Join the community today
Register Now

Nginx How To Enable Centmin Mod Nginx HTTPS HTTP/3 QUIC Support

Discussion in 'Centmin Mod Insights' started by eva2000, Sep 12, 2024.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    3:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod Nginx, by default, supports HTTPS-based Nginx vhost sites with default HTTP/2 HTTPS. However, the latest Centmin Mod 131.00stable and 140.00beta01 versions also optionally supports Centmin Mod Nginx builds with HTTP/3 QUIC based HTTPS thanks to Centmin Mod Nginx compilations supporting multiple crypto libraries including ones that enable HTTP/3 QUIC in Centmin Mod Nginx.

    Read further below on enabling Centmin Mod Nginx HTTP/3 QUIC support for Nginx HTTPS connections and websites.

    Notes:
    1. Nginx 1.25.0 or higher support HTTP/3 QUIC when paired with a crypto library that supports HTTP/3 QUIC as outlined at https://nginx.org/en/docs/quic.html and when you add additional Nginx listen directives and Alt-Svc headers (see below). Centmin Mod Nginx is built via source compilation via centmin.sh menu option 4 to allow supporting multiple crypto libraries.
    2. Officially, Nginx marks it's specific implementation of HTTP/3 QUIC support as experimental still. So not suited to production live site usage. In general, HTTP/3 QUIC will increase your server resource usage i.e. memory and CPU to allow potentially faster page load performance. This usually means HTTP/3 QUIC will reduce how many Nginx HTTPS based requests/second you can handle compared to HTTP/2. Also with HTTP/3 QUIC your Nginx site's large file download speed might be slower than with HTTP/2. Basically for HTTP/3 QUIC you are trading in higher memory, CPU usage, slower large file download speed and lower requests/second handling for potentially better page load performance. It is this reason why Centmin Mod Nginx still defaults to OpenSSL crypto library which supports a max HTTP/2 protocol version. If you use Cloudflare too as mentioned in second note, then it makes Nginx HTTP/3 QUIC pointless.
    3. If you use Centmin Mod Nginx with Cloudflare orange cloud-enabled CDN proxy in front of Centmin Mod Nginx, then only Cloudflare Edge servers are connecting and communicating with Centmin Mod Nginx and its used crypto library. Cloudflare edge servers only support HTTP/1.1 and HTTP/2 connections to origin servers and do not support HTTP/3 connections. So there is no point in enabling Centmin Mod Nginx with HTTP/3 QUIC support as Cloudflare edge servers will never use HTTP/3 with origin Centmin Mod Nginx servers. Your site visitors will be connecting and communicating only with Cloudflare's CDN edge servers' HTTP/3 QUIC implementation and not Centmin Mod Nginx - so not need for Centmin Mod Nginx to switch to HTTP/3 QUIC enabled support.
    4. To test HTTP/3 QUIC support you can test your site using HTTP/3 test site at https://http3check.net/

    Centmin Mod Nginx HTTP/3 QUIC Support



    Centmin Mod Nginx optionally supports several crypto libraries that enable HTTPS support. HTTPS can be served via HTTP/1.1, HTTP/2 and HTTP/3 QUIC protocols. However, not all crypto libraries support HTTP/3 QUIC protocol. Some only support HTTP/2 max protocol version. Centmin Mod Nginx default uses OpenSSL and that does not support HTTP/3 QUIC, so you need to switch to a crypto library that supports HTTP/3 QUIC protocol and run centmin.sh menu option 4 to recompile Nginx and then configure each Nginx vhost manually (for now) to enable HTTP/3 support. Read further for instructions on how to switch crypto libraries and configure each Nginx vhost manually to enable Centmin Mod Nginx HTTP/3 QUIC support.

