Learn about Centmin Mod LEMP Stack today
Register Now

Nginx [nginx-announce] nginx-1.9.12

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Feb 25, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Changes with nginx 1.9.12 24 Feb 2016
    Code:
    *) Feature: Huffman encoding of response headers in HTTP/2.
    Thanks to Vlad Krasnov.
    
    *) Feature: the "worker_cpu_affinity" directive now supports more than
    64 CPUs.
    
    *) Bugfix: compatibility with 3rd party C++ modules; the bug had
    appeared in 1.9.11.
    Thanks to Piotr Sikora.
    
    *) Bugfix: nginx could not be built statically with OpenSSL on Linux;
    the bug had appeared in 1.9.11.
    
    *) Bugfix: the "add_header ... always" directive with an empty value did
    not delete "Last-Modified" and "ETag" header lines from error
    responses.
    
    *) Workaround: "called a function you should not call" and "shutdown
    while in init" messages might appear in logs when using OpenSSL
    1.0.2f.
    
    *) Bugfix: invalid headers might be logged incorrectly.
    
    *) Bugfix: socket leak when using HTTP/2.
    
    *) Bugfix: in the ngx_http_v2_module.
    
    
    --
    Maxim Dounin
    http://nginx.org/
    
    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce
    
    Continue reading...
     
    Last edited: Feb 25, 2016
    • Like Like x 2
  2. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    here we go again :D

    centmin.sh menu option 4 to update to nginx 1.9.12. I would also suggest you update centmin mod code first to ensure you have latest code via centmin.sh menu option 23 submenu options 1+2 or 2 as outlined here.

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                  
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    on centmin mod 123.08stable updated nginx 1.9.12 options (ngx_pagespeed and lua nginx disabled out of box default as per Nginx 1.9.11 dynamic module compatibility | Centmin Mod Community )

    Nginx 1.9.12 issues with LibreSSL



    edit: looks like nginx 1.9.12 failed to build on centmin mod 123.08stable as nginx 1.9.11 is reported at the end and sees compile bailed out just at make stage

    seems doesn't like LibreSSL 2.2.6 maybe due to openssl specific changes in nginx 1.9.12 ?
    Code:
    make[3]: Leaving directory `/svr-setup/libressl-2.2.6/apps'
    Making all in tests
    make[3]: Entering directory `/svr-setup/libressl-2.2.6/tests'
    make[3]: Nothing to be done for `all'.
    make[3]: Leaving directory `/svr-setup/libressl-2.2.6/tests'
    Making all in man
    make[3]: Entering directory `/svr-setup/libressl-2.2.6/man'
    make[3]: Nothing to be done for `all'.
    make[3]: Leaving directory `/svr-setup/libressl-2.2.6/man'
    make[3]: Entering directory `/svr-setup/libressl-2.2.6'
    make[3]: Nothing to be done for `all-am'.
    make[3]: Leaving directory `/svr-setup/libressl-2.2.6'
    make[2]: Leaving directory `/svr-setup/libressl-2.2.6'
    make[2]: Entering directory `/svr-setup/libressl-2.2.6'
    make[2]: *** No rule to make target `install_sw'.  Stop.
    make[2]: Leaving directory `/svr-setup/libressl-2.2.6'
    make[1]: *** [../libressl-2.2.6/.openssl/include/openssl/ssl.h] Error 2
    make[1]: Leaving directory `/svr-setup/nginx-1.9.12'
    make: *** [build] Error 2
    
    real    0m18.273s
    user    0m37.787s
    sys     0m8.540s
    
    strip nginx binary...
    ls: cannot access objs/nginx: No such file or directory
    strip: 'objs/nginx': No such file
    ls: cannot access objs/nginx: No such file or directory
    
    specific error
    Code:
    make[1]: *** [../libressl-2.2.6/.openssl/include/openssl/ssl.h] Error 2
    Still 1.9.11 after update as 1.9.12 failed to compile

