Merge branch '124.00stable'

centminmod · May 17, 2022 · 0680796 · 0680796
2 parents 54f13f4 + 71c2575
commit 0680796
Show file tree

Hide file tree

Showing 13 changed files with 101 additions and 58 deletions.
diff --git a/centmin-cli.sh b/centmin-cli.sh
@@ -27,7 +27,7 @@ DT=$(date +"%d%m%y-%H%M%S")
 branchname='124.00stable'
 SCRIPT_MAJORVER='124'
 SCRIPT_MINORVER='00'
-SCRIPT_INCREMENTVER='4'
+SCRIPT_INCREMENTVER='11'
 SCRIPT_VERSIONSHORT="${branchname}"
 SCRIPT_VERSION="${SCRIPT_VERSIONSHORT}.s${SCRIPT_INCREMENTVER}"
 SCRIPT_DATE='08/05/22'

diff --git a/centmin.sh b/centmin.sh
@@ -27,7 +27,7 @@ DT=$(date +"%d%m%y-%H%M%S")
 branchname='124.00stable'
 SCRIPT_MAJORVER='124'
 SCRIPT_MINORVER='00'
-SCRIPT_INCREMENTVER='4'
+SCRIPT_INCREMENTVER='11'
 SCRIPT_VERSIONSHORT="${branchname}"
 SCRIPT_VERSION="${SCRIPT_VERSIONSHORT}.s${SCRIPT_INCREMENTVER}"
 SCRIPT_DATE='08/05/22'

diff --git a/inc/brotli.inc b/inc/brotli.inc
@@ -462,6 +462,9 @@ brdep_update() {
 
 ngxbrotli_download() {
   if [[ "$NGINX_LIBBROTLI" = [yY] && "$(uname -m)" = 'x86_64' ]]; then
+    # update system cmake with cmake3 alternative setup
+    # https://community.centminmod.com/posts/92826/
+    cmake_alternatives
 
     if [[ "$DEVTOOLSETSEVEN" = [yY] && -f /opt/rh/devtoolset-7/root/usr/bin/gcc && -f /opt/rh/devtoolset-7/root/usr/bin/g++ ]] && [[ "$(gcc --version | head -n1 | awk '{print $3}' | cut -d . -f1,2 | sed "s|\.|0|")" -gt '407' ]]; then
         if [[ "$INITIALINSTALL" != [yY] ]]; then

diff --git a/inc/csfinstall.inc b/inc/csfinstall.inc
@@ -14,7 +14,7 @@ csf_maxmind_geolite_two_download() {
     csf_maxmind_silent=$1
     if [[ -f /etc/csf/csf.conf && -d /var/lib/csf/ ]] && [[ ! -f /var/lib/csf/Geo/GeoLite2-Country-Blocks-IPv4.csv || ! -f /var/lib/csf/Geo/GeoLite2-Country-Blocks-IPv6.csv || ! -f GeoLite2-Country-Locations-en.csv ]]; then
         if [[ "$csf_maxmind_silent" = 'silent' ]]; then
-            wget -q -4 https://centminmod.com/centminmodparts/geoip2-lite/csf-geolite2.tar.gz -O /svr-setup/csf-geolite2.tar.gz
+            wget${ipv_forceopt_wget} https://centminmod.com/centminmodparts/geoip2-lite/csf-geolite2.tar.gz -O /svr-setup/csf-geolite2.tar.gz
             tar xf /svr-setup/csf-geolite2.tar.gz -C /var/lib/csf/
             csf --profile backup cmm-before-maxmind-csf-database-download >/dev/null 2>&1
             sed -i 's|CC_INTERVAL = .*|CC_INTERVAL = "14"|' /etc/csf/csf.conf

diff --git a/inc/nginx_addvhost.inc b/inc/nginx_addvhost.inc
@@ -1333,7 +1333,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then
     echo
   fi
   # run lestdebug.net API check
-  run_letsdebug "$vhostname"
+  if [[ "$vhostssl" = 'le' || "$vhostssl" = 'led' || "$vhostssl" = 'lelive' || "$vhostssl" = 'lelived' ]]; then
+    run_letsdebug "$vhostname"
+  fi
 fi
 