    Running centmin.sh menu option 4
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 140.00beta01 centminmod.com
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  MySQL User Database Management
    7).  Persistent Config File Management
    8).  Option Being Revised (TBA)
    9).  Option Being Revised (TBA)
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Data Transfer
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Current Nginx Version: 1.27.1 (120924-091911-almalinux9-kvm-6e9f456)
    
    Install which version of Nginx? (version i.e. type 1.27.1): 1.27.1
    
    Do you still want to continue? [y/n] y
    


    Right now for Centmin Mod Nginx HTTP/3 QUIC support, the 2 recommended crypto libraries are switching to either quicTLS OpenSSL fork for Centmin Mod 131.00stable or using Amazon AWS-LC crypto libraries for Centmin Mod 140.00beta01. Essentially, Amazon AWS-LC is only supported for Centmin Mod 140.00beta01 on EL8/EL9.

    Enable Centmin Mod Nginx HTTP/3 QUICK with quicTLS OpenSSL fork



    On Centmin Mod 131.00stable or 140.00beta01. For quicTLS OpenSSL 1.1.1w QUIC fork for Nginx HTTP/3 set with OPENSSL_SYSTEM_USE='n' and NGINX_QUIC_SUPPORT='y' and OPENSSL_QUIC_VERSION='OpenSSL_1_1_1w+quic' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4. However, OpenSSL 1.1.1w is end of life (EOL), so you should use a newer quicTLS OpenSSL 3.x version which are slower than 1.1.1 versions due to performance regressions but OpenSSL 3.3 is faster than 3.2 which is faster than 3.1 which is faster than 3.0 but all are still slower than OpenSSL 1.1.1 which for some workloads can be up to 10x faster than OpenSSL 3.x.

    Then check nginx -V command output and also check for --with-http_v3_module
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-163123-almalinux8-kvm-af1a938-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 1.1.1w+quic  11 Sep 2023
    


    With quicTLS OpenSSL 3.1.7 QUIC fork for Nginx HTTP/3 when set with OPENSSL_SYSTEM_USE='n' and NGINX_QUIC_SUPPORT='y' and OPENSSL_QUIC_VERSION='openssl-3.1.7+quic' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4. Currently quicTLS OpenSSL 3.1.7 is latest version from Releases ยท quictls/openssl

    Then check nginx -V command output and also check for --with-http_v3_module
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.1 (120924-091911-almalinux9-kvm-6e9f456)
    built by gcc 13.3.1 20240611 (Red Hat 13.3.1-2) (GCC)
    built with OpenSSL 3.1.7+quic 3 Sep 2024
    


    Enable Centmin Mod Nginx HTTP/3 QUICK with Amazon AWS-LC crypto



    For Centmin Mod 140.00beta01 or higher with EL8/EL9 only. For AWS-LC for Nginx HTTP/3 set with OPENSSL_SYSTEM_USE='n' and AWS_LC_SWITCH='y' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4

    Then check nginx -V command output and also check for --with-http_v3_module
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.1 (120924-103035-almalinux9-kvm-6e9f456)
    built by gcc 13.3.1 20240611 (Red Hat 13.3.1-2) (GCC)
    built with OpenSSL 1.1.1 (compatible; AWS-LC 1.34.2) (running with AWS-LC 1.34.2)
    


    Example for full nginx -V output

    Manually Configure Centmin Mod Nginx Vhosts For HTTP/3 QUIC



    Once you have Centmin Mod Nginx built with quicTLS OpenSSL HTTP/3 QUIC support, you need to manually edit each Centmin Mod Nginx vhost's HTTPS SSL config file (/user/local/nginx/conf/conf.d/domain.com.ssl.conf) to add an additional listen directive and Alt-Svc header directive. Note, if you later switch away to a crypto library that does not support HTTP/3 QUIC i.e. going back from quicTLS or AWS-LC to OpenSSL, then Nginx server will fail to start up until you remove those manually added HTTP/3 QUIC related listen directives and Alt-Svc headers.