    Test with OpenSSL instead of LibreSSL



    Lets confirm it's LibreSSL 2.2.6 related by switching Centmin Mod Nginx back from LibreSSL to using OpenSSL 1.0.2f+. Edit or create persistent config file /etc/centminmod/custom_config.inc and set in it
    Code:
    LIBRESSL_SWITCH='n'
    This tells centmin.sh menu to switch back from LibreSSL based Nginx to using OpenSSL 1.0.2f+ based Nginx. Then re-run centmin.sh menu option 4 to recompile Nginx 1.9.12

    The result is Nginx 1.9.12 works with OpenSSL 1.0.2f and problem is LibreSSL related.
     
    Last edited: Feb 25, 2016
    • Like Like x 1
  4. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:11 AM
    1.9.x
    10.1.x
    Compiling it with clang right now :D
     
    • Like Like x 1
  5. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:11 AM
    1.9.x
    10.1.x
    Ya, got the same error:
    Code:
    make[3]: Leaving directory `/src/libressl-2.2.6/apps'
    Making all in tests
    make[3]: Entering directory `/src/libressl-2.2.6/tests'
    make[3]: Nothing to be done for `all'.
    make[3]: Leaving directory `/src/libressl-2.2.6/tests'
    Making all in man
    make[3]: Entering directory `/src/libressl-2.2.6/man'
    make[3]: Nothing to be done for `all'.
    make[3]: Leaving directory `/src/libressl-2.2.6/man'
    make[3]: Entering directory `/src/libressl-2.2.6'
    make[3]: Nothing to be done for `all-am'.
    make[3]: Leaving directory `/src/libressl-2.2.6'
    make[2]: Leaving directory `/src/libressl-2.2.6'
    make[2]: Entering directory `/src/libressl-2.2.6'
    make[2]: *** No rule to make target `install_sw'.  Stop.
    make[2]: Leaving directory `/src/libressl-2.2.6'
    make[1]: *** [/src/libressl-2.2.6//.openssl/include/openssl/ssl.h] Error 2
    make[1]: Leaving directory `/src/nginx-1.9.12'
    make: *** [install] Error 2
     
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
  7. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:11 AM
    1.9.x
    10.1.x
    You already created a bug report in Nginx (y)
     
  8. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:11 AM
    1.9.x
    10.1.x
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    darn :(

    looks like I have to come up with a solution now with Nginx 1.9.12 and higher !

    only way for Centmin Mod users right now is for switching Centmin Mod Nginx back from LibreSSL to using OpenSSL 1.0.2f+. Edit or create persistent config file /etc/centminmod/custom_config.inc and set in it. For Centmin Mod 123.09beta01 only, need cloudflare patch for chacha20 support in OpenSSL 1.0.2f too. Doesn't work on Centmin Mod 123.08stable
    Code:
    LIBRESSL_SWITCH='n'
    CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
    
    This tells centmin.sh menu to switch back from LibreSSL based Nginx to using OpenSSL 1.0.2f+ based Nginx. Then re-run centmin.sh menu option 4 to recompile Nginx 1.9.12

    Already updated Centmin Mod 123.09beta01 code to use Nginx 1.9.12 default and set LIBRESSL_SWITCH='n' out of box to revert back to using OpenSSL for now Beta Branch - update nginx 1.9.12 default switch back to openssl. Until a solution can be found on my end.
     
    Last edited: Feb 25, 2016
  10. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5

    Nginx 1.9.12 with OpenSSL defaults



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to Nginx 1.9.12. Due to Nginx 1.9.12 breaking LibreSSL support, I have switched Centmin Mod's Nginx build back from LibreSSL to OpenSSL 1.0.2f via setting LIBRESSL_SWITCH='n' as default. You'll notice longer Nginx compile/recompile times as Nginx compiled against OpenSSL takes much longer than against LibreSSL. So to update to Nginx 1.9.12, update Centmin Mod 123.08stable or 123.09beta01 latest code first BEFORE running centmin.sh menu option 4.

