Input How to compile NGINX with additional modules ( pagespeed / cache_purge / headers-more / and others )

[UFHH01]

Hi Wiz,

this "warning" is unfortunately not aware of the two completely different compressions from "brotli" and "gzip". Both do there job and your warning can be safely ignored.

 

[Daniel Slyman]

thanks a lot for this!

one slight problem, I followed all of your instructions but with TLS 1.3 enabled in the ssl.conf, the nginx test is showing errors. any idea? I'm on Centos 7.4

Thanks

 

[UFHH01]

Hi Daniel Slyman,

it would help, if you could name the errors ( pls. use "copy&paste" for example from your command line ) , so that people willing to help you have something to start with their investigations together with you.

 

[virtubox]

Thanks you @UFHH01 for you awesome contribution.
I have done a script to automate the compilation of nginx available on github : GitHub - VirtuBox/plesk-nginx
Currently, I have tested it only on Ubuntu 16.04 LTS.

But to restart nginx after the installation of the last release, I had to replace the nginx.service file. Is it normal ?

 

[UFHH01]

Hi virtubox,

I had to replace the nginx.service file. Is it normal ?

I never experienced such an issue on one of my servers. Try to traceback the process in oder to get to your root cause and pls. avoid non-standard replacements, like:

wget -O /etc/systemd/system/multi-user.target.wants/nginx.service https://raw.githubusercontent.com/VirtuBox/plesk-nginx/master/nginx/nginx.service

from your script.

Pls. open a NEW thread at => Home > Forum > General Discussion > Open Topics , if you experience issues/errors/problems, related to YOUR unique project at github.

 

[virtubox]

Hi virtubox,


I never experienced such an issue on one of my servers. Try to traceback the process in oder to get to your root cause and pls. avoid non-standard replacements, like:

wget -O /etc/systemd/system/multi-user.target.wants/nginx.service https://raw.githubusercontent.com/VirtuBox/plesk-nginx/master/nginx/nginx.service

from your script.

Pls. open a NEW thread at => Home > Forum > General Discussion > Open Topics , if you experience issues/errors/problems, related to YOUR unique project at github.

Ok, nginx.service replacement is removed, I will create a new thread to discuss about the project.

 

[IronDonDon]

Hi.
First of all, thank you @UFHH01 for this great and important tutorial!
I'd like to utilize nginx's own microcaching capabilities, which work very well. I mainly work with Wordpress, and would like to use cache_purge module + wordpress plugin. Unfortunately, I cannot make it work. I do not know nginx very well and Plesk even less, so I would like to know, how do you utilize cache_purge?
If I am not mistaken, php-fpm master process runs as root, but its child processes use Plesk Subscription User permissions to run PHP scripts, which prevents them from accessing the NGINX cache folder or deleting any cache from there. So in my case the chain nginx+php-fpm+wordpress+nginxHelper does not work.
I would be grateful for any suggestion!

Thank you

 

[UFHH01]

Hi IronDonDon,

here you go with an example at your serverwide "nginx,conf":

        # Wordpress with NGINX - Helper + FastCGI - Cache modified by UFHH01
            map $uri $blogname {
                ~^(?P<blogpath>/[^/]+/)files/(.*)    $blogpath;
            }
            map $blogname $blogid {
                default -999;

                include /var/www/vhosts/YOUR-DOMAIN.COM/httpdocs/wp-content/plugins/nginx-helper/map.conf;
            }

             fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
             fastcgi_cache_key "$scheme$request_method$host$request_uri";
             fastcgi_cache_use_stale error timeout invalid_header http_500;
             fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
        # End Wordpress with NGINX - Helper + FastCGI - Cache modified by UFHH01

This example certainly depends on your very own and unique "blogpath". Another example would be:

        map $http_host $blogid {
            default 0;

            YOUR-DOMAIN.COM 1;
            YOUR-OTHER-DOMAIN.COM 2;
            SUBDOMAIN.YOUR-THIRD-COMAIN.COM 3;
        }

... while you still have to include the specific "map.conf"

More informations and links can be seen at: => Nginx Helper



If you desire MORE help for your goal, pls. consider to open a NEW thread at => Home > Forum > General Discussion > Open Topics , as your question is not related to the basic compiliation step-by-step - guide for your unique nginx at this thread.

