beta01 and newer versions, I've fixed PHP-FPM's custom OpenSSL version support so we can build PHP 7.4, 8.0 and 8.1 with OpenSSL 1.1.1 instead of EL9 system's OpenSSL 3.0 https://community.centminmod.com/th...ssl-routine-in-130-00beta01.22812/#post-93085 :D
    • EL9 Modules: Unlike EL8, EL9 operating systems aren't relying on using modules as much this time https://almalinux.discourse.group/t/almalinux-9-dnf-module-list-is-empty/1181. From Redhat 9 Release notes,
    • SHA-1 Signatures Disabled: The use of SHA-1 for signatures is restricted in the default crypto policy. This may cause issues using SSH to access older systems, such as RHEL/CentOS 6. To allow SHA-1 you can run:
      Code (Text):
      update-crypto-policies --set DEFAULT:SHA1
      . Examples of issues you may encounter:
    • SELinux: Support for disabling SELinux through the SELINUX=disabled option in the /etc/selinux/config file has been removed from the kernel. When you disable SELinux only through /etc/selinux/config, the system starts with SELinux enabled but with no policy loaded. If your scenario requires disabling SELinux, add the selinux=0 parameter to your kernel command line. This could be problematic for Centmin Mod disabling SELinux in an unattended/automated way. You'd have to rely on VPS provider's default EL9 OS images to have SELinux disabled or for VPS providers to provide 2 sets of EL9 OS images - one with SELinux enabled and one with SELinux disabled.
    • ipset and iptables-nft deprecated: From deprecated release notes,
      and
      Centmin Mod's CSF Firewall uses ipset on non-OpenVZ systems, so will be interesting to see how CSF Firewall handles loosing ipset.
     
    Last edited: May 30, 2022
  2. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    MariaDB MySQL On EL9



    Centmin Mod intends for el9 OSes like Rocky Linux 9 and Alma Linux 9 to default to MariaDB 10.6 LTS releases out of the box. MariaDB official YUM repos now have an RHEL 9 version for MariaDB 10.5 and 10.6+ which apparently works and is tested on Rocky Linux 9 right now. So updated Centmin Mod 130.00beta01's MariaDB 10.5 and 10.6 routines to use RHEL 9 YUM repos when EL9 OS is detected.

    FYI, MariaDB 10.6 is long term stable (LTS) release with 5yrs support while MariaBD 10.7, 10.8 and 10.9 are short term 1yr only supported releases.
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    The last few days AlmaLinux 8 and AlmaLinux 9 compatibility testing for Centmin Mod 130.00beta01 branch has been ramping up. Some notes on some decisions I've made
    1. EL8 will default to GCC 11.2 for compilation routines instead of the current Centmin Mod 130.00beta01 default for GCC 10.2 and EL8 system default GCC 8.5
    2. EL8 will default to PHP 8.0.x installation (PHP-FPM) and stick with MariaDB 10.3 Official YUM repo
    3. EL9 is already default to GCC 11.2 for compilation routines
    4. EL9 will default to PHP 8.1.x installation (PHP-FPM) and use MariaDB 10.6 LTS Official YUM repo and also default the MariaDB MySQL 10.6 character set and collation to utf8mb4 via enabling variable SET_DEFAULT_MYSQLCHARSET='utf8mb4'
    Example for Centmin Mod Nginx built using GCC 11.2 with OpenSSL 1.1.1 on Rocky Linux 8, AlmaLinux 8 and AlmaLinux 9 :D

    Rocky Linux 8
    Code (Text):
    nginx -V
    nginx version: nginx/1.23.1 (310822-163951-rockylinux8-kvm-2341d4a)
    built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
    built with OpenSSL 1.1.1q  5 Jul 2022
    

    AlmaLinux 8
    Code (Text):
    nginx -V
    nginx version: nginx/1.23.1 (310822-162241-almalinux8-kvm-2341d4a)
    built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
    built with OpenSSL 1.1.1q  5 Jul 2022
    

    AlmaLinux 9
    Code (Text):
    nginx -V
    nginx version: nginx/1.23.1 (310822-024725-almalinux9-kvm-a198187)
    built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
    built with OpenSSL 1.1.1q  5 Jul 2022
    
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    EL9 PHP 7.4/8.0 Compatibility



    With Redhat Enterprise Linux 9, CentOS Stream 9, Alma Linux 9 or Rocky Linux 9, the default OpenSSL version 3.0 is installed instead of OpenSSL 1.0.2 for CentOS 7 and OpenSSL 1.1.1 for CentOS 8.