    Backport to 123.08stable

    LibreSSL had native chacha20_poly1305 ssl cipher support for SSL. But OpenSSL 1.0.2f doesn't. Centmin Mod 123.09beta01 supports patching OpenSSL 1.0.2+ with Cloudflare's official patch they use to add chacha20 support to OpenSSL 1.0.2. This is set via switch in centmin.sh. You can set this via persistent config file /etc/centminmod/custom_config.inc and set.
    Code:
    CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
    I have backported this patch routine into Centmin Mod 123.08stable however for stable it's default to disabled with
    Code:
    CLOUDFLARE_PATCHSSL='n' 
    If you are on 123.08stable and need chacha20 support for SSL, you can set this via persistent config file /etc/centminmod/custom_config.inc
    Code:
    CLOUDFLARE_PATCHSSL='y' 
    and then run centmin.sh menu option 4 to update to Nginx 1.9.12

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
  11. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Example of updating Centmin Mod code as outlined at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS via centmin.sh menu option 23 submenu option 1+2 or 2

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 23
    --------------------------------------------------------
    
    Code:
    --------------------------------------------------------
            Centmin Mod Updater Sub-Menu            
    --------------------------------------------------------
    1). Setup Centmin Mod Github Environment
    2). Update Centmin Mod Current Branch
    3). Update Centmin Mod Newer Branch
    4). Back to Main menu
    --------------------------------------------------------
    If you already run submenu option 1 prior, then you can just run submenu option 2.

    Code:
    --------------------------------------------------------
            Centmin Mod Updater Sub-Menu            
    --------------------------------------------------------
    1). Setup Centmin Mod Github Environment
    2). Update Centmin Mod Current Branch
    3). Update Centmin Mod Newer Branch
    4). Back to Main menu
    --------------------------------------------------------
    Enter option [ 1 - 4 ] 2
    --------------------------------------------------------
    
    Updating Current Centmin Mod code branch via git
            cd /usr/local/src/centminmod
            git stash
            git pull
            chmod +x centmin.sh
    No local changes to save
    From https://github.com/centminmod/centminmod
       d25f644..3d87839  123.08stable -> origin/123.08stable
       68c2a57..76b98ed  123.09beta01 -> origin/123.09beta01
       8fd10bf..0f90b19  master     -> origin/master
    Updating d25f644..3d87839
    Fast-forward
    centmin.sh              |  4 ++--
    inc/nginx_addvhost.inc  |  7 ++++++-
    inc/openssl_install.inc | 33 +++++++++++++++++++--------------
    inc/wpsetup.inc         |  7 ++++++-
    tools/nv.sh             |  7 ++++++-
    tools/nvwp.sh           |  7 ++++++-
    6 files changed, 45 insertions(+), 20 deletions(-)
    
    You can see the updated files on your local /usr/local/src/centminmod directory that I updated to backport cloudflare chacha20 patch support and to update to Nginx 1.9.12 defaults.

    Then exit out of all menus via menu option 4 or 24 until you return to SSH command prompt. Then re-change back into /usr/local/src/centminmod directory and run centmin.sh again to run menu option 4 to update Nginx
    Code:
    cd /usr/local/src/centminmod
    ./centmin.sh
    If you curious you can also see commit logs if you change into /usr/local/src/centminmod and run the git log commands

    Code:
    cd /usr/local/src/centminmod
    git log -4
     
  12. Sunka

    Sunka Active Member

    910
    238
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +385
    Local Time:
    5:11 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    So with us on 123.09beta we have to set this via persistent config file /etc/centminmod/custom_config.inc
    Code:
    CLOUDFLARE_PATCHSSL='y'    # set 'y' to implement Cloudflare's chacha20 patch https://github.com/cloudflare/sslconfig
    and after update centmin (23 - 2 - 4) run nginx update with option 4.

