1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Contribution How to compile NGINX with additional modules ( pagespeed / cache_purge / headers-more / and others )

Discussion in 'Plesk Extensions' started by UFHH01, Dec 15, 2016.

  1. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi Wiz,

    this "warning" is unfortunately not aware of the two completely different compressions from "brotli" and "gzip". Both do there job and your warning can be safely ignored.
     
    Last edited: Oct 5, 2017
    Dukemaster likes this.
  2. Daniel Slyman

    Daniel Slyman New Pleskian

    4
    20%
    Joined:
    Aug 13, 2017
    Messages:
    18
    Likes Received:
    1
    Location:
    Munich
    thanks a lot for this!

    one slight problem, I followed all of your instructions but with TLS 1.3 enabled in the ssl.conf, the nginx test is showing errors. any idea? I'm on Centos 7.4

    Thanks
     
  3. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi Daniel Slyman,

    it would help, if you could name the errors ( pls. use "copy&paste" for example from your command line ) , so that people willing to help you have something to start with their investigations together with you. :(
     
    Dukemaster likes this.
  4. virtubox

    virtubox Regular Pleskian Plesk Guru

    19
    60%
    Joined:
    May 4, 2016
    Messages:
    205
    Likes Received:
    71
    Location:
    France
    Thanks you @UFHH01 for you awesome contribution.
    I have done a script to automate the compilation of nginx available on github : GitHub - VirtuBox/plesk-nginx
    Currently, I have tested it only on Ubuntu 16.04 LTS.

    But to restart nginx after the installation of the last release, I had to replace the nginx.service file. Is it normal ?
     
    IgorG likes this.
  5. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi virtubox,

    I never experienced such an issue on one of my servers. Try to traceback the process in oder to get to your root cause and pls. avoid non-standard replacements, like:
    Code:
    wget -O /etc/systemd/system/multi-user.target.wants/nginx.service https://raw.githubusercontent.com/VirtuBox/plesk-nginx/master/nginx/nginx.service
    from your script. ;)

    Pls. open a NEW thread at => Home > Forum > General Discussion > Open Topics , if you experience issues/errors/problems, related to YOUR unique project at github. :)
     
    IronDonDon and virtubox like this.
  6. virtubox

    virtubox Regular Pleskian Plesk Guru

    19
    60%
    Joined:
    May 4, 2016
    Messages:
    205
    Likes Received:
    71
    Location:
    France
    Ok, nginx.service replacement is removed, I will create a new thread to discuss about the project.
     
    IronDonDon likes this.
  7. IronDonDon

    IronDonDon New Pleskian

    1
     
    Joined:
    Dec 9, 2016
    Messages:
    1
    Likes Received:
    0
    Location:
    SF
    Hi.
    First of all, thank you @UFHH01 for this great and important tutorial!
    I'd like to utilize nginx's own microcaching capabilities, which work very well. I mainly work with Wordpress, and would like to use cache_purge module + wordpress plugin. Unfortunately, I cannot make it work. I do not know nginx very well and Plesk even less, so I would like to know, how do you utilize cache_purge?
    If I am not mistaken, php-fpm master process runs as root, but its child processes use Plesk Subscription User permissions to run PHP scripts, which prevents them from accessing the NGINX cache folder or deleting any cache from there. So in my case the chain nginx+php-fpm+wordpress+nginxHelper does not work.
    I would be grateful for any suggestion!

    Thank you
     
  8. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi IronDonDon,

    here you go with an example at your serverwide "nginx,conf":

    Code:
            # Wordpress with NGINX - Helper + FastCGI - Cache modified by UFHH01
                map $uri $blogname {
                    ~^(?P<blogpath>/[^/]+/)files/(.*)    $blogpath;
                }
                map $blogname $blogid {
                    default -999;
    
                    include /var/www/vhosts/YOUR-DOMAIN.COM/httpdocs/wp-content/plugins/nginx-helper/map.conf;
                }
    
                 fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
                 fastcgi_cache_key "$scheme$request_method$host$request_uri";
                 fastcgi_cache_use_stale error timeout invalid_header http_500;
                 fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
            # End Wordpress with NGINX - Helper + FastCGI - Cache modified by UFHH01
    

    This example certainly depends on your very own and unique "blogpath". Another example would be:
    Code:
            map $http_host $blogid {
                default 0;
    