    This means to use EL9 distros out of the box, PHP web apps would need to use PHP 8.1 and higher as PHP 8.1 or higher are the only versions that support EL9's OpenSSL 3.0.x PHP :: Doc Bug #81540 :: OpenSSL 3.0.0 is not supported prior to 8.1.0.

    Luckily, for Centmin Mod 130.00beta01 and newer versions, I've added PHP-FPM's custom OpenSSL version support to build PHP 7.4, 8.0 and 8.1 with OpenSSL 1.1.1 instead of EL9 system's OpenSSL 3.0. But I overlooked additional work for PHP 7.4/8.0/8.1 to support custom OpenSSL 1.1.1 instead of OpenSSL 3.0.0. I'd also need a custom curl version built against custom OpenSSL 1.1.1. And custom curl version also needs a custom libssh2 version built against custom OpenSSL 1.1.1!

    So I could compile them all, but probably easier to build custom RPMs for PHP 7.4/8.0/8.1 EL9 usage if you want OpenSSL 1.1.1 instead of system OpenSSL 3.0. So following custom RPMs are needed and I've done early test builds for:
    • OpenSSL 1.1.1
    • libssh2 1.10.0
    • curl 7.85.0
    custom OpenSSL 1.1.1q RPM for EL9
    Code (Text):
    /opt/el-compat/bin/openssl version -a
    OpenSSL 1.1.1q  5 Jul 2022
    built on: Sun Sep  4 13:16:34 2022 UTC
    platform: linux-x86_64
    options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
    compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
    OPENSSLDIR: "/opt/el-compat"
    ENGINESDIR: "/opt/el-compat/lib/engines-1.1"
    Seeding source: os-specific
    

    Code (Text):
    yum -q info centmin-openssl11-compat-1.1.1q
    Installed Packages
    Name         : centmin-openssl11-compat
    Version      : 1.1.1q
    Release      : 1.el9
    Architecture : x86_64
    Size         : 12 M
    Source       : centmin-openssl11-compat-1.1.1q-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : openssl 1.1.1q for centminmod.com LEMP stack openssl 1.1.1q
    URL          : https://centminmod.com
    License      : unknown
    Description  : openssl 1.1.1q compatibility for EL9 for centminmod.com LEMP stacks
    

    custom curl 7.85.0 RPM for EL9
    Code (Text):
    /opt/el-compat/bin/curl -V
    curl 7.85.0 (x86_64-pc-linux-gnu) libcurl/7.85.0 OpenSSL/1.1.1q zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.43.0
    Release-Date: 2022-08-31
    Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
    Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
    

    custom curl RPM with HTTP/2 support but I can later also add HTTP/3 support to this RPM :)
    Code (Text):
    /opt/el-compat/bin/curl -I https://www.nginx.com
    HTTP/2 200
    date: Sun, 04 Sep 2022 18:01:36 GMT
    content-type: text/html; charset=UTF-8
    vary: Accept-Encoding
    x-gateway-request-id: e7e2c35e50f90196f255a518a185020c
    set-cookie: geoip=AU; Max-Age=604800
    x-pingback: https://www.nginx.com/xmlrpc.php
    cache-control: public, max-age=600
    link: <https://www.nginx.com/wp-json/>; rel="https://api.w.org/"
    link: <https://www.nginx.com/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json"
    link: <https://www.nginx.com/>; rel=shortlink
    content-security-policy: frame-ancestors 'self'
    x-gateway-cache-key: 1662168125.493|standard|https|www.nginx.com||/|AU
    x-gateway-cache-status: HIT
    x-gateway-skip-cache: 0
    cf-cache-status: DYNAMIC
    server: cloudflare-nginx
    cf-ray: 7458a1a0cd5eaacf-SYD
    

