Nginx [nginx-announce] nginx-1.9.12

Changes with nginx 1.9.12 24 Feb 2016

Code:

*) Feature: Huffman encoding of response headers in HTTP/2.
Thanks to Vlad Krasnov.

*) Feature: the "worker_cpu_affinity" directive now supports more than
64 CPUs.

*) Bugfix: compatibility with 3rd party C++ modules; the bug had
appeared in 1.9.11.
Thanks to Piotr Sikora.

*) Bugfix: nginx could not be built statically with OpenSSL on Linux;
the bug had appeared in 1.9.11.

*) Bugfix: the "add_header ... always" directive with an empty value did
not delete "Last-Modified" and "ETag" header lines from error
responses.

*) Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f.

*) Bugfix: invalid headers might be logged incorrectly.

*) Bugfix: socket leak when using HTTP/2.

*) Bugfix: in the ngx_http_v2_module.


--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce

Continue reading...

---

 

here we go again

centmin.sh menu option 4 to update to nginx 1.9.12. I would also suggest you update centmin mod code first to ensure you have latest code via centmin.sh menu option 23 submenu options 1+2 or 2 as outlined here.

Code:

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                  
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 4
--------------------------------------------------------

 

on centmin mod 123.08stable updated nginx 1.9.12 options (ngx_pagespeed and lua nginx disabled out of box default as per Nginx 1.9.11 dynamic module compatibility | Centmin Mod Community )

Nginx 1.9.12 issues with LibreSSL

edit: looks like nginx 1.9.12 failed to build on centmin mod 123.08stable as nginx 1.9.11 is reported at the end and sees compile bailed out just at make stage

seems doesn't like LibreSSL 2.2.6 maybe due to openssl specific changes in nginx 1.9.12 ?

Code:

make[3]: Leaving directory `/svr-setup/libressl-2.2.6/apps'
Making all in tests
make[3]: Entering directory `/svr-setup/libressl-2.2.6/tests'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/svr-setup/libressl-2.2.6/tests'
Making all in man
make[3]: Entering directory `/svr-setup/libressl-2.2.6/man'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/svr-setup/libressl-2.2.6/man'
make[3]: Entering directory `/svr-setup/libressl-2.2.6'
make[3]: Nothing to be done for `all-am'.
make[3]: Leaving directory `/svr-setup/libressl-2.2.6'
make[2]: Leaving directory `/svr-setup/libressl-2.2.6'
make[2]: Entering directory `/svr-setup/libressl-2.2.6'
make[2]: *** No rule to make target `install_sw'.  Stop.
make[2]: Leaving directory `/svr-setup/libressl-2.2.6'
make[1]: *** [../libressl-2.2.6/.openssl/include/openssl/ssl.h] Error 2
make[1]: Leaving directory `/svr-setup/nginx-1.9.12'
make: *** [build] Error 2

real    0m18.273s
user    0m37.787s
sys     0m8.540s

strip nginx binary...
ls: cannot access objs/nginx: No such file or directory
strip: 'objs/nginx': No such file
ls: cannot access objs/nginx: No such file or directory

specific error

Code:

make[1]: *** [../libressl-2.2.6/.openssl/include/openssl/ssl.h] Error 2

Still 1.9.11 after update as 1.9.12 failed to compile

Test with OpenSSL instead of LibreSSL

Lets confirm it's LibreSSL 2.2.6 related by switching Centmin Mod Nginx back from LibreSSL to using OpenSSL 1.0.2f+. Edit or create persistent config file /etc/centminmod/custom_config.inc and set in it

Code:

LIBRESSL_SWITCH='n'

This tells centmin.sh menu to switch back from LibreSSL based Nginx to using OpenSSL 1.0.2f+ based Nginx. Then re-run centmin.sh menu option 4 to recompile Nginx 1.9.12

The result is Nginx 1.9.12 works with OpenSSL 1.0.2f and problem is LibreSSL related.

