Join the community today
Register Now

Install Upgrade Nginx and PHP versions and update process

Discussion in 'Install & Upgrades or Pre-Install Questions' started by thenads, Apr 20, 2017.

  1. thenads

    thenads New Member

    4
    1
    3
    Apr 16, 2017
    Ratings:
    +2
    Local Time:
    10:32 AM
    I am about to have a play about with Centmin Mod and I have a couple of queries regarding the source versions of Nginx and PHP before I start.

    My preference is to let Yum deal with package updates so I am wondering how practical it would be to switch out the Source versions of Nginx and PHP to versions that are available from the repo's so that these packages can be updated by Yum? Apologies if this has been asked before somewhere (I did have a quick look but I found no info).

    If this is not going to be a practical option I am wondering what the update process is with the Centmin Mod source versions?

    Do you have to sign up to and news feeds and then manually login to ssh to do the updating of these packages or is there a way to get it automated, perhaps by a cron job?

    Lastly, would I be correct in assuming that it will be reasonably straight forward to just disable FTP and CSF?

    Thanks in advance.
     
  2. pamamolf

    pamamolf Well-Known Member

    2,487
    229
    63
    May 31, 2014
    Ratings:
    +390
    Local Time:
    12:32 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Using sources i think helps most for flexibility reasons.

    It is very easy to install a new version that is out and you don't have to wait for the repo to be updated ....

    Also downgrade is very easy.....

    Other than that is more easy to use some parameters for installation and in general more custom configuration...

    Automating such process using cron doesn't sound as a good idea for me .

    Disabling csf and ftp is very simple and you will need one command for each.

    Keep in mind that i am not expert and it will be better to wait for a reply from eva :)
     
  3. thenads

    thenads New Member

    4
    1
    3
    Apr 16, 2017
    Ratings:
    +2
    Local Time:
    10:32 AM
    Thanks for the info on CSF and FTP.

    I only use Centos for KVM host servers these days and I have them all set to auto update. I know people have differing views about auto updating, but I am not running critical banking or heath care IT infrastructure.

    Using package managers I have had no issues in many years of auto updating Centos (5 & 6 - with only centos repos, admittedly) and Debian security repo updates. A cron job to update PHP and Niginx could be high risk though I will accept that.

    I am really interested how people deal with updating their Centmin mod systems if they have a few of them running. I don't have many servers at the moment, but if I ended up with a few of them running I would prefer to go the route of setting up a separate repository for the Centmin Mod servers to get their updates from, and only push updates when I know the update wont cause any issues after some testing.
     
  4. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:32 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod won't work with YUM package supplied Nginx and PHP-FPM as it expects Nginx and PHP-FPM files in a certain place with certain configuration that is very different from YUM distro supplied packages.

    Official site FAQ item 18 explains why source compiles are used by Centmin Mod
    see below replies
    Right now there's no way to auto php-fpm updates, there's a nginx update script but hasn't really been tested yet.

    Best place is watching/subscribe to the software news forums all nginx, php and centos relevant updates especially for security get posted to them https://community.centminmod.com/categories/software-news.17/. Each forum has a RSS icon next to it's last thread linked name, so you can even subscribe within your RSS feed aggregator/app or mobile/desktop etc. This also helps if you are able to read and see feedback from other users who have updated a specific Nginx or PHP version so you can see if there are issues with update process i.e. recent Nginx 1.11.11 update and bugs

    Just look at past threads posted for nginx, php, mariadb, centos security, openssl, libressl updates as an example. Also if it's security or critical updates, I will send out a forum mailing to all forum members, then to web push browser notifications if you subscribed and then to all Centmin Mod social media accounts (top right header of forum has links).

    You can also get creative and setup your own private Slack channels for feeding RSS updates into dedicated Slack channels so you get Slack updater alerts via Slack desktop and mobile apps :)

    Just some of the dedicated Slack channels I setup to get alerts straight from the devloper source or get security and product announcements as well as site monitoring ping/healthcheck and uptime alerts from various services :)

    slack-nginx-updates-channels.png

    If you use Centmin Mod 123.09beta01, there's also in shell native updater alerts when you log in via SSH for yum and centmin mod updates as well as when you exit centmin.sh menu

    example of exiting centmin.sh menu option 24 when there are system yum updates
    Code (Text):
     checking for YUM updates... please wait...
    
    -------------------------------------------------------------
      New YUM Updates available for host xeon.centminmod
    -------------------------------------------------------------
      To list available YUM Updates type:
    -------------------------------------------------------------
      yum list updates --disableplugin=priorities --enablerepo=remi
    
    -------------------------------------------------------------
      To update type:
    -------------------------------------------------------------
      yum update --disableplugin=priorities --enablerepo=remi
    
    -------------------------------------------------------------
     Centmin Mod local code is up to date at /usr/local/src/centminmod
     no available updates at this time...
    -------------------------------------------------------------
    

    example of when you log into Centmin Mod 123.09beta01 server when no Centmin Mod code updates in /usr/local/src/centminmod are available
    Code (Text):
    ===============================================================================
     Centmin Mod local code is up to date at /usr/local/src/centminmod
     no available updates at this time...
    ===============================================================================
    

    when updates are available
    Code (Text):
    ===============================================================================
     Centmin Mod code updates available for /usr/local/src/centminmod
     to update re-run centmin.sh menu option 23 submenu option 2
    ===============================================================================
    

    if updates for Centmin Mod code available can use centmin.sh menu option 23 submenu option 2 or just git pull from command line as both do same thing i.e.
    Code (Text):
    cd /usr/local/src/centminmod
    git stash
    git pull
    


    For Pure-ftpd see Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS
    For CSF Firewall, I highly recommend you do not disable it for security reasons and for the fact that Centmin Mod manages and auto configures it's installed software for proper CSF Firewall whitelisting and setup. Otherwise, you would end up having to manually configure your replacement firewall software for proper whitelisting and ports for Centmin Mod installed software.
     
    Last edited: Apr 21, 2017
  5. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:32 PM
    Nginx 1.13.x
    MariaDB 5.5
  6. thenads

    thenads New Member

    4
    1
    3
    Apr 16, 2017
    Ratings:
    +2
    Local Time:
    10:32 AM
    Thanks for the detailed response. I think I already knew that a Yum managed version of Nginx and PHP was not going to be a possibility.

    With regard to the CSF I was not proposing to run a server without a firewall I just prefer to manually configure iptables and fail2ban.
     
  7. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:32 PM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, CSF Firewall is just a wrapper that interfaces with underlying iptables, so you can still use iptables with CSF Firewall running. You can even setup iptables rules to load before CSF Firewall does via /etc/csf/csfpre.sh script setup i.e. OVH - OVH ICMP Ping Whitelist for CSF Firewall

    just list the existing iptables rules CSF Firewall already sets up so that you don't duplicate and overlap before doing so
    Code (Text):
    iptables -L
    

    and
    Code (Text):
    csf -l
    

    both list iptable rules