                YOUR-DOMAIN.COM 1;
                YOUR-OTHER-DOMAIN.COM 2;
                SUBDOMAIN.YOUR-THIRD-COMAIN.COM 3;
            }
    ... while you still have to include the specific "map.conf"

    More informations and links can be seen at: => Nginx Helper



    If you desire MORE help for your goal, pls. consider to open a NEW thread at => Home > Forum > General Discussion > Open Topics , as your question is not related to the basic compiliation step-by-step - guide for your unique nginx at this thread. ;)
     
  9. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Contribution has been updated with:

    NGINX - version 1.13.6
     
    Dukemaster likes this.
  10. Dukemaster

    Dukemaster Regular Pleskian

    18
     
    Joined:
    Nov 21, 2016
    Messages:
    252
    Likes Received:
    36
    Location:
    Rhein-Main - Berlin
    Works like a charm. Installation by your great tutorial is easy also for no experts.
    Thanks a lot. @UFHH01 *sorry*
    :)


    Nginx 1.13.6 with Pagespeed-1.12.34.3-0 by UFHH01.jpgNginx 1.13.6 with Pagespeed-1.12.34.3-0.jpg

    Code:
    root@server:~# nginx -V
    nginx version: nginx/1.13.6
    built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.5)
    built with OpenSSL 1.1.1-dev  xx XXX xxxx
    TLS SNI support enabled
    configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-debug --with-file-aio --with-google_perftools_module --with-mail --with-mail_ssl_module --with-threads --with-select_module --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-http_v2_module --with-http_xslt_module --with-poll_module --with-openssl=/usr/share/openssl --with-openssl-opt=enable-tls1_3 --add-module=/usr/share/nginx/modules/ngx_brotli --add-module=/usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable --add-module=/usr/share/passenger/ngx_http_passenger_module --add-module=/usr/share/nginx/modules/ngx_cache_purge-2.3 --add-module=/usr/share/nginx/modules/ngx_coolkit-0.2 --add-module=/usr/share/nginx/modules/ngx_slowfs_cache-1.10 --add-module=/usr/share/nginx/modules/ngx_headers-more-0.32
     