    Code (Text):
    yum -q info centmin-curl-compat
    Installed Packages
    Name         : centmin-curl-compat
    Version      : 7.85.0
    Release      : 1.el9
    Architecture : x86_64
    Size         : 3.0 M
    Source       : centmin-curl-compat-7.85.0-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : curl 7.85.0 for centminmod.com LEMP stack curl 7.85.0
    URL          : https://centminmod.com
    License      : unknown
    Description  : curl 7.85.0 compatibility for EL9 for centminmod.com LEMP stacks
    

    custom libssh2 1.10.0 RPM for EL9
    Code (Text):
    yum -q info centmin-libssh2-compat
    Installed Packages
    Name         : centmin-libssh2-compat
    Version      : 1.10.0
    Release      : 1.el9
    Architecture : x86_64
    Size         : 3.0 M
    Source       : centmin-libssh2-compat-1.10.0-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : libssh2 1.10.0 for centminmod.com LEMP stack libssh2 1.10.0
    URL          : https://centminmod.com
    License      : unknown
    Description  : libssh2 1.10.0 compatibility for EL9 for centminmod.com LEMP stacks
    


    curl HTTP/3 RPM



    Also tried my first custom RPM builds for curl HTTP/3 with custom OpenSSL 1.1.1q QUIC (HTTP/3) based forked library

    See HTTP3 listed in Features listing along with ngtcp2 and nghttp3 libraries required for curl to support HTTP/3
    Code (Text):
    /opt/el-compact-quic/bin/curl -V
    curl 7.85.1-DEV (x86_64-pc-linux-gnu) libcurl/7.85.1-DEV OpenSSL/1.1.1q zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.43.0 ngtcp2/0.9.0-DEV nghttp3/0.8.0-DEV
    Release-Date: [unreleased]
    Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
    Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
    

    Code (Text):
    yum -q info centmin-curl-http3-compat
    Installed Packages
    Name         : centmin-curl-http3-compat
    Version      : 7.85.1
    Release      : 1.el9
    Architecture : x86_64
    Size         : 4.3 M
    Source       : centmin-curl-http3-compat-7.85.1-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : curl 7.85.1 for centminmod.com LEMP stack curl 7.85.1
    URL          : https://centminmod.com
    License      : unknown
    Description  : curl 7.85.1 compatibility for EL9 for centminmod.com LEMP stacks
    

    Example curl header test against my Wordpress blog behind Cloudflare HTTP/3 proxy showing HTTP/3 connections with 103 Early Hints too :)
    Code (Text):
    /opt/el-compact-quic/bin/curl -I --http3 https://blog.centminmod.com
    HTTP/3 103 
    link: , </cfimages/9cb7dc1c-2559-4bec-b354-0e89ecc6c500/large>; as=image; fetchpriority=high; rel=preload, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; as=script; rel=preload, <https://static.cloudflareinsights.com>; rel=preconnect, <https://www.googletagmanager.com>; rel=preconnect, <https://www.google-analytics.com>; rel=preconnect, <https://js-agent.newrelic.com>; rel=preconnect, <https://bam.nr-data.net>; rel=preconnect
    
    HTTP/3 200 
    date: Sun, 04 Sep 2022 22:17:43 GMT
    content-type: text/html; charset=UTF-8
    cf-ray: 745a18cef87ea959-SYD
    age: 336568
    cache-control: public, max-age=86400, s-maxage=86400, stale-while-revalidate=60
    expires: Mon, 05 Sep 2022 22:17:43 GMT
    last-modified: Fri, 19 Aug 2022 19:06:23 GMT
    link: <https://blog.centminmod.com/wp-json/>; rel="https://api.w.org/", <https://blog.centminmod.com/>; rel="canonical", </cfimages/9cb7dc1c-2559-4bec-b354-0e89ecc6c500/large>; rel=preload; as=image; fetchpriority=high;, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script;, <https://static.cloudflareinsights.com>; rel=preconnect, <https://www.googletagmanager.com>; rel=preconnect, <https://www.google-analytics.com>; rel=preconnect, <https://js-agent.newrelic.com>; rel=preconnect, <https://bam.nr-data.net>; rel=preconnect, <https://gtag.centminmod.com>; rel=dns-prefetch, <https://unpkg.centminmod.com>; rel=dns-prefetch
    set-cookie: canpush=yes
    strict-transport-security: max-age=31536000; includeSubdomains;
    vary: Accept-Encoding
    cf-cache-status: HIT
    cf-cachetime: 2592000
    cf-index-rule: 1
    cf-push: yes
    cf-req-country: AU
    referrer-policy: strict-origin-when-cross-origin
    x-content-type-options: nosniff
    x-frame-options: SAMEORIGIN
    x-powered-by: centminmod
    x-ua-compatible: IE=edge
    x-xss-protection: 1; mode=block
    nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
    report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://centminmodcom.report-uri.com/a/d/g"}],"include_subdomains":true}
    server: cloudflare
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
    