 

[UFHH01]

Contribution has been updated with:

NGINX - version 1.13.6​

 

[Dukemaster]

Works like a charm. Installation by your great tutorial is easy also for no experts.
Thanks a lot. @UFHH01 *sorry*

root@server:~# nginx -V
nginx version: nginx/1.13.6
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.5)
built with OpenSSL 1.1.1-dev  xx XXX xxxx
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-debug --with-file-aio --with-google_perftools_module --with-mail --with-mail_ssl_module --with-threads --with-select_module --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-http_v2_module --with-http_xslt_module --with-poll_module --with-openssl=/usr/share/openssl --with-openssl-opt=enable-tls1_3 --add-module=/usr/share/nginx/modules/ngx_brotli --add-module=/usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable --add-module=/usr/share/passenger/ngx_http_passenger_module --add-module=/usr/share/nginx/modules/ngx_cache_purge-2.3 --add-module=/usr/share/nginx/modules/ngx_coolkit-0.2 --add-module=/usr/share/nginx/modules/ngx_slowfs_cache-1.10 --add-module=/usr/share/nginx/modules/ngx_headers-more-0.32

 

[learning_curve]

Our first (slow and careful) run at this has gone quite well and we're near the end of this step now:

8. You should now be able to COMPILE your NGINX - version, with the example command:

The result, after running just the ./configure command so far (with today's version of the "step-by-step guide") is:

checking for OS
 + Linux 3.10.0-693.2.2.el7.x86_64 x86_64
checking for C compiler ... found
 + using GNU C compiler
 + gcc version: 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
checking for gcc -pipe switch ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for EPOLLEXCLUSIVE ... not found
checking for O_PATH ... found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for sched_setaffinity() ... found
checking for SO_SETFIB ... not found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... not found
checking for SO_BINDANY ... not found
checking for IP_BIND_ADDRESS_NO_PORT ... not found
checking for IP_TRANSPARENT ... found
checking for IP_BINDANY ... not found
checking for IP_RECVDSTADDR ... not found
checking for IP_SENDSRCADDR ... not found
checking for IP_PKTINFO ... found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for kqueue AIO support ... not found
checking for Linux AIO support ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint32_t ... found
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 4 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in /usr/share/nginx/modules/ngx_brotli
 + ngx_brotli was configured
adding module in /usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable

You have set --with-debug for building nginx, but precompiled Debug binaries for
PSOL, which ngx_pagespeed depends on, aren't available.  If you're trying to
debug PSOL you need to build it from source.  If you just want to run nginx with
debug-level logging you can use the Release binaries.

Use the available Release binaries? [Y/n]

Seeing as we were not at the install point here and to check in advance what other errors make occur...
we went for the easy option of (Y) and the result was

mod_pagespeed_dir=/usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable/psol/include
build_from_source=false
checking for psol ... found
List of modules (in reverse order of applicability): ngx_http_write_filter_module ngx_http_header_filter_module ngx_http_chunked_filter_module ngx_http_v2_filter_module ngx_http_range_header_filter_module ngx_pagespeed_etag_filter ngx_http_gzip_filter_module ngx_http_brotli_filter_module ngx_pagespeed ngx_http_postpone_filter_module ngx_http_ssi_filter_module ngx_http_charset_filter_module ngx_http_xslt_filter_module ngx_http_image_filter_module ngx_http_sub_filter_module ngx_http_addition_filter_module ngx_http_gunzip_filter_module ngx_http_userid_filter_module ngx_http_headers_filter_module
checking for psol-compiler-compat ... found
 + ngx_pagespeed was configured
adding module in /usr/share/nginx/modules/ngx_cache_purge-2.3
 + ngx_http_cache_purge_module was configured
adding module in /usr/share/nginx/modules/ngx_coolkit-0.2
 + ngx_coolkit_module was configured
adding module in /usr/share/nginx/modules/ngx_slowfs_cache-1.10
 + ngx_http_slowfs_module was configured
adding module in /usr/share/nginx/modules/ngx_headers-more-0.32
 + ngx_http_headers_more_filter_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for zlib library ... found
checking for libxslt ... found
checking for libexslt ... found
checking for GD library ... found
checking for GD WebP support ... not found
checking for perl
 + perl version: This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
 + perl interpreter multiplicity found
checking for GeoIP library ... found
checking for GeoIP IPv6 support ... found
checking for Google perftools ... found
creating objs/Makefile