    Last edited: Oct 17, 2017
    UFHH01 likes this.
  11. learning_curve

    learning_curve Regular Pleskian

    13
    35%
    Joined:
    May 3, 2017
    Messages:
    144
    Likes Received:
    46
    Location:
    UK & other variable locations
    Our first (slow and careful) run at this has gone quite well and we're near the end of this step now:
    The result, after running just the ./configure command so far (with today's version of the "step-by-step guide") is:
    Code:
    checking for OS
     + Linux 3.10.0-693.2.2.el7.x86_64 x86_64
    checking for C compiler ... found
     + using GNU C compiler
     + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
    checking for gcc -pipe switch ... found
    checking for -Wl,-E switch ... found
    checking for gcc builtin atomic operations ... found
    checking for C99 variadic macros ... found
    checking for gcc variadic macros ... found
    checking for gcc builtin 64 bit byteswap ... found
    checking for unistd.h ... found
    checking for inttypes.h ... found
    checking for limits.h ... found
    checking for sys/filio.h ... not found
    checking for sys/param.h ... found
    checking for sys/mount.h ... found
    checking for sys/statvfs.h ... found
    checking for crypt.h ... found
    checking for Linux specific features
    checking for epoll ... found
    checking for EPOLLRDHUP ... found
    checking for EPOLLEXCLUSIVE ... not found
    checking for O_PATH ... found
    checking for sendfile() ... found
    checking for sendfile64() ... found
    checking for sys/prctl.h ... found
    checking for prctl(PR_SET_DUMPABLE) ... found
    checking for crypt_r() ... found
    checking for sys/vfs.h ... found
    checking for poll() ... found
    checking for /dev/poll ... not found
    checking for kqueue ... not found
    checking for crypt() ... not found
    checking for crypt() in libcrypt ... found
    checking for F_READAHEAD ... not found
    checking for posix_fadvise() ... found
    checking for O_DIRECT ... found
    checking for F_NOCACHE ... not found
    checking for directio() ... not found
    checking for statfs() ... found
    checking for statvfs() ... found
    checking for dlopen() ... not found
    checking for dlopen() in libdl ... found
    checking for sched_yield() ... found
    checking for sched_setaffinity() ... found
    checking for SO_SETFIB ... not found
    checking for SO_REUSEPORT ... found
    checking for SO_ACCEPTFILTER ... not found
    checking for SO_BINDANY ... not found
    checking for IP_BIND_ADDRESS_NO_PORT ... not found
    checking for IP_TRANSPARENT ... found
    checking for IP_BINDANY ... not found
    checking for IP_RECVDSTADDR ... not found
    checking for IP_SENDSRCADDR ... not found
    checking for IP_PKTINFO ... found
    checking for IPV6_RECVPKTINFO ... found
    checking for TCP_DEFER_ACCEPT ... found
    checking for TCP_KEEPIDLE ... found
    checking for TCP_FASTOPEN ... found
    checking for TCP_INFO ... found
    checking for accept4() ... found
    checking for kqueue AIO support ... not found
    checking for Linux AIO support ... found
    checking for int size ... 4 bytes
    checking for long size ... 8 bytes
    checking for long long size ... 8 bytes
    checking for void * size ... 8 bytes
    checking for uint32_t ... found
    checking for uint64_t ... found
    checking for sig_atomic_t ... found
    checking for sig_atomic_t size ... 4 bytes
    checking for socklen_t ... found
    checking for in_addr_t ... found
    checking for in_port_t ... found
    checking for rlim_t ... found
    checking for uintptr_t ... uintptr_t found
    checking for system byte ordering ... little endian
    checking for size_t size ... 8 bytes
    checking for off_t size ... 8 bytes
    checking for time_t size ... 8 bytes
    checking for AF_INET6 ... found
    checking for setproctitle() ... not found
    checking for pread() ... found
    checking for pwrite() ... found
    checking for pwritev() ... found
    checking for sys_nerr ... found
    checking for localtime_r() ... found
    checking for posix_memalign() ... found
    checking for memalign() ... found
    checking for mmap(MAP_ANON|MAP_SHARED) ... found
    checking for mmap("/dev/zero", MAP_SHARED) ... found
    checking for System V shared memory ... found
    checking for POSIX semaphores ... not found
    checking for POSIX semaphores in libpthread ... found
    checking for struct msghdr.msg_control ... found
    checking for ioctl(FIONBIO) ... found
    checking for struct tm.tm_gmtoff ... found
    checking for struct dirent.d_namlen ... not found
    checking for struct dirent.d_type ... found
    checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
    checking for openat(), fstatat() ... found
    checking for getaddrinfo() ... found
    configuring additional modules
    adding module in /usr/share/nginx/modules/ngx_brotli
     + ngx_brotli was configured
    adding module in /usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable
    
    You have set --with-debug for building nginx, but precompiled Debug binaries for
    PSOL, which ngx_pagespeed depends on, aren't available.  If you're trying to
    debug PSOL you need to build it from source.  If you just want to run nginx with
    debug-level logging you can use the Release binaries.
    
    Use the available Release binaries? [Y/n]
    
    Seeing as we were not at the install point here and to check in advance what other errors make occur...
    we went for the easy option of (Y) and the result was
    Code:
    mod_pagespeed_dir=/usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable/psol/include
    build_from_source=false
    checking for psol ... found
    List of modules (in reverse order of applicability): ngx_http_write_filter_module ngx_http_header_filter_module ngx_http_chunked_filter_module ngx_http_v2_filter_module ngx_http_range_header_filter_module ngx_pagespeed_etag_filter ngx_http_gzip_filter_module ngx_http_brotli_filter_module ngx_pagespeed ngx_http_postpone_filter_module ngx_http_ssi_filter_module ngx_http_charset_filter_module ngx_http_xslt_filter_module ngx_http_image_filter_module ngx_http_sub_filter_module ngx_http_addition_filter_module ngx_http_gunzip_filter_module ngx_http_userid_filter_module ngx_http_headers_filter_module
    checking for psol-compiler-compat ... found
     + ngx_pagespeed was configured
    adding module in /usr/share/nginx/modules/ngx_cache_purge-2.3
     + ngx_http_cache_purge_module was configured
    adding module in /usr/share/nginx/modules/ngx_coolkit-0.2
     + ngx_coolkit_module was configured
    adding module in /usr/share/nginx/modules/ngx_slowfs_cache-1.10
     + ngx_http_slowfs_module was configured
    adding module in /usr/share/nginx/modules/ngx_headers-more-0.32
     + ngx_http_headers_more_filter_module was configured
    checking for PCRE library ... found
    checking for PCRE JIT support ... found
    checking for zlib library ... found
    checking for libxslt ... found
    checking for libexslt ... found
    checking for GD library ... found
    checking for GD WebP support ... not found
    checking for perl
     + perl version: This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
     + perl interpreter multiplicity found
    checking for GeoIP library ... found
    checking for GeoIP IPv6 support ... found
    checking for Google perftools ... found
    creating objs/Makefile
    