    So for domain.com Centmin Mod Nginx vhost find the server{} context for port 443

    And change from
    Code (Text):
    server {
      listen 443 SSL http2;
      server_name domain.com www.domain.com;
    
    

    change to below adding listen 443 quic reuseport;, you can also move http2 parameter that is deprecated to it's own http2 directive.
    Code (Text):
    server {
      listen 443 quic reuseport;
      listen 443 ssl;
      http2 on;
      server_name domain.com www.domain.com;
    
    

    Now you can only use reuseport once per IP/port pairing. So the listen 443 and reuseport parameter can only exist in one Nginx vhost config file for the entire server. For all other Nginx vhost config files you would just use below i.e. for domain2.com minus the reuseport paramter.
    Code (Text):
    server {
      listen 443 quic;
      listen 443 ssl;
      http2 on;
      server_name domain2.com www.domain2.com;
    
    



    Then you need to add the Alt-Svc header directive to location contexts that are appropriate for your web application setup. This Alt-Svc header tells web browsers that Centmin Mod Nginx server supports HTTP/3 QUIC on port 443.
    Code (Text):
    add_header Alt-Svc 'h3=":443"; ma=86400';


    The default web root location context in the default Centmin Mod Nginx vhost would look like this. If your web app has other location contexts set up, you must also add the Alt-Svc header in those contexts.
    Code (Text):
      location / {
      add_header Alt-Svc 'h3=":443"; ma=86400';
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    

    Then run Nginx config check command, nginx -t before restarting Nginx server
    Code (Text):
    nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    

    Restart Nginx service via Centmin Mod command shortcut
    Code (Text):
    ngxrestart
    Redirecting to /bin/systemctl restart nginx.service
    

    Or via systemctl commnad
    Code (Text):
    systemctl restart nginx
    

    Then test site using HTTP/3 test site at https://http3check.net/

    Centmin Mod Nginx Crypto Library Support List



    Here's a breakdown of HTTP/3 QUIC support for each crypto library:
    • OpenSSL 3.0, 3.1, 3.2, 3.3. Centmin Mod 124.00stable max supported OpenSSL 3.0. Centmin Mod 130.00beta01, 131.00stable, 140.00beta01 or newer for OpenSSL 3.1, 3.2 and 3.3 support. Has dual RSA+ECDSA SSL certificate and OCSP stapling support. No Nginx HTTP/3 QUIC support. Centmin Mod Nginx by default uses OpenSSL.
    • LibreSSL. Centmin Mod 124.00stable/130.00beta01/131.00stable/140.00beta01 supported. Has dual RSA+ECDSA SSL certificate and OCSP stapling support. Nginx HTTP/3 QUIC supported in Centmin Mod 130.00beta01/131.00stable/140.00beta01 or newer. LibreSSL is the slowest performing crypto library so do not advise using.
    • BoringSSL. Centmin Mod 130.00beta01/131.00stable/140.00beta01 or latest BoringSSL supported. You lose dual RSA+ECDSA SSL certificate and OCSP stapling support compared to OpenSSL. Nginx HTTP/3 QUIC supported in Centmin Mod 130.00beta01/131.00stable/140.00beta01 or newer.
    • quicTLS OpenSSL 1.1.1/3.1.5 HTTP/3 QUIC fork. Centmin Mod 130.00beta01/131.00stable/140.00beta01 or higher only supported. Has dual RSA+ECDSA SSL certificate and OCSP stapling support. Nginx HTTP/3 QUIC supported in Centmin Mod 130.00beta01/131.00stable/140.00beta01 or newer. The quicTLS OpenSSL fork is the main library that official Nginx development has focused on as of writing.
    • Amazon's AWS-LC crypto libraries which is based on BoringSSL + OpenSSL 1.1.1 for HTTP/3 QUIC support. EL8/EL9 only + Centmin Mod 140.00beta01 or higher only supported. AWS-LC is listed as having dual RSA+ECDSA SSL certificate (currently not working properly) and OCSP stapling support like OpenSSL. Nginx HTTP/3 QUIC supported in Centmin Mod 140.00beta01 or newer.
    • When you loose dual RSA+ECDSA SSL certificate and have both RSA 2048bit and ECDSA 256bit SSL certificates issuance and installed when you enable DUALCERTS='y' in persistent config file /etc/centminmod/custom_config.inc, Centmin Mod will only serve visitors the ECDSA 256bit SSL certificate and not conditional serve RSA 2048bit when web browsers or clients do not support ECDSA 256bit SSL certificates. Only a concern if you have visitor traffic that is using very very old browsers and devices and only a concern if you aren't using Cloudflare in front of Centmin Mod Nginx. With Cloudflare, visitors will connect to Cloudflare's Edge servers and that has proper dual SSL cert and OCSP stapling support.
    • In terms of performance currently the rank: AWS-LC > BoringSSL > OpenSSL 1.1.1/quicTLS OpenSSL 1.1.1 > OpenSSL 3.3 > OpenSSL 3.2 > OpenSSL 3.1/quicTLS OpenSSL 3.1.5 > OpenSSL 3.0/quickTLS OpenSSL 3.0 > LibreSSL
    • The current leading contender to replace OpenSSL 1.1.1 defaults is Amazon AWS-LC due to performance being better than OpenSSL 1.1.1 and it supports HTTP/3 QUIC enablement, and you don't lose dual RSA + ECDA SSL certificate support or OCSP stapling support as you do with BoringSSL (2nd place contender for replacing OpenSSL 1.1.1) with Nginx. Currently, testing AWS-LC.
    You can tell which crypto library and version is used with Centmin Mod Nginx on SSH command line type:
    Code (Text):
    nginx -V