 

yeah confirmed and updated post above Nginx - [nginx-announce] nginx-1.9.12 | Centmin Mod Community with OpenSSL switch back and that works. Just LibreSSL doesn't with Nginx 1.9.12

Submitted an official ticket at #908 (Nginx 1.9.12 fails to compile against LibreSSL 2.2.6) – nginx

 

darn

looks like I have to come up with a solution now with Nginx 1.9.12 and higher !

only way for Centmin Mod users right now is for switching Centmin Mod Nginx back from LibreSSL to using OpenSSL 1.0.2f+. Edit or create persistent config file /etc/centminmod/custom_config.inc and set in it. For Centmin Mod 123.09beta01 only, need cloudflare patch for chacha20 support in OpenSSL 1.0.2f too. Doesn't work on Centmin Mod 123.08stable

Code:

LIBRESSL_SWITCH='n'
CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig

This tells centmin.sh menu to switch back from LibreSSL based Nginx to using OpenSSL 1.0.2f+ based Nginx. Then re-run centmin.sh menu option 4 to recompile Nginx 1.9.12

Already updated Centmin Mod 123.09beta01 code to use Nginx 1.9.12 default and set LIBRESSL_SWITCH='n' out of box to revert back to using OpenSSL for now Beta Branch - update nginx 1.9.12 default switch back to openssl. Until a solution can be found on my end.

 

Nginx 1.9.12 with OpenSSL defaults

Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Nginx 1.9.12. Due to Nginx 1.9.12 breaking LibreSSL support, I have switched Centmin Mod's Nginx build back from LibreSSL to OpenSSL 1.0.2f via setting LIBRESSL_SWITCH='n' as default. You'll notice longer Nginx compile/recompile times as Nginx compiled against OpenSSL takes much longer than against LibreSSL. So to update to Nginx 1.9.12, update Centmin Mod 123.08stable or 123.09beta01 latest code first BEFORE running centmin.sh menu option 4.

Backport to 123.08stable

LibreSSL had native chacha20_poly1305 ssl cipher support for SSL. But OpenSSL 1.0.2f doesn't. Centmin Mod 123.09beta01 supports patching OpenSSL 1.0.2+ with Cloudflare's official patch they use to add chacha20 support to OpenSSL 1.0.2. This is set via switch in centmin.sh. You can set this via persistent config file /etc/centminmod/custom_config.inc and set.

Code:

CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig

I have backported this patch routine into Centmin Mod 123.08stable however for stable it's default to disabled with

Code:

CLOUDFLARE_PATCHSSL='n' 

If you are on 123.08stable and need chacha20 support for SSL, you can set this via persistent config file /etc/centminmod/custom_config.inc

Code:

CLOUDFLARE_PATCHSSL='y' 

and then run centmin.sh menu option 4 to update to Nginx 1.9.12

To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:

• Centmin Mod 1.2.3-eva2000.08 stable install & update thread
• Centmin Mod 123.09beta thread

 

Example of updating Centmin Mod code as outlined at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS via centmin.sh menu option 23 submenu option 1+2 or 2

Code:

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                 
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 23
--------------------------------------------------------

Code:

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu            
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------

If you already run submenu option 1 prior, then you can just run submenu option 2.

Code:

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu            
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ] 2
--------------------------------------------------------

Updating Current Centmin Mod code branch via git
        cd /usr/local/src/centminmod
        git stash
        git pull
        chmod +x centmin.sh
No local changes to save
From https://github.com/centminmod/centminmod
   d25f644..3d87839  123.08stable -> origin/123.08stable
   68c2a57..76b98ed  123.09beta01 -> origin/123.09beta01
   8fd10bf..0f90b19  master     -> origin/master
Updating d25f644..3d87839
Fast-forward
centmin.sh              |  4 ++--
inc/nginx_addvhost.inc  |  7 ++++++-
inc/openssl_install.inc | 33 +++++++++++++++++++--------------
inc/wpsetup.inc         |  7 ++++++-
tools/nv.sh             |  7 ++++++-
tools/nvwp.sh           |  7 ++++++-
6 files changed, 45 insertions(+), 20 deletions(-)

You can see the updated files on your local /usr/local/src/centminmod directory that I updated to backport cloudflare chacha20 patch support and to update to Nginx 1.9.12 defaults.

Then exit out of all menus via menu option 4 or 24 until you return to SSH command prompt. Then re-change back into /usr/local/src/centminmod directory and run centmin.sh again to run menu option 4 to update Nginx

Code:

cd /usr/local/src/centminmod
./centmin.sh

If you curious you can also see commit logs if you change into /usr/local/src/centminmod and run the git log commands

Code:

cd /usr/local/src/centminmod
git log -4

 

only if you DO NOT update to latest 123.09beta01 code. If you did update to laetst 123.09beta01 as per Nginx - [nginx-announce] nginx-1.9.12 | Centmin Mod Community then that is already set to yes for cloudflare patch. That's why it's good to always update your centmin mod code before running any centmin.sh menu options

 

Testing on latest updated and backported Centmin Mod 123.08stable if Cloudflare chacha20 patched OpenSSL 1.0.2f is in play. Setup a test Nginx vhost via /usr/bin/nv command with self-signed SSL vhost generated as outlined here.