    Nothing else to do before upgrading nginx and after upgrading nginx?
     
  13. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    only if you DO NOT update to latest 123.09beta01 code. If you did update to laetst 123.09beta01 as per Nginx - [nginx-announce] nginx-1.9.12 | Centmin Mod Community then that is already set to yes for cloudflare patch. That's why it's good to always update your centmin mod code before running any centmin.sh menu options :D
     
    • Like Like x 1
  14. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Testing on latest updated and backported Centmin Mod 123.08stable if Cloudflare chacha20 patched OpenSSL 1.0.2f is in play. Setup a test Nginx vhost via /usr/bin/nv command with self-signed SSL vhost generated as outlined here.

    First after updating centmin mod code, run centmin.sh once so it can update /usr/bin/nv command. Then exit centmin.sh. Now /usr/bin/nv command has been updated.

    You can create dummy Nginx vhost with self-signed SSL using SSH command line where -s y means yes auto generate the Nginx vhost with HTTP/2 based self-signed SSL certificates and -u ftpusername is your pure-ftpd virtual ftp username and -d is domain name you want Nginx vhost created for.

    Code:
    nv -d testdomain.com -s y -u ftpusername
    output
    Code:
    vhost for testdomain.com created successfully
    
    domain: http://testdomain.com
    vhost conf file for testdomain.com created: /usr/local/nginx/conf/conf.d/testdomain.com.conf
    
    vhost ssl for testdomain.com created successfully
    
    domain: https://testdomain.com
    vhost ssl conf file for testdomain.com created: /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.csr
    
    upload files to /home/nginx/domains/testdomain.com/public
    vhost log files directory is /home/nginx/domains/testdomain.com/log
    
    -------------------------------------------------------------
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
             
    Feb 24  17:58   1.1K   demodomain.com.conf
    Feb 24  17:58   845    ssl.conf
    Feb 24  17:58   1.6K   virtual.conf
    Feb 24  18:11   3.2K   testdomain.com.ssl.conf
    Feb 24  18:11   1.6K   testdomain.com.conf
    
    -------------------------------------------------------------
    Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/testdomain.com
    
             
    Feb 24  18:09   1.7K   testdomain.com.key
    Feb 24  18:09   964    testdomain.com.csr
    Feb 24  18:09   1.2K   testdomain.com.crt
    Feb 24  18:11   424    dhparam.pem
    
    -------------------------------------------------------------
    Commands to remove testdomain.com
    
    rm -rf /usr/local/nginx/conf/conf.d/testdomain.com.conf
    rm -rf /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.crt
    rm -rf /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.key
    rm -rf /usr/local/nginx/conf/ssl/testdomain.com/testdomain.com.csr
    rm -rf /usr/local/nginx/conf/ssl/testdomain.com
    rm -rf /home/nginx/domains/testdomain.com
    service nginx restart
    -------------------------------------------------------------
    Check SSL nginx vhost file /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf to see if chacha20 cipher set. Looks like it NOT using the patch for chacha20 for 123.08stable, could be due to /etc/centminmod/custom_config.inc not overriding centmin.sh value in 123.08stable as there was a few improvements there made to 123.09beta01 too

    in /usr/local/nginx/conf/conf.d/testdomain.com.ssl.conf first cipher wasn't chacha20 related
    Code:
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:
    should be something like for 1st listed cipher
    Code:
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305
    will switch to centmin mod 123.09beta01 via centmin.sh menu option 23 submenu option 3 and try again and see

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu      
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 23
    --------------------------------------------------------
    
    Code:
    --------------------------------------------------------
            Centmin Mod Updater Sub-Menu   
    --------------------------------------------------------
    1). Setup Centmin Mod Github Environment
    2). Update Centmin Mod Current Branch
    3). Update Centmin Mod Newer Branch
    4). Back to Main menu
    --------------------------------------------------------
    Enter option [ 1 - 4 ] 3
    --------------------------------------------------------
    
