Bumblebeey
New Pleskian
after install this my rewrite rules stopped work. giving 404 error any help ?
Hi @Tobias Reinhard,
two weeks ago I did the update-job again here on page 5 of @UFHH01 tutorial with nginx 1.13.10 and all related modules.
BUT ! ! ! As I mentioned in another thread, in Qualys you get the successful result with these updated versions like usual. (e.g. draft-18 supported, A+, 390% of 400%).
Pagespeed is working fine with Redis 4.0.8 in my case.
But in real protocol TLSv1.2 is used instead of TLS 1.3.
Nginx log says: tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client
It is related to massive changes of OpenSSL by developers, you could see it in Github. Developers publish every few days a new pre-release. This week they renamed pre4 to beta, one day later they pulled it back again to pre4. They work hard to publish the official release of 1.1.1. next weeks.
I spent every day several hours to resolve this issue, but without a solution to fix it. I also compiled Nginx with draft-19 successfully, but again without running protocol 1.3.
Pagespeed and brotli compression work like a charm, the best since UFHH01 started his amazing tutorial, for the updated components - but only without TLSv1.3.
Greets
PHP message: PHP Warning: opendir(/var/www/vhosts/domain.de/cache//f): failed to open dir: Permission denied in /var/www/vhosts/domain.de/httpdocs/wp-content/plugins/nginx-helper/purger.php on line 774" while reading response header from upstream, client: 2003
Try this other thread: Input - Bash script to compile Nginx from source with additional modules on Plesk Onyx especially post #68Is there any update in respect to OpenSSL TSL 1.3 ?
There's a CentOS script in that thread if you read it all. We ran it ourselves when we used to be on CentOS. You'll need to update the script for the correct OpenSSL details, but it worked back then so can't immediately see why it won't now (i.e. just because of an updated OpenSSL component....)Thanks I know this Ubuntu Script, but I'm on Centos and I therefore would need to do steps manually. So I just need the openssl part that basically received an update.
Have you had chance to read all of the thread? Meaning THIS thread but specifically towards the end of it? Including; THIS link? In terms of Ubuntu 18.04 everything you've mentioned is indeed right there...Apart from the script which describes a good way to realize TLS 1.3 it would be nice to know how to compile nginx with OpenSSL 1.1.1 in Ubuntu18.04.2 and/or CentOS. To have the possibility doing it manually too.
./configure --prefix=/etc/nginx \
> --sbin-path=/usr/sbin/nginx \
> --conf-path=/etc/nginx/nginx.conf \
> --error-log-path=/var/log/nginx/error.log \
> --http-log-path=/var/log/nginx/access.log \
> --lock-path=/var/lock/nginx.lock \
> --pid-path=/var/run/nginx.pid \
> --http-client-body-temp-path=/var/lib/nginx/body \
> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
> --http-proxy-temp-path=/var/lib/nginx/proxy \
> --http-scgi-temp-path=/var/lib/nginx/scgi \
> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
> --user=nginx \
> --group=nginx \
> --with-debug \
> --with-file-aio \
> --with-google_perftools_module \
> --with-mail \
> --with-mail_ssl_module \
> --with-threads \
> --with-select_module \
> --with-stream \
> --with-stream_ssl_module \
> --with-http_addition_module \
> --with-http_auth_request_module \
> --with-http_dav_module \
> --with-http_flv_module \
> --with-http_geoip_module \
> --with-http_gunzip_module \
> --with-http_gzip_static_module \
--> --with-http_image_filter_module \
> --with-http_mp4_module \
> --with-http_perl_module \
> --with-http_random_index_module \
> --with-http_realip_module \
> --with-http_secure_link_module \
> --with-http_stub_status_module \
> --with-http_sub_module \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_xslt_module \
> --with-poll_module \
> --with-openssl=/usr/share/openssl \
> --with-openssl-opt=enable-tls1_3 \
> --add-module=/usr/share/nginx/modules/echo-nginx-module-0.62 \
> --add-module=/usr/share/nginx/modules/ngx_brotli \
> --add-module=/usr/share/passenger/ngx_http_passenger_module \
> --add-module=/usr/share/nginx/modules/ngx_cache_purge-2.3.1 \
> --add-module=/usr/share/nginx/modules/ngx_coolkit-0.2 \
> --add-module=/usr/share/nginx/modules/ngx_pagespeed-1.13.35.2 \
> --add-module=/usr/share/nginx/modules/ngx_headers-more-v0.33
checking for OS
+ Linux 3.10.0-1127.el7.x86_64 x86_64
checking for C compiler ... found
+ using GNU C compiler
+ gcc version: 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