    Configuration summary
      + using threads
      + using system PCRE library
      + using OpenSSL library: /usr/share/openssl
      + using system zlib library
    
      nginx path prefix: "/etc/nginx"
      nginx binary file: "/usr/sbin/nginx"
      nginx modules path: "/etc/nginx/modules"
      nginx configuration prefix: "/etc/nginx"
      nginx configuration file: "/etc/nginx/nginx.conf"
      nginx pid file: "/var/run/nginx.pid"
      nginx error log file: "/var/log/nginx/error.log"
      nginx http access log file: "/var/log/nginx/access.log"
      nginx http client request body temporary files: "/var/lib/nginx/body"
      nginx http proxy temporary files: "/var/lib/nginx/proxy"
      nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
      nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
      nginx http scgi temporary files: "/var/lib/nginx/scgi"
    [root@:D nginx-1.13.6]#
    We had read the previous references to the --add-module=/usr/share/passenger/ngx_http_passenger_module line in the ./configure code provided and had removed that line as you can see.

    The Makefile contains this:
    Code:
    default:    build
    
    clean:
        rm -rf Makefile objs
    
    build:
        $(MAKE) -f objs/Makefile
    
    install:
        $(MAKE) -f objs/Makefile install
    
    modules:
        $(MAKE) -f objs/Makefile modules
    
    upgrade:
        /usr/sbin/nginx -t
    
        kill -USR2 `cat /var/run/nginx.pid`
        sleep 1
        test -f /var/run/nginx.pid.oldbin
    
        kill -QUIT `cat /var/run/nginx.pid.oldbin`
    It all looks good to go so far, but we wanted to double check on a) any of items 'not found' in the first code block above and b) our chose of (Y) to the 'to run nginx with debug-level logging you can use the Release binaries' option in the 2nd code block above. Any advice / comments @UFHH01 before we go on to make and make install ? ;)
     
  12. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi learning_curve,

    all looks good and as expected. Pls. continue with your next step. ;)
     
    Dukemaster and learning_curve like this.
  13. learning_curve

    learning_curve Regular Pleskian

    13
    35%
    Joined:
    May 3, 2017
    Messages:
    144
    Likes Received:
    46
    Location:
    UK & other variable locations
    Well...That all went very well with no immediate issues at all, that we can see.

    Full credit to @UFHH01 for all his help, patience & guidance!
    Code:
    # nginx -V
    nginx version: nginx/1.13.6
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
    built with OpenSSL 1.1.1-dev  xx XXX xxxx
    TLS SNI support enabled
    configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-debug --with-file-aio --with-google_perftools_module --with-mail --with-mail_ssl_module --with-threads --with-select_module --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-http_v2_module --with-http_xslt_module --with-poll_module --with-openssl=/usr/share/openssl --with-openssl-opt=enable-tls1_3 --add-module=/usr/share/nginx/modules/ngx_brotli --add-module=/usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable --add-module=/usr/share/nginx/modules/ngx_cache_purge-2.3 --add-module=/usr/share/nginx/modules/ngx_coolkit-0.2 --add-module=/usr/share/nginx/modules/ngx_slowfs_cache-1.10 --add-module=/usr/share/nginx/modules/ngx_headers-more-0.32
    Several different external tests are able to confirm the new 'additions' e.g. TLSv1.3 (draft 18) etc It's stable & running great :D

    A couple of small comments / questions for @UFHH01

    The command line still 'sees' "sw-nginx" as it was released by Plesk, despite it being a much later self-complied release now.
    No problem for us, as we're pretty sure we understand why, but maybe worth remembering for others
    Code:
    # nginx -v
    nginx version: nginx/1.13.6
    # rpm -qa | grep sw-nginx
    sw-nginx-1.11.10-centos7.17032813.x86_64
    As per the final note in the tutorial, we have locked "sw-nginx" from any further updates via our Plesk Panel GUI which we are confident is the same as hold - see attached image (hold is the word that's actually written in the tutorial). This makes great sense as it can easily be unlocked to allow "sw-nginx" to be upgraded via Plesk (when an equivalent/greater spec "sw-nginx" is eventually released ;))