    Update Centmin Mod to newer branch via git
    You need to input the name of the branch
    List of current remote branches by descending date order
    
    2016-02-25 03:36:05 +1000 41 minutes ago        master
    2016-02-25 03:36:05 +1000 41 minutes ago        master
    2016-02-25 03:35:55 +1000 41 minutes ago        123.08stable
    2016-02-25 03:17:58 +1000 59 minutes ago        123.09beta01
    2016-02-04 03:57:20 +1000 3 weeks ago   123.09beta01le4
    
    Enter the branch name you want to switch to i.e. 123.08beta03 : 123.09beta01
    
    Once switched to 123.09beta01, exit out of all menus via menu option 4 or 24 until you return to SSH command prompt. Then re-change back into /usr/local/src/centminmod directory and run centmin.sh again once to update any new changes to 123.09beta01 (updating sshd, setting primary/secondary email and csf updates) before exiting centmin.sh again
    Code:
    cd /usr/local/src/centminmod
    ./centmin.sh
    Now you'll be on 123.09beta01
    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu            
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ]
    --------------------------------------------------------
    Now re-try testing chacha20 patch via another /usr/bin/nv Nginx vhost site generation
    Code:
    nv -d testdomain2.com -s y -u ftpusername2 
    check /usr/local/nginx/conf/conf.d/testdomain2.com.ssl.conf SSL vhost and still missing chacha20 ciphers for 1st entry at
    Code:
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256
    Guess I need to double check my nginx vhost auto generation routines :D :eek:

    Okay commited a fix to 123.08stable and 123.09beta01 for cloudflare chacha20 patch, git update as already have git environment setup via centmin.sh menu option 23 submenu option 1. Or you can use centmin.sh menu option 23 submenu option 2.
    Code:
    cd /usr/local/src/centminmod
    git stash
    git pull
    Code:
    git stash
    No local changes to save
    
    git pull
    remote: Counting objects: 9, done.
    remote: Compressing objects: 100% (2/2), done.
    remote: Total 9 (delta 7), reused 9 (delta 7), pack-reused 0
    Unpacking objects: 100% (9/9), done.
    From https://github.com/centminmod/centminmod
       76b98ed..6ba65ef  123.09beta01 -> origin/123.09beta01
       3d87839..dd8941e  123.08stable -> origin/123.08stable
       0f90b19..33746af  master     -> origin/master
    Updating 76b98ed..6ba65ef
    Fast-forward
    inc/openssl_install.inc | 9 ++++++---
    1 file changed, 6 insertions(+), 3 deletions(-)
    now re-compile nginx via centmin.sh menu option 4 for proper cloudflare patch support

    Then 3rd time lucky create dummy nginx vhost to check if chacha20 ciphers get populated automatically on Nginx HTTP/2 SSL vhost generation

    Code:
    nv -d testdomain3.com -s y -u ftpusername3
    Unfortunately, still not :LOL:

    Looks like it's bug specific to /usr/bin/nv command line Nginx vhost generation. If i use centmin.sh menu option 2 to create testdomain4.com with HTTP/2 self-signed vhost it shows up !

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.09 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 2
    --------------------------------------------------------
    
    Code:
    
    Enter vhost domain name to add (without www. prefix): testdomain4.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: y
    
    Create FTP username for vhost domain (enter username): ftpuser4
    Auto generate FTP password (recommended) [y/n]: y
    In testdomain4.com SSL vhost /usr/local/nginx/conf/conf.d/testdomain4.com.ssl.conf the 1st cipher listed is chacha20 related
    Code:
     ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305
    Edit: committed updates to 123.08stable and 123.09beta01 to fix /usr/bin/nv detection of cloudflare chacha20 patched openssl 1.0.2f+ Beta Branch - fix /usr/bin/nv detection of cloudflare chacha patched openssl | Centmin Mod Community :)
     
    Last edited: Feb 25, 2016
    • Winner Winner x 1
  15. Sunka

    Sunka Active Member

    910
    238
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +385
    Local Time:
    5:11 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    Yep, before everything, I always update centmin.
    So, just need to update nginx now to 1.9.12

    Any "after update" steps because change from libressl to openssl?
     