    Forked OpenSSL 1.1.1q QUIC library RPM for EL9
    Code (Text):
    /opt/el-compact-quic/bin/openssl version -a
    OpenSSL 1.1.1q+quic  5 Jul 2022
    built on: Sun Sep  4 20:50:47 2022 UTC
    platform: linux-x86_64
    options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
    compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
    OPENSSLDIR: "/opt/el-compact-quic"
    ENGINESDIR: "/opt/el-compact-quic/lib/engines-81.1.1"
    Seeding source: os-specific
    

    Code (Text):
    yum -q info centmin-openssl11-quic
    Installed Packages
    Name         : centmin-openssl11-quic
    Version      : 1.1.1q
    Release      : 1.el9
    Architecture : x86_64
    Size         : 12 M
    Source       : centmin-openssl11-quic-1.1.1q-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : openssl-quic 1.1.1q for centminmod.com LEMP stack openssl-quic 1.1.1q
    URL          : https://centminmod.com
    License      : unknown
    Description  : openssl-quic 1.1.1q compatibility for EL9 for centminmod.com LEMP stacks
    

    ngtcp2 and nghttp3 custom RPMs for EL9
    Code (Text):
    yum -q info centmin-ngtcp2-compat
    Installed Packages
    Name         : centmin-ngtcp2-compat
    Version      : 0.9.0
    Release      : 1.el9
    Architecture : x86_64
    Size         : 4.1 M
    Source       : centmin-ngtcp2-compat-0.9.0-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : ngtcp2 0.9.0 for centminmod.com LEMP stack ngtcp2 0.9.0
    URL          : https://centminmod.com
    License      : unknown
    Description  : ngtcp2 0.9.0 compatibility for EL9 for centminmod.com LEMP stacks
    

    Code (Text):
    yum -q info centmin-nghttp3-compat
    Installed Packages
    Name         : centmin-nghttp3-compat
    Version      : 0.80
    Release      : 1.el9
    Architecture : x86_64
    Size         : 1.7 M
    Source       : centmin-nghttp3-compat-0.80-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : nghttp3 0.80 for centminmod.com LEMP stack nghttp3 0.80
    URL          : https://centminmod.com
    License      : unknown
    Description  : nghttp3 0.80 compatibility for EL9 for centminmod.com LEMP stacks
    
     
    Last edited: Sep 5, 2022
  5. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    One exciting benefit of the previous post's custom OpenSSL RPMs is the one with OpenSSL 1.1.1 quictls support as it can also be used for building the official Nginx QUIC branch for Nginx HTTP/3 support using OpenSSL quictls fork from Introducing a Technology Preview of NGINX Support for QUIC and HTTP/3 - NGINX. The OpenSSL quictls fork is a collaborated effort from Akamai and Microsoft to add HTTP/3 and QUIC support to OpenSSL which currently doesn't have such support.