Configuration summary
  + using threads
  + using system PCRE library
  + using OpenSSL library: /usr/share/openssl
  + using system zlib library

  nginx path prefix: "/etc/nginx"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/etc/nginx/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx http proxy temporary files: "/var/lib/nginx/proxy"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
  nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
  nginx http scgi temporary files: "/var/lib/nginx/scgi"
[root@:D nginx-1.13.6]#

We had read the previous references to the --add-module=/usr/share/passenger/ngx_http_passenger_module line in the ./configure code provided and had removed that line as you can see.

The Makefile contains this:

default:    build

clean:
    rm -rf Makefile objs

build:
    $(MAKE) -f objs/Makefile

install:
    $(MAKE) -f objs/Makefile install

modules:
    $(MAKE) -f objs/Makefile modules

upgrade:
    /usr/sbin/nginx -t

    kill -USR2 `cat /var/run/nginx.pid`
    sleep 1
    test -f /var/run/nginx.pid.oldbin

    kill -QUIT `cat /var/run/nginx.pid.oldbin`

It all looks good to go so far, but we wanted to double check on a) any of items 'not found' in the first code block above and b) our chose of (Y) to the 'to run nginx with debug-level logging you can use the Release binaries' option in the 2nd code block above. Any advice / comments @UFHH01 before we go on to make and make install ?

 

[UFHH01]

Hi learning_curve,

all looks good and as expected. Pls. continue with your next step.

 

[learning_curve]

Well...That all went very well with no immediate issues at all, that we can see.

Full credit to @UFHH01 for all his help, patience & guidance!

# nginx -V
nginx version: nginx/1.13.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.1.1-dev  xx XXX xxxx
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-debug --with-file-aio --with-google_perftools_module --with-mail --with-mail_ssl_module --with-threads --with-select_module --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-http_v2_module --with-http_xslt_module --with-poll_module --with-openssl=/usr/share/openssl --with-openssl-opt=enable-tls1_3 --add-module=/usr/share/nginx/modules/ngx_brotli --add-module=/usr/share/nginx/modules/ngx_pagespeed-1.12.34.3-stable --add-module=/usr/share/nginx/modules/ngx_cache_purge-2.3 --add-module=/usr/share/nginx/modules/ngx_coolkit-0.2 --add-module=/usr/share/nginx/modules/ngx_slowfs_cache-1.10 --add-module=/usr/share/nginx/modules/ngx_headers-more-0.32

Several different external tests are able to confirm the new 'additions' e.g. TLSv1.3 (draft 18) etc It's stable & running great

A couple of small comments / questions for @UFHH01

The command line still 'sees' "sw-nginx" as it was released by Plesk, despite it being a much later self-complied release now.
No problem for us, as we're pretty sure we understand why, but maybe worth remembering for others

# nginx -v
nginx version: nginx/1.13.6
# rpm -qa | grep sw-nginx
sw-nginx-1.11.10-centos7.17032813.x86_64

As per the final note in the tutorial, we have locked "sw-nginx" from any further updates via our Plesk Panel GUI which we are confident is the same as hold - see attached image (hold is the word that's actually written in the tutorial). This makes great sense as it can easily be unlocked to allow "sw-nginx" to be upgraded via Plesk (when an equivalent/greater spec "sw-nginx" is eventually released )