  16. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    yes
     
  17. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
  18. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    4:11 AM
    1.9.x
    10.1.x
    In my test server i compiled libressl 2.2.6 and then i compiled nginx without the --with-openssl parameter.
    The result was this:
    Code:
    nginx version: nginx/1.9.12
    built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
    built with LibreSSL 2.2.6 (running with OpenSSL 1.0.2f-fips  28 Jan 2016)
    TLS SNI support enabled
    configure arguments: --prefix=/opt --with-openssl-opt=enable-tlsext --with-pcre=/src/pcre-8.38/ --with-pcre-jit --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings'
    Nginx was built with LibreSSL 2.2.6 buts its running with OpenSSL 1.0.2f. Can we change the path where nginx is going to get the openssl library at compile time?
     
  19. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately, can't help you with non-Centmin Mod Nginx builds - but strange you ended up with that heh

    my sslspdy.com site is first site on centmin mod 123.09beta01 to update Nginx 1.9.12 with new fixes and switch back to OpenSSL 1.0.2f

    confirmed that Cloudflare chacha20_poly1305 patch for OpenSSL 1.0.2f is applied according to ssllabs test. FYI , using older chacha20 version hence ssllab prefixes with OLD_

    upload_2016-2-25_5-30-26.png

    Unlike with LibreSSL chacha20, OpenSSL 1.0.2f cloudflare patched only uses it for Chrome mobile devices as AES-NI hardware assisteance support for desktops is faster but chacha20 is faster for lower powered mobile devices.

    upload_2016-2-25_5-32-38.png
     
  20. eva2000

    eva2000 Administrator Staff Member

    29,707
    6,708
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,012
    Local Time:
    1:11 PM
    Nginx 1.13.x
    MariaDB 5.5
    This forum is 2nd site of mine to jump on updated Centmin Mod 123.09beta01 code with Nginx 1.9.12 and switch back to OpenSSL 1.0.2f but I have re-enabled ngx_pagespeed as dynamic module and ngx_brotli module support too via /etc/centminmod/custom_config.inc settings
    Code:
    NGINX_LIBBROTLI=y
    NGXDYNAMIC_NGXPAGESPEED=y
    NGINX_PAGESPEED=y
    NGXPGSPEED_VER='1.10.33.5-beta'
    NGINX_PAGESPEEDPSOL_VER='1.10.33.5'
    compile time was much longer with OpenSSL than LibreSSL unfortunately :( One of reasons I originally switched to LibreSSL was faster compile times :)
    Code:
    Total Nginx Upgrade Time: 422.441585058 seconds
    CentOS 6.7 64bit on 4GB Linode KVM VPS running latest updated Centmin Mod 123.09beta01 branch LEMP stack

    dynamic modules loaded
    Code:
    dynamic module directory at /usr/local/nginx/modules
    total 17M
    drwxr-xr-x  2 root root 4.0K Feb 18 18:12 .
    drwxr-xr-x 10 root root 4.0K Feb 18 18:12 ..
    -rwxr-xr-x  1 root root 127K Feb 24 19:51 ngx_http_geoip_module.so
    -rwxr-xr-x  1 root root 138K Feb 24 19:51 ngx_http_image_filter_module.so
    -rwxr-xr-x  1 root root  17M Feb 24 19:51 ngx_pagespeed.so
    -rwxr-xr-x  1 root root 571K Feb 24 19:51 ngx_stream_module.so
    config