    Nginx has a Nginx HTTP/3 demo site based off their official Nginx QUIC branch with OpeSSL quictls fork at https://quic.nginx.org/

    I've updated my custom RPM build scripts so it is easier to build OpenSSL 1.1.1 quictls based RPMs for EL7, EL8 and EL9 OSes :)
    Code (Text):
    /opt/el-compact-quic/bin/openssl version -a
    OpenSSL 1.1.1q+quic  5 Jul 2022
    built on: Sun Sep  4 20:50:47 2022 UTC
    platform: linux-x86_64
    options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
    compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
    OPENSSLDIR: "/opt/el-compact-quic"
    ENGINESDIR: "/opt/el-compact-quic/lib/engines-81.1.1"
    Seeding source: os-specific
    

    Code (Text):
    yum -q info centmin-openssl11-quic
    Installed Packages
    Name         : centmin-openssl11-quic
    Version      : 1.1.1q
    Release      : 1.el9
    Architecture : x86_64
    Size         : 12 M
    Source       : centmin-openssl11-quic-1.1.1q-1.el9.src.rpm
    Repository   : @System
    From repo    : @commandline
    Summary      : openssl-quic 1.1.1q for centminmod.com LEMP stack openssl-quic 1.1.1q
    URL          : https://centminmod.com
    License      : unknown
    Description  : openssl-quic 1.1.1q compatibility for EL9 for centminmod.com LEMP stacks
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Centmin Mod Terraformed



    I've discovered the wonders and power of using Terraform for provisioning and automation. This makes automating EL8/EL9 testing a lot easier.
    1. I can even spin up a premade Centmin Mod custom OS image ready to use in <2 minutes :cool: I am using Upcloud's Terraform provider and example at https://github.com/centminmod/upcloud-terraform. If you also want to try Upcloud Terraform for yourself, you can sign up for Upcloud via my referral link, and you'll get US$25 free credit to play with yourself, and after you make your first US$10 deposit payment, I'll get a US$50 referral bonus which I'll use towards my testing :D
    2. I can also use Terraform to spin up custom Centmin Mod installations with scripts to build my EL7/EL8/EL9 custom YUM RPM packages + automate the setup of my own Centmin Mod YUM repo mirrors. The ways I can use Terraform are pretty endless :)
    For now, I'm using Terraform at Upcloud. But later on, will build Terraform scripts for Linode, DigitalOcean, Hetzner and Vultr. As all these providers have their own Terraform provider support.

    This compatibility testing for EL8 and EL9 OS is costing $$$$ so if you can spare some $$$ to support this, it would be much appreciated :D

    FYI, the past 3+ days, I've done a total of 150+ Centmin Mod installations to both get Centmin Mod installs ready for Terraform compatibility + also for EL8 and EL9 OS compatibility testing and OS provisioning :D
     
    Last edited: Sep 18, 2022
  7. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Been working on Centmin Mod's Github automated workflow testing :cool:

    cmm-github-workflow-status-badges-00.png
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Sharing some of the behind the scenes work I've been doing on Centmin Mod's EL8/EL9 compatibility testing using Github Workflow automated actions. The testing now allows me to do 100s of automated tests installing Centmin Mod 130.00beta01's private EL8/EL9 compatible installer on AlmaLinux 8/9, RockyLinux 8/9 and Oracle Linux 8/9 and has already helped me find and fix quite a few EL8/EL9 related bugs for Centmin Mod :D

    I posted some automated testing screenshots for one test which installs Centmin Mod on AlmaLinux 8, RockyLinux 8 and Oracle Linux 8 concurrently on 3 servers and runs through a whole suite of tests for various Centmin Mod features - including centmin.sh menu option 4 and 5 routines for compiling Nginx with OpenSSL 1.1.1, OpenSSL 3.0, BoringSSQL, QuicTLS and also compiling PHP 8.0, 8.1, 8.2 and 8.3 :D

    Some of the automated testing done for AlmaLinux 8 part shown below - it's basically the same tests for AlmaLinux 9 equivalent too. For the rest check out https://community.centminmod.com/media/albums/centmin-mod-el8-el9-automated-tests.21/. These extensive automated tests will help me speed up EL8/EL9 compatibility testing and development for Centmin Mod - allowing to properly test 3 different OSes for AlmaLinux, RockyLinux and OracleLinux :)

    [​IMG] [​IMG]

    Example for automated testing on Nginx built with OpenSSL 3.0 - soon to be the default for Centmin Mod 130.00beta01 as OpenSSL 1.1.1 is EOL ;)
    [​IMG]
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,107
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    8:13 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
Thread Status:
Not open for further replies.