    As per the tutorial, we have modified /etc/nginx/conf.d/ssl.conf to now include TLSv1.3 as well as TLSv1.2 and this is fine. We are assuming that because nginx is reverse proxy server, we do not need to make further modifications to /etc/httpd/conf.d/ssl.conf and /etc/proftpd.d/ssl.conf as well (we have previoulsy modified both of these to TLSv1.2 only) until... such time that TLSv1.3 becomes a stable release and Plesk then subsequently provide upgrades for all items like these as well as "sw-nginx" ?

    We have also already upgraded /etc/sw-cp-server/conf.d/ssl.conf but mainly in order to match our upgraded but self-compiled "sw-cp-server" (mentioned in THIS thread's opening post). This has a later version of nginx than the current Plesk release too
    Code:
    # sw-cp-serverd -V
    nginx version: nginx/1.12.1
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
    built with OpenSSL 1.0.2l  25 May 2017
    TLS SNI support enabled
    but this specific nginx release can't suport TLSv1.3 anyway. Again we'll wait... for Plesk to eventually release the TLSv1.3 upgraded version of "sw-cp-server" and then overwrite this self compiled version.

    The most important question is this last one :p Can we now
    Code:
    # cd /root/addons
    # rm -rf nginx
    to completely clear up, now that we're happily running nginx 1.13.6 ("sw-nginx") live?
     

    Attached Files:

  14. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi learning_curve,

    This is as well expected and intended, as some Plesk features and components depend on the "sw-nginx" - package. ;)

    Sorry, I can't guarantee this, as my tutorial includes additional modules, which might not be essential for every Plesk user, even that I don't see any reason, why they shouldn't be included in an upcoming "sw-nginx" - package, for a wider range of possible modifications and settings for each domain over the "Additional nginx directives" - options.

    ... which I still don't recommend, as I can't see any reasons, apart from the TLS1.3 option, to compile an own "sw-cp-server" - package. You increased a tiny, little security setting option, while there is absolute no reported risk or bug, when you continue to use only TLS1.1 and TLS1.2. :) All global standarts are still met with the current sw-cp-server - package from Plesk and you get official support for it, while you will never get official support with your own, unique sw-cp-server version. ;) While it can make sense to use an own, unique nginx ( "sw-nginx" ) version, I would never recommend to touch basic Plesk components, if it isn't essential.

    Sure. After your compilation and the final replacement with "make install", it IS as well recommended to clean up your "work folder". :)

    Pls. don't bother about the "false" sw-nginx - version at your Server Components page over your Plesk Control Panel, you know that you compiled your own nginx, which doesn't change the version of your installed sw-nginx - package. ;)
     
    learning_curve likes this.
  15. learning_curve

    learning_curve Regular Pleskian

    13
    35%
    Joined:
    May 3, 2017
    Messages:
    144
    Likes Received:
    46
    Location:
    UK & other variable locations
    Yes we are bad boys ;) but... this does work very well (it's TLSv1.2 only, we don't use TLSv1.1 anywhere) and because of the way it was compiled, it appears correctly within Package Manager, so will be overwritten just like the official Plesk version would, once the next Plesk release is finally made available (which should be... with a far more up-to-date openssl / nginx / etc components and must support TLSv1.3 too) but to be fair, upgrading "sw-cp-server" is only a small sideshow here really.

    This great thread is actually all about taking the option to install a 100% useable, up-to-date, secure verison of "sw-nginx" which you thankfully, have provided a working, informative tutorial for. There are a few caveats, but it is a 100% YES from us :cool:
     
    Last edited: Oct 20, 2017
    IgorG and UFHH01 like this.
  16. Wiz

    Wiz New Pleskian

    3
    20%
    Joined:
    Jun 10, 2017
    Messages:
    20
    Likes Received:
    3
    Location:
    /root
    @UFHH01 A quick FYI ... Nginx appears to have been updated by Plesk despite it being locked via CP to prevent updates. This occurred together with the recent passenger updates

    Code:
    Updating:
     mod_passenger                                 x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         293 k
     passenger                                     x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         7.1 M
     passenger-devel                               x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         6.5 M
     passenger-native-libs                         x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         7.3 k
     sw-nginx                                      x86_64                         1.11.10-centos7.17102311                         PLESK_17_NGINX                              1.5 M
     
