Want to subscribe to topics you're interested in?
Become a Member

Nginx PageSpeed ngx_pagespeed 1.9.32.13 beta security update !

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by eva2000, Feb 7, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ngx_pagespeed 1.9.32.13-beta security fix update has been released. Read below for instructions for updating your Centmin Mod Nginx's ngx_pagespeed module integration.

    How to Update ngx_pagespeed



    Best way is to also keep your Centmin Mod code updated as outlined at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS via centmin.sh menu option 23 if possible then you won't need to play with changing version numbers if I already updated the code for the new versions. However, if I have not updated the versions, you can do that yourself using instructions below.


    To update, add these variables to to persistent config at /etc/centminmod/custom_config.inc (create it if it doesn't exist)
    Code (Text):
    NGXPGSPEED_VER='1.9.32.13-beta'
    NGINX_PAGESPEEDPSOL_VER='1.9.32.13'


    or edit centmin.sh and prior to recompiling nginx via centmin.sh menu option 4

    change variables

    from
    Code (Text):
    NGXPGSPEED_VER='1.9.32.11-beta'
    NGINX_PAGESPEEDPSOL_VER='1.9.32.11'

    to
    Code (Text):
    NGXPGSPEED_VER='1.9.32.13-beta'
    NGINX_PAGESPEEDPSOL_VER='1.9.32.13'


    then recompile nginx via centmin.sh menu option 4

    Quick sed replacement, update commands for existing Centmin Mod are outlined on official page here and below.

    change to centmin mod install directory, sed replace the version numbers and grep to make sure they were replaced
    Code (Text):
    cmdir
    sed -i 's|1.9.32.11|1.9.32.13|g' centmin.sh
    grep 1.9.32 centmin.sh

    i.e.
    Code (Text):
    grep 1.9.32 centmin.sh
    NGXPGSPEED_VER='1.9.32.13-beta'
    NGINX_PAGESPEEDPSOL_VER='1.9.32.13'

    then run centmin.sh menu option 4 to recompile Nginx with new version.

    check that ngx_pagespeed-release-1.9.32.13-beta was compiled via nginx -V command

    ngx_pagespeed 1.9.32.13-beta security update



    Updated both Centmin Mod 123.08stable and 123.09beta01 builds to default to ngx_pagespeed 1.9.32.13-beta for security update. You can update Centmin Mod code via centmin.sh menu option 23 submenu option 1 and then 2 and then recompile Nginx via centmin.sh menu option 4 as outlined above.

    Discussion thread at Nginx PageSpeed - ngx_pagespeed 1.9.32.13 beta security update ! | Centmin Mod Community

    To update your Centmin Mod builds follow instructions at centminmod.com/upgrade.html and respective version threads below:
     
    Last edited: Feb 7, 2016
  2. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    more info at January 2016 PageSpeed Security Update.  |  PageSpeed Module  |  Google Developers

     
  3. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Disable ngx_pagespeed integration



    If you do not use ngx_pagespeed and have not enabled it as per instructions outlined at centminmod.com/nginx_ngx_pagespeed.html, you can in fact totally remove ngx_pagespeed integration from Nginx server using steps outlined on official site Nginx PageSpeed - CentminMod.com LEMP Nginx web stack for CentOS and below:

    The best way is to use persistent config file created or appended to at /etc/centminmod/custom_config.inc and add setting:
    Code:
    NGINX_PAGESPEED=n
    Then run centmin.sh menu option 4 to recompile Nginx without ngx_pagespeed module integration.
     
    Last edited: Feb 7, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ngx_pagespeed 1.10 branch also got the same security fix in 1.10.33.4 but 1.10 branch only works with Centmin Mod 123.09beta01 and not 123.08stable. So stick with 1.9.32.13 for Centmin Mod 123.08stable https://community.centminmod.com/posts/25764/
     
  5. Matt

    Matt Well-Known Member

    925
    414
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +669
    Local Time:
    12:29 AM
    1.5.15
    MariaDB 10.2
    Upgraded :)
     
  6. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    9:29 AM
    i dont need to do this if i dont use pagespeed.. or dont use HTTPS?
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes but then if you don't use ngx_pagespeed you can totally disable and remove the integration https://community.centminmod.com/posts/25771/

    nice :D
     
  8. Matt

    Matt Well-Known Member

    925
    414
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +669
    Local Time:
    12:29 AM
    1.5.15
    MariaDB 10.2
    Tried the 1.10 version, but was breaking a few things, and I don't have time to figure what is going wrong, so downgraded again.
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    On centmin mod 123.08stable or 123.09beta01 ? ngx_pagespeed 1.10 only works on 123.09beta01 right now. It's what this forum and centminmod.com VPS clusters are on (123.09beta01 + ngxPagespeed 1.10 branch).

    Actually, been thinking about it according to Centmin Mod 2106 survey Centmin Mod Survey 2016 ~45% of users are not actively using ngx_pagespeed with it enabled so wondering if disabling ngx_pagespeed integration out of box is better. And let folks enable integration if they want it as per instructions outlined at centminmod.com/nginx_ngx_pagespeed.html
     
  10. Matt

    Matt Well-Known Member

    925
    414
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +669
    Local Time:
    12:29 AM
    1.5.15
    MariaDB 10.2
    It was just an issue with some CSS not being displayed correctly. I probably just needed to change something in the pagespeed config, but don't have time at the minute to figure which rule it is.
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah might want to read up on ngx_pagespeed 1.10 branch changes and tweaks at Nginx PageSpeed - Nginx Pagespeed 1.10.x betas coming | Centmin Mod Community whenever you have the time.. :D
     
  12. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    7:29 AM
    latest
    latest
    I really love this

    Code:
    /etc/centminmod/custom_config.inc
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes it's outlined in Centmin Mod upgrade guide page under the section for persistent configuration settings Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS :)
     
  14. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    7:29 AM
    latest
    latest
    Yeah I used to maintain a fork of centminmod but these days I just use the custom config and download a new beta whenever a new version comes out. :D
     
  15. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:29 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    exactly what persistent config file /etc/centminmod/custom_config.inc is for :)