    look for built with line which in the below example output is Centmin Mod Nginx built with AWS-LC 1.29.0 - OpenSSL 1.1.1 (compatible; AWS-LC 1.34.2) (running with AWS-LC 1.34.2) on AlmaLinux 8 with AWS_LC_SWITCH='y' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.1 (120924-103035-almalinux9-kvm-6e9f456)
    built by gcc 13.3.1 20240611 (Red Hat 13.3.1-2) (GCC)
    built with OpenSSL 1.1.1 (compatible; AWS-LC 1.34.2) (running with AWS-LC 1.34.2)
    

    This example is built with system OpenSSL 3.07 on AlmaLinux 9. System OpenSSL versions without the FIPS label
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (140724-004656-almalinux9-kvm-2425f5d)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 3.0.7 1 Nov 2022
    

    You can verify it's system OpenSSL version via rpm command
    Code (Text):
    rpm -q openssl
    openssl-3.0.7-27.el9.x86_64
    

    This example is built with system OpenSSL 1.1.1k FIPS on AlmaLinux 8. System OpenSSL versions usually will also be labelled with FIPS
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-001808-almalinux8-kvm-42a6e88-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 1.1.1k  FIPS 25 Mar 2021
    

    You can verify it's system OpenSSL version via rpm command
    Code (Text):
    rpm -q openssl
    openssl-1.1.1k-9.el8_7.x86_64
    

    Example with OpenSSL 3.2.1 on AlmaLinux 8
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-155110-almalinux8-kvm-af1a938-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 3.2.1 30 Jan 2024
    

    Example with BoringSSL on AlmaLinux 8 when you enable it via BORINGSSL_SWITCH='y' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-160228-almalinux8-kvm-af1a938-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
    

    Example with LibreSSL on AlmaLinux 8 when set with LIBRESSL_SWITCH='y' and LIBRESSL_VERSION='3.8.4' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-160903-almalinux8-kvm-af1a938-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with LibreSSL 3.8.4
    

    Example with LibreSSL on AlmaLinux 8 when set with LIBRESSL_SWITCH='y' and LIBRESSL_VERSION='3.9.2' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-161343-almalinux8-kvm-af1a938-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with LibreSSL 3.9.2
    

    Example with quicTLS OpenSSL 1.1.1w QUIC fork for Nginx HTTP/3 when set with OPENSSL_SYSTEM_USE='n' and NGINX_QUIC_SUPPORT='y' and OPENSSL_QUIC_VERSION='OpenSSL_1_1_1w+quic' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (200624-163123-almalinux8-kvm-af1a938-br-a71f931)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 1.1.1w+quic  11 Sep 2023
    