First after updating centmin mod code, run centmin.sh once so it can update /usr/bin/nv command. Then exit centmin.sh. Now /usr/bin/nv command has been updated.

You can create dummy Nginx vhost with self-signed SSL using SSH command line where -s y means yes auto generate the Nginx vhost with HTTP/2 based self-signed SSL certificates and -u ftpusername is your pure-ftpd virtual ftp username and -d is domain name you want Nginx vhost created for.

Code:

nv -d testdomain.com -s y -u ftpusername

output

Code:

vhost for testdomain.com created successfully

domain: http://testdomain.com
vhost conf file for testdomain.com created: /usr/local/nginx/conf/conf.d/testdomain.com.conf

vhost ssl for testdomain.com created successfully

domain: https://testdomain.com
vhost ssl conf file for testdomain.com created: /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.csr

upload files to /home/nginx/domains/testdomain.com/public
vhost log files directory is /home/nginx/domains/testdomain.com/log

-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/

         
Feb 24  17:58   1.1K   demodomain.com.conf
Feb 24  17:58   845    ssl.conf
Feb 24  17:58   1.6K   virtual.conf
Feb 24  18:11   3.2K   testdomain.com.ssl.conf
Feb 24  18:11   1.6K   testdomain.com.conf

-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/testdomain.com

         
Feb 24  18:09   1.7K   testdomain.com.key
Feb 24  18:09   964    testdomain.com.csr
Feb 24  18:09   1.2K   testdomain.com.crt
Feb 24  18:11   424    dhparam.pem

-------------------------------------------------------------
Commands to remove testdomain.com

rm -rf /usr/local/nginx/conf/conf.d/testdomain.com.conf
rm -rf /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.crt
rm -rf /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.key
rm -rf /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.csr
rm -rf /usr/local/nginx/conf/ssl/testdomain.com
rm -rf /home/nginx/domains/testdomain.com
service nginx restart
-------------------------------------------------------------

Check SSL nginx vhost file /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf to see if chacha20 cipher set. Looks like it NOT using the patch for chacha20 for 123.08stable, could be due to /etc/centminmod/custom_config.inc not overriding centmin.sh value in 123.08stable as there was a few improvements there made to 123.09beta01 too

in /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf first cipher wasn't chacha20 related

Code:

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:

should be something like for 1st listed cipher

Code:

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305

will switch to centmin mod 123.09beta01 via centmin.sh menu option 23 submenu option 3 and try again and see

Code:

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu      
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + WP Super Cache
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 23
--------------------------------------------------------

Code:

--------------------------------------------------------
        Centmin Mod Updater Sub-Menu   
--------------------------------------------------------
1). Setup Centmin Mod Github Environment
2). Update Centmin Mod Current Branch
3). Update Centmin Mod Newer Branch
4). Back to Main menu
--------------------------------------------------------
Enter option [ 1 - 4 ] 3
--------------------------------------------------------

Update Centmin Mod to newer branch via git
You need to input the name of the branch
List of current remote branches by descending date order

2016-02-25 03:36:05 +1000 41 minutes ago        master
2016-02-25 03:36:05 +1000 41 minutes ago        master
2016-02-25 03:35:55 +1000 41 minutes ago        123.08stable
2016-02-25 03:17:58 +1000 59 minutes ago        123.09beta01
2016-02-04 03:57:20 +1000 3 weeks ago   123.09beta01le4

Enter the branch name you want to switch to i.e. 123.08beta03 : 123.09beta01

Once switched to 123.09beta01, exit out of all menus via menu option 4 or 24 until you return to SSH command prompt. Then re-change back into /usr/local/src/centminmod directory and run centmin.sh again once to update any new changes to 123.09beta01 (updating sshd, setting primary/secondary email and csf updates) before exiting centmin.sh again

Code:

cd /usr/local/src/centminmod
./centmin.sh

Now you'll be on 123.09beta01

Code:

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu            
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ]
--------------------------------------------------------

Now re-try testing chacha20 patch via another /usr/bin/nv Nginx vhost site generation

Code:

nv -d testdomain2.com -s y -u ftpusername2 

check /usr/local/nginx/conf/conf.d/testdomain2.com.ssl.conf SSL vhost and still missing chacha20 ciphers for 1st entry at

Code:

 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256

Guess I need to double check my nginx vhost auto generation routines

Okay commited a fix to 123.08stable and 123.09beta01 for cloudflare chacha20 patch, git update as already have git environment setup via centmin.sh menu option 23 submenu option 1. Or you can use centmin.sh menu option 23 submenu option 2.

