Get the most out of your Centmin Mod LEMP stack
Become a Member

Beta Branch Nginx HTTP/2 & OpenSSL 1.1.0 patch updates

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jun 23, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haven't looked at the code, so just to be safe for now :)


    and well Centmin Mod default Nginx version now is 1.13.1
     
  2. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    3:33 PM
    Hihi so actually you are running unstable Nginx software in centmin stable?
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    both 123.08stable and 123.09beta01 use Nginx 1.13.1 :)

    Nginx mainline ain't unstable it actually has more bug fixes than Nginx stable branch and is recommended by Nginx NGINX 1.12 and 1.13 Released. Also mainline is source of Nginx Plus commercial builds :)
     
    Last edited: Jun 24, 2017
  4. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    3:33 PM
    Every code change could be a potential reason to get software unstable. Nevertheless the main cause that Redhat et al choose for fixing the proven software rather then releasing new software versions.

    Only if needed the code will be changed. Nobody can get their development software more stable then their stable software, while changing code time over time and releasing new features every month. Google not. Facebook not. Microsoft not. Red hat Not.

    In case of Nginx.
    It's a simple joke to get tons of free (beta) testers for its commercial software edition.
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Been using Nginx mainline for 6+ yrs :D
     
  6. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    3:33 PM
    Nothing wrong with mainline, rather then that i prefer; Nginx stable for mission critical web servers.
    Nginx mainline is great to test new fresh features but, testing new is nothing for your money site where the goal is to make money and not to serve the latest features via the web server.

    Its about Nginx's statement that mainline is more stable then stable. It simply can't be.
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah each person would need to decide what is acceptable. Nginx mainline does have more fixes though just look at the HTTP/2 related ones since 1.12.0 tagged commit nginx: log. Anyway all software is in a perpetual state of development. Just take a peak at MariaDB Jira tracker of outstanding bugs post GA releases. Essentially, stable isn't really stable and development/mainline isn't really unstable :)
     
    Last edited: Jun 25, 2017
  8. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    2:33 PM
    1.9.x
    10.1.x
    This works out of the box or we need to add something to nginx conf?
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    once patched should work out of box for HTTP/2 based sites
     
  10. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    10:33 PM
    Mainline
    10.2
    Why doesn't support LibreSSL?
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haven't tested it that's why :)
     
  12. pamamolf

    pamamolf Premium Member Premium Member

    4,074
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    4:33 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Can you please post more details on this?

    Code:
    once patched should work out of box for HTTP/2 based sites
    I guess having the latest updates for Centminmod and recompiling the Nginx to 1.13.1 should auto work ?

    In case that i have a self signed certificate and use the Cloudflare one in front will be ok?

    In case that i use Let's encrypt ?
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    following 1st post instructions to enable it first before recompiling nginx 1.13.1+
    Wouldn't do much as cloudflare flexible ssl talks to non-https origin server. Only cloudflare full ssl would talk wto https origin would have some benefit somewhat.
     
  14. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    10:33 PM
    Mainline
    10.2
  15. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  16. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    update looking good for HPACK full encoding patch + LibreSSL 2.5.4 (with default LIBRESSL_SWITCH='y')
    with persistent config set with /etc/centminmod/custom_config.inc
    Code (Text):
    NGINX_HPACK='y'
    

    to enable Cloudflare's HPACK full encoding patch for Nginx 1.13.1+
    Code (Text):
    url=https://domain.com
    
    for i in $(seq 1 8); do echo "h2load run $i"; h2load $url -n $i | tail -6 | head -1; done 
    h2load run 1
    traffic: 4.02KB (4117) total, 249B (249) headers (space savings 34.99%), 3.71KB (3801) data
    h2load run 2
    traffic: 7.76KB (7951) total, 264B (264) headers (space savings 65.54%), 7.42KB (7602) data
    h2load run 3
    traffic: 11.51KB (11785) total, 279B (279) headers (space savings 75.72%), 11.14KB (11403) data
    h2load run 4
    traffic: 15.25KB (15619) total, 294B (294) headers (space savings 80.81%), 14.85KB (15204) data
    h2load run 5
    traffic: 18.00KB (19453) total, 309B (309) headers (space savings 83.86%), 18.56KB (19005) data
    h2load run 6
    traffic: 22.74KB (23287) total, 324B (324) headers (space savings 85.90%), 22.27KB (22806) data
    h2load run 7
    traffic: 26.49KB (27121) total, 339B (339) headers (space savings 87.36%), 25.98KB (26607) data
    h2load run 8
    traffic: 30.23KB (30955) total, 354B (354) headers (space savings 88.45%), 29.70KB (30408) data
    
     
  17. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    10:33 PM
    Mainline
    10.2
  18. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    10:33 PM
    Mainline
    10.2
    Code:
    nginx version: nginx/1.13.2
    built by gcc 6.2.1 20160916 (Red Hat 6.2.1-3) (GCC)
    built with LibreSSL 2.5.4
    TLS SNI support enabled
    configure arguments: 
    --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' 
    --with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold 
    --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' 
    --sbin-path=/usr/local/sbin/nginx 
    --conf-path=/usr/local/nginx/conf/nginx.conf 
    --with-compat 
    --with-http_ssl_module 
    --with-http_v2_module 
    --with-http_v2_hpack_enc 
    --with-http_gzip_static_module 
    --add-dynamic-module=../ngx_brotli 
    --with-openssl=../libressl-2.5.4 
    --with-libatomic 
    --with-pcre=../pcre-8.40 
    --with-pcre-jit 
    --with-zlib=../zlib-1.2.11 
    --add-dynamic-module=../ngx_pagespeed-1.12.34.2-beta
    
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,087
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:33 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looking good

    need nghttp2's h2load stress testing tool mentioned at HPACK: the silent killer (feature) of HTTP/2
    nghttp2 has too many dependencies that have newer versions than CentOS can provide via rpm install and source installl would take ~1-2hrs. That is why i created a Ubuntu 17.10 based docker image for HTTP/2 testing tools including nghttp2 which is source compiled https://hub.docker.com/r/centminmod/docker-ubuntu-nghttp2/
     
    Last edited: Jun 29, 2017
  20. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    3:33 PM
    Nginx 1.17.9
    MariaDB 10.3.22
    This is only for those who use Cloudflare?