    Example with quicTLS OpenSSL 3.0.14w QUIC fork for Nginx HTTP/3 when set with OPENSSL_SYSTEM_USE='n' and NGINX_QUIC_SUPPORT='y' and OPENSSL_QUIC_VERSION='openssl-3.0.14+quic' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.0 (270624-021323-almalinux9-kvm-7e168f1)
    built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
    built with OpenSSL 3.0.14 4 Jun 2024
    

    Seems for, Nginx -V isn't showing OpenSSL 3.0.14w+quic but OpenSSL 3.0.14 but inspecting nginx binary does show it using it for libssl.so.3 and libcrypto.so.3 paths to /opt/openssl-quic/lib
    Code (Text):
    ldd $(which nginx)
            linux-vdso.so.1 (0x00007ffe1cdbd000)
            libssl.so.3 => /opt/openssl-quic/lib/libssl.so.3 (0x00007fdf53757000)
            libcrypto.so.3 => /opt/openssl-quic/lib/libcrypto.so.3 (0x00007fdf53200000)
            libjemalloc.so.2 => /lib64/libjemalloc.so.2 (0x00007fdf52e00000)
            libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007fdf5371d000)
            libpcre.so.1 => /usr/local/nginx-dep/lib/libpcre.so.1 (0x00007fdf52a00000)
            libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007fdf536de000)
            libatomic_ops.so.1 => /lib64/libatomic_ops.so.1 (0x00007fdf53aed000)
            libc.so.6 => /lib64/libc.so.6 (0x00007fdf52600000)
            libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdf53ae8000)
            /lib64/ld-linux-x86-64.so.2 (0x00007fdf53b03000)
    

    Example with quicTLS OpenSSL 3.1.7 QUIC fork for Nginx HTTP/3 when set with OPENSSL_SYSTEM_USE='n' and NGINX_QUIC_SUPPORT='y' and OPENSSL_QUIC_VERSION='openssl-3.1.7+quic' in the persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 4
    Code (Text):
    nginx -V
    nginx version: nginx/1.27.1 (120924-091911-almalinux9-kvm-6e9f456)
    built by gcc 13.3.1 20240611 (Red Hat 13.3.1-2) (GCC)
    built with OpenSSL 3.1.7+quic 3 Sep 2024
    
     
    Last edited: Sep 12, 2024
  2. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    3:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you have questions or issues please post them in the dedicated Nginx, PHP-FPM & MariaDB MySQL forum along with the required information below:

    • CentOS Version: i.e. CentOS 7 64bit / AlmaLinux / Rocky Linux 8/9 ?
    • Centmin Mod Version Installed: i.e. 124.00stable or 130.00beta01 or 131.00stable or 140.00beta01. Run command:
      Code (Text):
      cminfo versions
    • Nginx Version Installed: i.e. 1.25.4, 1.24.0, 1.26.2, 1.27.1 ? Run command and post output in QUOTE BBCODE tags:
      Code (Text):
      nginx -V
    • PHP Version Installed: i.e. 7.3.33, 7.4.33, 8.0.30, 8.1.29, 8.2.23, 8.3.11. Run command and post output in CODE/CODEB BBCODE tags:
      Code (Text):
      php -v
    • MariaDB MySQL Version Installed: i.e. 10.3.xx or 10.4.xx or 10.6.xx. Run command and post output in CODE/CODEB BBCODE tags:
      Code (Text):
      mysqladmin ver
    • When was last time updated Centmin Mod code base ? : i.e. run centmin.sh menu option 23 submenu option 2 or cmupdate command
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command:
      Code (Text):
      cat /etc/centminmod/custom_config.inc
      

      Post output in CODE or CODEB bbcode tags.
    Sensitive Info

    For /etc/centminmod/custom_config.inc persistent file contents, you may have setup private sensitive information i.e. API keys, etc so filter those out if applicable before posting publicly on forums etc.

    Nginx Upgrade Log

    If the issue is during centmin.sh menu option 4 compilation, I would need the nginx upgrade log to troubleshoot as outlined at https://community.centminmod.com/threads/how-to-troubleshoot-nginx-installs-upgrades.17778/.
     
Thread Status:
Not open for further replies.