As per the tutorial, we have modified /etc/nginx/conf.d/ssl.conf to now include TLSv1.3 as well as TLSv1.2 and this is fine. We are assuming that because nginx is reverse proxy server, we do not need to make further modifications to /etc/httpd/conf.d/ssl.conf and /etc/proftpd.d/ssl.conf as well (we have previoulsy modified both of these to TLSv1.2 only) until... such time that TLSv1.3 becomes a stable release and Plesk then subsequently provide upgrades for all items like these as well as "sw-nginx" ?

We have also already upgraded /etc/sw-cp-server/conf.d/ssl.conf but mainly in order to match our upgraded but self-compiled "sw-cp-server" (mentioned in THIS thread's opening post). This has a later version of nginx than the current Plesk release too

# sw-cp-serverd -V
nginx version: nginx/1.12.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.2l  25 May 2017
TLS SNI support enabled

but this specific nginx release can't suport TLSv1.3 anyway. Again we'll wait... for Plesk to eventually release the TLSv1.3 upgraded version of "sw-cp-server" and then overwrite this self compiled version.

The most important question is this last one Can we now

# cd /root/addons
# rm -rf nginx

to completely clear up, now that we're happily running nginx 1.13.6 ("sw-nginx") live?

 

[UFHH01]

Hi learning_curve,

The command line still 'sees' "sw-nginx" as it was released by Plesk, despite it being a much later self-complied release now.

This is as well expected and intended, as some Plesk features and components depend on the "sw-nginx" - package.

upgrades for all items like these as well

Sorry, I can't guarantee this, as my tutorial includes additional modules, which might not be essential for every Plesk user, even that I don't see any reason, why they shouldn't be included in an upcoming "sw-nginx" - package, for a wider range of possible modifications and settings for each domain over the "Additional nginx directives" - options.

This has a later version of nginx than the current Plesk release too

... which I still don't recommend, as I can't see any reasons, apart from the TLS1.3 option, to compile an own "sw-cp-server" - package. You increased a tiny, little security setting option, while there is absolute no reported risk or bug, when you continue to use only TLS1.1 and TLS1.2. All global standarts are still met with the current sw-cp-server - package from Plesk and you get official support for it, while you will never get official support with your own, unique sw-cp-server version. While it can make sense to use an own, unique nginx ( "sw-nginx" ) version, I would never recommend to touch basic Plesk components, if it isn't essential.

The most important question is this last one Can we now

# cd /root/addons
# rm -rf nginx

to completely clear up, now that we're happily running nginx 1.13.6 ("sw-nginx") live?

Sure. After your compilation and the final replacement with "make install", it IS as well recommended to clean up your "work folder".

to completely clear up, now that we're happily running nginx 1.13.6 ("sw-nginx") live?

Pls. don't bother about the "false" sw-nginx - version at your Server Components page over your Plesk Control Panel, you know that you compiled your own nginx, which doesn't change the version of your installed sw-nginx - package.

 

[learning_curve]

learning_curve said: ↑
This has a later version of nginx than the current Plesk release too

... which I still don't recommend

Yes we are bad boys but... this does work very well (it's TLSv1.2 only, we don't use TLSv1.1 anywhere) and because of the way it was compiled, it appears correctly within Package Manager, so will be overwritten just like the official Plesk version would, once the next Plesk release is finally made available (which should be... with a far more up-to-date openssl / nginx / etc components and must support TLSv1.3 too) but to be fair, upgrading "sw-cp-server" is only a small sideshow here really.