Code:

cd /usr/local/src/centminmod
git stash
git pull

Code:

git stash
No local changes to save

git pull
remote: Counting objects: 9, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 9 (delta 7), reused 9 (delta 7), pack-reused 0
Unpacking objects: 100% (9/9), done.
From https://github.com/centminmod/centminmod
   76b98ed..6ba65ef  123.09beta01 -> origin/123.09beta01
   3d87839..dd8941e  123.08stable -> origin/123.08stable
   0f90b19..33746af  master     -> origin/master
Updating 76b98ed..6ba65ef
Fast-forward
inc/openssl_install.inc | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

now re-compile nginx via centmin.sh menu option 4 for proper cloudflare patch support

Then 3rd time lucky create dummy nginx vhost to check if chacha20 ciphers get populated automatically on Nginx HTTP/2 SSL vhost generation

Code:

nv -d testdomain3.com -s y -u ftpusername3

Unfortunately, still not

Looks like it's bug specific to /usr/bin/nv command line Nginx vhost generation. If i use centmin.sh menu option 2 to create testdomain4.com with HTTP/2 self-signed vhost it shows up !

Code:

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                 
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2...
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 2
--------------------------------------------------------

Code:

Enter vhost domain name to add (without www. prefix): testdomain4.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: y

Create FTP username for vhost domain (enter username): ftpuser4
Auto generate FTP password (recommended) [y/n]: y

In testdomain4.com SSL vhost /usr/local/nginx/conf/conf.d/testdomain4.com.ssl.conf the 1st cipher listed is chacha20 related

Code:

 ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305

Edit: committed updates to 123.08stable and 123.09beta01 to fix /usr/bin/nv detection of cloudflare chacha20 patched openssl 1.0.2f+ Beta Branch - fix /usr/bin/nv detection of cloudflare chacha patched openssl | Centmin Mod Community

 

yes

 

Final part fixed, committed updates to 123.08stable and 123.09beta01 to fix /usr/bin/nv detection of cloudflare chacha20 patched openssl 1.0.2f+ Beta Branch - fix /usr/bin/nv detection of cloudflare chacha patched openssl | Centmin Mod Community

 

Unfortunately, can't help you with non-Centmin Mod Nginx builds - but strange you ended up with that heh

my sslspdy.com site is first site on centmin mod 123.09beta01 to update Nginx 1.9.12 with new fixes and switch back to OpenSSL 1.0.2f

confirmed that Cloudflare chacha20_poly1305 patch for OpenSSL 1.0.2f is applied according to ssllabs test. FYI , using older chacha20 version hence ssllab prefixes with OLD_



Unlike with LibreSSL chacha20, OpenSSL 1.0.2f cloudflare patched only uses it for Chrome mobile devices as AES-NI hardware assisteance support for desktops is faster but chacha20 is faster for lower powered mobile devices.

 

This forum is 2nd site of mine to jump on updated Centmin Mod 123.09beta01 code with Nginx 1.9.12 and switch back to OpenSSL 1.0.2f but I have re-enabled ngx_pagespeed as dynamic module and ngx_brotli module support too via /etc/centminmod/custom_config.inc settings

Code:

NGINX_LIBBROTLI=y
NGXDYNAMIC_NGXPAGESPEED=y
NGINX_PAGESPEED=y
NGXPGSPEED_VER='1.10.33.5-beta'
NGINX_PAGESPEEDPSOL_VER='1.10.33.5'

compile time was much longer with OpenSSL than LibreSSL unfortunately One of reasons I originally switched to LibreSSL was faster compile times

Code:

Total Nginx Upgrade Time: 422.441585058 seconds

CentOS 6.7 64bit on 4GB Linode KVM VPS running latest updated Centmin Mod 123.09beta01 branch LEMP stack

dynamic modules loaded

Code:

dynamic module directory at /usr/local/nginx/modules
total 17M
drwxr-xr-x  2 root root 4.0K Feb 18 18:12 .
drwxr-xr-x 10 root root 4.0K Feb 18 18:12 ..
-rwxr-xr-x  1 root root 127K Feb 24 19:51 ngx_http_geoip_module.so
-rwxr-xr-x  1 root root 138K Feb 24 19:51 ngx_http_image_filter_module.so
-rwxr-xr-x  1 root root  17M Feb 24 19:51 ngx_pagespeed.so
-rwxr-xr-x  1 root root 571K Feb 24 19:51 ngx_stream_module.so

config