Want more timely Centmin Mod News Updates?
Become a Member

Nginx Security Nginx Security Update For NJS Nginx Module

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jun 5, 2019.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    44,691
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,794
    Local Time:
    5:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    A remote code execution flaw has been found in Nginx's NJS module that requires updating to NJS v0.3.3 of the Nginx module according to Nginx nJS will need patches, hotels exposed via security systems, Docker containers dinged, and more. Centmin Mod Nginx users are not vulnerable unless you have enabled optional Nginx NJS module support specifically - read further below for details.
    From Nginx tweet NGINX on Twitter

    Centmin Mod Nginx's Optional NJS Module Support



    Centmin Mod 123.09beta01 beta and newer has flexible support for alot of additional Nginx modules. One of these modules is Nginx's official NJS Nginx module (previously named nginScript). Centmin Mod 123.09beta01 added initial NJS (nginScript) support back in September, 2015 :).

    Centmin Mod 123.09beta01 and newer users can enable when they set NGINX_NJS='y' and
    NGXDYNAMIC_NJS='y' variables in persistent config file /etc/centminmod/custom_config.inc prior to Centmin Mod initial install or prior to recompiling or updating Nginx via centmin.sh menu option 22.

    Updating Centmin Mod Nginx With NJS Module Enabled



    If you have enabled NJS nginx module support in your Centmin Mod Nginx builds, then easiest way to update NJS nginx module is to run cmupdate SSH command first to update your local Centmin Mod code

    and then run centmin.sh menu option 4 to recompile/update Nginx. Example for recompile update for Nginx 1.17.0
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB MySQL Upgrade & Management
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    **********************************************************************
    * Nginx Update script - Included in Centmin Extras
    * Version: 123.09beta01.b179 - Date: 31/03/2019 - Copyright 2011-2019 CentminMod.com
    **********************************************************************
    
    This software comes with no warranty of any kind. You are free to use
    it for both personal and commercial use as licensed under the GPL.
    

    Code (Text):
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Current Nginx Version: 1.17.0 (050619-042412-centos7)
    
    Install which version of Nginx? (version i.e. type 1.17.0): 1.17.0
    
    Do you still want to continue? [y/n] y
    

    Let Nginx rebuild with updated versions and end result is Nginx 1.17.0 built on Centmin Mod 123.09beta01 with NJS Nginx module enabled.
    You can verify which version of NJS was installed by inspecting the njs cli command line binary at either locations on your server
    • /svr-setup/njs/build/njs
    • /usr/local/bin/njs (added since June 4, 2019)
    Code (Text):
    njs -v
    0.3.3
    

    Code (Text):
    /svr-setup/njs/build/njs -v
    0.3.3
    

    Testing njs cli command line
    Code (Text):
    echo "2**3" | njs -q
    

    Code (Text):
    echo "2**3" | njs -q
    >> 2**3
    8
    >>
    

    FYI, Centmin Mod builds NJS nginx module support from official NJS github mirror's master branch so usually is latest version available i.e. 0.3.3 at time of writing while packaged releases at nginx/njs are only available to 0.3.2. So official NJS v0.3.3 packaged release isn't out yet if you are using NJS in non-Centmin Mod Nginx builds.

    Old Nginx NJS NginScript video from 2018

     
    Last edited: Jun 5, 2019
  2. eva2000

    eva2000 Administrator Staff Member

    44,691
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,794
    Local Time:
    5:23 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x