This great thread is actually all about taking the option to install a 100% useable, up-to-date, secure verison of "sw-nginx" which you thankfully, have provided a working, informative tutorial for. There are a few caveats, but it is a 100% YES from us

 

[Wiz]

@UFHH01 A quick FYI ... Nginx appears to have been updated by Plesk despite it being locked via CP to prevent updates. This occurred together with the recent passenger updates

Updating:
 mod_passenger                                 x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         293 k
 passenger                                     x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         7.1 M
 passenger-devel                               x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         6.5 M
 passenger-native-libs                         x86_64                         5.1.11-centos7.17102310                          PLESK_17_5_3-extras                         7.3 k
 sw-nginx                                      x86_64                         1.11.10-centos7.17102311                         PLESK_17_NGINX                              1.5 M

 

[learning_curve]

We haven't run Plesk Update #26 yet. We don't have Phusion Passenger installed or use it anyway. We too have "sw-nginx" locked via Plesk CP, which should provide an advance error/notification if there was in intended "sw-nginx" update (in theory ). The Plesk ChangeLog doesn't mention "sw-nginx" as being part of Update #26 but we're guessing that there's a knock-on effect to "sw-nginx" from the Phusion Passenger issue? We'll wait for comments from @UFHH01 before looking at Update #26

 

[UFHH01]

Hi @ all,

no need to wait for a comment from me, as the path for

--add-module=/usr/share/passenger/ngx_http_passenger_module \

will not change in case of an update/upgrade/patch.

Pls. keep as well in mind, that I need as well time to investigate ( possible ) issues/errors/problems in case of Plesk updates/upgrades/patches and IF you experience any issues, pls. don't hesitate to post them and pls. don't forget to mention YOUR current used operating system.

 

[learning_curve]

Update: We have a full Plesk backup (Tools & Settings / Backup Manager) of our complete setup BEFORE running Plesk #Upgrade 26 so we could recover ALL of that if needed.... We ran Plesk #Upgrade 26 and have a copy of the complete download / install log if needed. Our system setup is shown in our signature.

The Plesk update: Update to 1.11.10-centos7.17102311 (PLESK_17_NGINX) has not actually been applied yet, because as covered previously, sw-nginx 1.11.10-centos7.17032813 (PLESK_17_NGINX) is locked within the updates panel and this lock / retained update is confirmed within the panel awaiting action.

However, if we now run some quick command line checks, we can see that it "appears" differently there

# nginx -v
nginx version: nginx/1.11.10

i.e. that's reporting we're back to the official Plesk "sw-nginx" but a subsequent

# nginx -t

provides details of

configuration file /etc/nginx/nginx.conf test failed

which is understandable, because this was modified to suit the self-compiled "sw-nginx"
We have the original .conf file anyway and can easily restore this.
Consequenlty, nginx hasn't been sucessfully re-started after the Upgrade #26 yet and is running "as it was"

So our only question is... What action next? Is it

a) Unlock sw-nginx 1.11.10-centos7.17032813 (PLESK_17_NGINX) restore the .conf file mentioned (and the modified sss.conf file too) and then, run the awaiting upgade from the panel, which will successfully re-start nginx by default and (we guess) take us back to where we were, with the official Plesk "sw-nginx" release version, but now with the Phusion Passenger security risk removed. We would then need to run the re-compile process again as per the Tutorial (no problem with that) Or...

b) Another method suggested by @UFHH01

 

[UFHH01]

Hi learning_curve,

o.k.... pls. get some coffee/tee ( I mean here: pls. have a short break from your computer ), as you seem to miss a very decent, essential part here:

If you changed something in your serverwide "nginx.conf" ( added/modified settings for pagespeed and/or brotli, or any other depending additional module ), you will certainly have to REMOVE such addings/modifications, before you use the original "sw-nginx" again, as this package is not compiled with these additional modules.

In case you desire to step back to the original "sw-nginx" - package, you would certainly use your previous configuration files ( which you certainly created as a backup, BEFORE you modify your serverwide "nginx.conf", as this is a standart administration task! ).


If you updated/upgraded/patched your own compiled nginx with the "sw-nginx" - package from Plesk, you will certainly have to RECOMPILE your very own nginx version again, as the update/upgrade/patch will as well overwrite the binary "/usr/sbin/nginx", which you replaced with the last step of your compilation process "make install".