  17. learning_curve

    learning_curve Regular Pleskian

    13
    35%
    Joined:
    May 3, 2017
    Messages:
    144
    Likes Received:
    46
    Location:
    UK & other variable locations
    We haven't run Plesk Update #26 yet. We don't have Phusion Passenger installed or use it anyway. We too have "sw-nginx" locked via Plesk CP, which should provide an advance error/notification if there was in intended "sw-nginx" update (in theory ;)). The Plesk ChangeLog doesn't mention "sw-nginx" as being part of Update #26 but we're guessing that there's a knock-on effect to "sw-nginx" from the Phusion Passenger issue? We'll wait for comments from @UFHH01 before looking at Update #26
     
  18. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi @ all,

    no need to wait for a comment from me, as the path for
    will not change in case of an update/upgrade/patch.

    Pls. keep as well in mind, that I need as well time to investigate ( possible ) issues/errors/problems in case of Plesk updates/upgrades/patches and IF you experience any issues, pls. don't hesitate to post them and pls. don't forget to mention YOUR current used operating system. ;)
     
    Dukemaster and learning_curve like this.
  19. learning_curve

    learning_curve Regular Pleskian

    13
    35%
    Joined:
    May 3, 2017
    Messages:
    144
    Likes Received:
    46
    Location:
    UK & other variable locations
    Update: We have a full Plesk backup (Tools & Settings / Backup Manager) of our complete setup BEFORE running Plesk #Upgrade 26 so we could recover ALL of that if needed.... We ran Plesk #Upgrade 26 and have a copy of the complete download / install log if needed. Our system setup is shown in our signature.

    The Plesk update: Update to 1.11.10-centos7.17102311 (PLESK_17_NGINX) has not actually been applied yet, because as covered previously, sw-nginx 1.11.10-centos7.17032813 (PLESK_17_NGINX) is locked within the updates panel and this lock / retained update is confirmed within the panel awaiting action.

    However, if we now run some quick command line checks, we can see that it "appears" differently there :rolleyes:
    Code:
    # nginx -v
    nginx version: nginx/1.11.10
    i.e. that's reporting we're back to the official Plesk "sw-nginx" but a subsequent
    Code:
    # nginx -t
    provides details of
    Code:
    configuration file /etc/nginx/nginx.conf test failed
    which is understandable, because this was modified to suit the self-compiled "sw-nginx"
    We have the original .conf file anyway and can easily restore this.
    Consequenlty, nginx hasn't been sucessfully re-started after the Upgrade #26 yet and is running "as it was"

    So our only question is... What action next? Is it

    a) Unlock sw-nginx 1.11.10-centos7.17032813 (PLESK_17_NGINX) restore the .conf file mentioned (and the modified sss.conf file too) and then, run the awaiting upgade from the panel, which will successfully re-start nginx by default and (we guess) take us back to where we were, with the official Plesk "sw-nginx" release version, but now with the Phusion Passenger security risk removed. We would then need to run the re-compile process again as per the Tutorial (no problem with that) Or...

    b) Another method suggested by @UFHH01 ;)
     
    Last edited: Oct 24, 2017
  20. UFHH01

    UFHH01 Plesk addicted!

    44
    64%
    Joined:
    Jun 11, 2013
    Messages:
    6,762
    Likes Received:
    1,712
    Location:
    Hamburg / Germany
    Hi learning_curve,

    o.k.... pls. get some coffee/tee ( I mean here: pls. have a short break from your computer ), as you seem to miss a very decent, essential part here:

    If you changed something in your serverwide "nginx.conf" ( added/modified settings for pagespeed and/or brotli, or any other depending additional module ), you will certainly have to REMOVE such addings/modifications, before you use the original "sw-nginx" again, as this package is not compiled with these additional modules. ;)

    In case you desire to step back to the original "sw-nginx" - package, you would certainly use your previous configuration files ( which you certainly created as a backup, BEFORE you modify your serverwide "nginx.conf", as this is a standart administration task! ).


    If you updated/upgraded/patched your own compiled nginx with the "sw-nginx" - package from Plesk, you will certainly have to RECOMPILE your very own nginx version again, as the update/upgrade/patch will as well overwrite the binary "/usr/sbin/nginx", which you replaced with the last step of your compilation process "make install". ;)
     
    Dukemaster and learning_curve like this.
Loading...