checking for gcc -pipe switch ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for EPOLLEXCLUSIVE ... not found
checking for O_PATH ... found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for prctl(PR_SET_KEEPCAPS) ... found
checking for capabilities ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for sched_setaffinity() ... found
checking for SO_SETFIB ... not found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... not found
checking for SO_BINDANY ... not found
checking for IP_TRANSPARENT ... found
checking for IP_BINDANY ... not found
checking for IP_BIND_ADDRESS_NO_PORT ... found
checking for IP_RECVDSTADDR ... not found
checking for IP_SENDSRCADDR ... not found
checking for IP_PKTINFO ... found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for kqueue AIO support ... not found
checking for Linux AIO support ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes
checking for long long size ... 8 bytes
checking for void * size ... 8 bytes
checking for uint32_t ... found
checking for uint64_t ... found
checking for sig_atomic_t ... found
checking for sig_atomic_t size ... 4 bytes
checking for socklen_t ... found
checking for in_addr_t ... found
checking for in_port_t ... found
checking for rlim_t ... found
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for clock_gettime(CLOCK_MONOTONIC) ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for ioctl(FIONREAD) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
configuring additional modules
adding module in /usr/share/nginx/modules/echo-nginx-module-0.62
+ ngx_http_echo_module was configured
adding module in /usr/share/nginx/modules/ngx_brotli
+ ngx_brotli was configured
adding module in /usr/share/passenger/ngx_http_passenger_module
checking for Math library ... found
checking for POSIX realtime library ... found
+ ngx_http_passenger_module was configured
adding module in /usr/share/nginx/modules/ngx_cache_purge-2.3.1
+ ngx_http_cache_purge_module was configured
adding module in /usr/share/nginx/modules/ngx_coolkit-0.2
+ ngx_coolkit_module was configured
adding module in /usr/share/nginx/modules/ngx_pagespeed-1.13.35.2
You have set --with-debug for building nginx, but precompiled Debug binaries for
PSOL, which ngx_pagespeed depends on, aren't available. If you're trying to
debug PSOL you need to build it from source. If you just want to run nginx with
debug-level logging you can use the Release binaries.
Use the available Release binaries? [Y/n] Y
mod_pagespeed_dir=/usr/share/nginx/modules/ngx_pagespeed-1.13.35.2/psol/include
build_from_source=false
checking for psol ... found
List of modules (in reverse order of applicability): ngx_http_write_filter_module ngx_http_header_filter_module ngx_http_chunked_filter_module ngx_http_v2_filter_module ngx_http_range_header_filter_module ngx_pagespeed_etag_filter ngx_http_gzip_filter_module ngx_http_brotli_filter_module ngx_pagespeed ngx_http_postpone_filter_module ngx_http_ssi_filter_module ngx_http_charset_filter_module ngx_http_xslt_filter_module ngx_http_image_filter_module ngx_http_sub_filter_module ngx_http_addition_filter_module ngx_http_gunzip_filter_module ngx_http_userid_filter_module ngx_http_headers_filter_module
checking for psol-compiler-compat ... found
+ ngx_pagespeed was configured
adding module in /usr/share/nginx/modules/ngx_headers-more-v0.33
+ ngx_http_headers_more_filter_module was configured
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for zlib library ... found
checking for libxslt ... found
checking for libexslt ... found
checking for GD library ... found
checking for GD WebP support ... not found
checking for perl
+ perl version: This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
+ perl interpreter multiplicity found
checking for GeoIP library ... found
checking for GeoIP IPv6 support ... found
checking for Google perftools ... found
creating objs/Makefile
Configuration summary
+ using threads
+ using system PCRE library
+ using OpenSSL library: /usr/share/openssl
+ using system zlib library
nginx path prefix: "/etc/nginx"
nginx binary file: "/usr/sbin/nginx"
nginx modules path: "/etc/nginx/modules"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/var/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/var/log/nginx/access.log"
nginx http client request body temporary files: "/var/lib/nginx/body"
nginx http proxy temporary files: "/var/lib/nginx/proxy"
nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
nginx http scgi temporary files: "/var/lib/nginx/scgi"