Want more timely Centmin Mod News Updates?
Become a Member

Nginx [nginx-announce] nginx-1.13.0

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Apr 26, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Changes with nginx 1.13.0 25 Apr 2017

    *) Change: SSL renegotiation is now allowed on backend connections.

    *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
    directives of the mail proxy and stream modules.

    *) Feature: the "return" and "error_page" directives can now be used to
    return 308 redirections.
    Thanks to Simon Leblanc.

    *) Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.

    *) Feature: when logging signals nginx now logs PID of the process which
    sent the signal.

    *) Bugfix: in memory allocation error handling.

    *) Bugfix: if a server in the stream module listened on a wildcard
    address, the source address of a response UDP datagram could differ
    from the original datagram destination address.


    --
    Maxim Dounin
    http://nginx.org/
    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce


    Continue reading...
     
  2. RB1

    RB1 Active Member

    292
    75
    28
    Nov 11, 2016
    California
    Ratings:
    +122
    Local Time:
    12:25 AM
    Nginx 1.21.x
    MariaDB 10.1.x
    So if I'm currently on 1.11.13, 1.13.0 is the next mainline branch?
    Updating to 1.13.0 is the recommended path?
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup next mainline version after 1.11.13 is 1.13.0

    with persistent config file /etc/centminmod/custom_config.inc set to

    Code (Text):
    OPENSSL_VERSION='1.1.0e'
    LIBRESSL_SWITCH='n'
    

    testing experimental OpenSSL 1.1 TLS v1.3 draft 18 branch on Nginx 1.13.0

    Code (Text):
    openssl ciphers -V "ALL:COMPLEMENTOFALL" | grep TLSv1.3
              0x13,0x02 - TLS13-AES-256-GCM-SHA384 TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
              0x13,0x03 - TLS13-CHACHA20-POLY1305-SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
              0x13,0x01 - TLS13-AES-128-GCM-SHA256 TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
              0x13,0x05 - TLS13-AES-128-CCM-8-SHA256 TLSv1.3 Kx=any      Au=any  Enc=AESCCM8(128) Mac=AEAD
              0x13,0x04 - TLS13-AES-128-CCM-SHA256 TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD

    Code (Text):
    openssl s_client -connect domain.com:443 -CAfile /etc/ssl/certs/cacert.pem| sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/d' | sed '/Session-ID: /,/Verify return code/d'
    depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    verify return:1
    depth=0 CN = domain.com
    verify return:1
    DONE
    CONNECTED(00000003)
    ---
    Certificate chain
     0 s:/CN=domain.com
       i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
     1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
       i:/O=Digital Signature Trust Co./CN=DST Root CA X3
    ---
    Server certificate
    subject=/CN=domain.com
    issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Peer signature type: RSA-PSS
    ---
    SSL handshake has read 2967 bytes and written 302 bytes
    Verification: OK
    ---
    New, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    SSL-Session:
        Protocol  : TLSv1.3
        Cipher    : TLS13-AES-128-GCM-SHA256
        Extended master secret: no
    ---


    In Chrome Canary browser

    canary-centminmod-nginx-tls13.png

    unfortunately, OpenSSL 1.1 with TLSv1.3 support officially is some way off as only their master (draft-19) and draft-18 branches have TLSv1.3 code https://community.centminmod.com/th...l-tls-1-3-development.10898/page-2#post-48840
     
    Last edited: Apr 26, 2017
  4. RB1

    RB1 Active Member

    292
    75
    28
    Nov 11, 2016
    California
    Ratings:
    +122
    Local Time:
    12:25 AM
    Nginx 1.21.x
    MariaDB 10.1.x
    Updated!
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    lua nginx module if enabled will fallback to OpenSSL 1.0.2+ instead of OpenSSL 1.1.x right now https://community.centminmod.com/threads/11489/ if you set LIBRESSL_SWITCH='n' and set OPENSSL_VERSION to OpenSSL 1.1.x version number to opt for OpenSSL instead of default LibreSSL 2.5.x
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmm having one problem on one of my servers with nginx stream geoip module compiled as a dynamic nginx module with nginx 1.13.0
    Code (Text):
    nginx: [emerg] dlopen() "/usr/local/nginx/modules/ngx_stream_geoip_module.so" failed (/usr/local/nginx/modules/ngx_stream_geoip_module.so: undefined symbol: ngx_stream_add_variable) in /usr/local/nginx/conf/dynamic-modules.conf:7
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

    edit /usr/local/nginx/conf/dynamic-modules.conf to temp comment it out
    Code (Text):
    # place custom load_module lines in this dynamic-modules-includes.conf
    # file so that they persistent i.e. for manually dropped in dynamic modules
    include /usr/local/nginx/conf/dynamic-modules-includes.conf;
    load_module "modules/ngx_http_image_filter_module.so";
    load_module "modules/ngx_http_fancyindex_module.so";
    load_module "modules/ngx_pagespeed.so";
    #load_module "modules/ngx_stream_geoip_module.so";
    load_module "modules/ngx_http_geoip_module.so";


    On another server problems with redisbackend upstream
    Code (Text):
    nginx: [emerg] no port in upstream "redisbackend" in /usr/local/nginx/conf/rediscache_domain.com.conf:32
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    

    ah had include file in nginx.conf commented out
    Code (Text):
    #/usr/local/nginx/conf/redisupstream.conf
    


    edit: found and fixed all the problems was to do with centmin mod's check for nginx 1.9, 1.10, 1.11 and higher branches for specific nginx modules only supported in those versions i.e. nginx stream geoip module - so didn't check for nginx 1.12 and 1.13 branches so centmin mod on centmin.sh menu option 4 upgrade of nginx to 1.13.0, meant that those newer nginx modules were disabled and auto commented out the include file for redisupstream.conf and disabled nginx stream geoip module. The specific modules left out mistakenly were --with-stream=dynamic --with-stream_ssl_module

    fix at https://community.centminmod.com/th...and-1-13-compatibility-in-123-09beta01.11492/
     
    Last edited: Apr 26, 2017
  7. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    9:25 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Finished...

    Code:
    Total Nginx Upgrade Time: 124.896929503 seconds
     
  8. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    2:25 AM
    1.11.x
    10.1.18
    Seems good here!

    Code:
    Total Nginx Upgrade Time: 608.993062483 seconds
    
     
  9. RootPass

    RootPass New Member

    26
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    10:25 AM
    CentMin
    CentMin
    everything worked out ok? first time upgrading my Nginx . thanks
     
  10. KeVo

    KeVo Active Member

    180
    71
    28
    May 28, 2014
    Ratings:
    +101
    Local Time:
    2:25 AM
    1.11.x
    10.1.18
    I think it looks good. Should be all right if you aren't experiencing any errors. :)
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  12. RootPass

    RootPass New Member

    26
    3
    3
    Mar 22, 2017
    Ratings:
    +4
    Local Time:
    10:25 AM
    CentMin
    CentMin
  13. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:25 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no it won't but keeping up to date is always good :)