 echo 

diff --git a/inc/nginx_upgrade.inc b/inc/nginx_upgrade.inc
@@ -1,3 +1,31 @@
+nginx_maintenance_on(){
+    # if you set /etc/centminmod/custom_config.inc file to
+    # NGINX_UPDATEMAINTENANCE=y
+    # then whenever you run nginx upgrade, you put all sites
+    # on server into 503 maintenance mode first and once
+    # updated, disable 503 maintenance mod after
+    if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then
+        if [ -f /usr/bin/sitestatus ]; then
+            /usr/bin/sitestatus off
+        fi
+    fi
+}
+
+nginx_maintenance_off(){
+    # if you set /etc/centminmod/custom_config.inc file to
+    # NGINX_UPDATEMAINTENANCE=y
+    # then whenever you run nginx upgrade, you put all sites
+    # on server into 503 maintenance mode first and once
+    # updated, disable 503 maintenance mod after
+    if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then
+        if [ -f /usr/bin/sitestatus ]; then
+            /usr/bin/sitestatus on
+        fi
+    fi
+}
+
+
+
 pcre_check_nginx(){
     # checks for $NGINX_PCRE_TWO='y'
     {
@@ -526,16 +554,7 @@ elif [[ "$CLI_NGINX_VER" ]]; then
         ngver="$LASTEST_NGINXVERS"
     fi
 
-    # if you set /etc/centminmod/custom_config.inc file to
-    # NGINX_UPDATEMAINTENANCE=y
-    # then whenever you run nginx upgrade, you put all sites
-    # on server into 503 maintenance mode first and once
-    # updated, disable 503 maintenance mod after
-    if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then
-        if [ -f /usr/bin/sitestatus ]; then
-            /usr/bin/sitestatus off
-        fi
-    fi
+    nginx_maintenance_on
 
     # auto check if static compiled Nginx openssl version matches
     # the one defined in centmin.sh OPENSSL_VERSION variable
@@ -571,16 +590,7 @@ else
         ngver="$LASTEST_NGINXVERS"
     fi
 
-    # if you set /etc/centminmod/custom_config.inc file to
-    # NGINX_UPDATEMAINTENANCE=y
-    # then whenever you run nginx upgrade, you put all sites
-    # on server into 503 maintenance mode first and once
-    # updated, disable 503 maintenance mod after
-    if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then
-        if [ -f /usr/bin/sitestatus ]; then
-            /usr/bin/sitestatus off
-        fi
-    fi
+    nginx_maintenance_on
 
     # auto check if static compiled Nginx openssl version matches
     # the one defined in centmin.sh OPENSSL_VERSION variable
@@ -740,6 +750,7 @@ fi
                 echo "make sure you type the correct nginx version"
                 echo "report errors on the forums at community.centminmod.com/forums/8/"
                 echo "with info asked at community.centminmod.com/threads/17778/"
+                nginx_maintenance_off
             echo
             free -m
             echo
@@ -775,6 +786,7 @@ fi
             echo "make sure you type the correct nginx version"
             echo "report errors on the forums at community.centminmod.com/forums/8/"
             echo "with info asked at community.centminmod.com/threads/17778/"
+            nginx_maintenance_off
             echo
             free -m
             echo
@@ -830,6 +842,7 @@ fi
       echo -e "\n`date`\nError: $ERR, Nginx configure failed\n"
         echo "report errors on the forums at community.centminmod.com/forums/8/"
         echo "with info asked at community.centminmod.com/threads/17778/"
+        nginx_maintenance_off
         echo
         free -mlt
         echo
@@ -942,6 +955,7 @@ fi
       echo -e "\n`date`\nError: $ERR, Nginx make failed\n"
         echo "report errors on the forums at community.centminmod.com/forums/8/"
         echo "with info asked at community.centminmod.com/threads/17778/"
+        nginx_maintenance_off
         echo
         free -mlt
         echo
@@ -1077,6 +1091,7 @@ fi
       echo -e "\n`date`\nError: $ERR, Nginx wasn't installed properly\n"
         echo "report errors on the forums at community.centminmod.com/forums/8/"
         echo "with info asked at community.centminmod.com/threads/17778/"
+        nginx_maintenance_off
         echo
         free -m
         echo
@@ -1328,16 +1343,7 @@ fi
         fi
         echo "*************************************************"
 
-    # if you set /etc/centminmod/custom_config.inc file to
-    # NGINX_UPDATEMAINTENANCE=y
-    # then whenever you run nginx upgrade, you put all sites
-    # on server into 503 maintenance mode first and once
-    # updated, disable 503 maintenance mod after
-    if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then
-        if [ -f /usr/bin/sitestatus ]; then
-            /usr/bin/sitestatus on
-        fi
-    fi
+        nginx_maintenance_off
     if [[ "$NGINX_NJS" = [yY] && -f "$DIR_TMP/njs/build/njs" ]]; then
         cp -af "$DIR_TMP/njs/build/njs" /usr/local/bin/njs
     fi

diff --git a/inc/openssl_install.inc b/inc/openssl_install.inc
@@ -1,20 +1,22 @@
 cmake_alternatives() {
-    if [ ! -f /usr/bin/cmake3 ]; then
-        yum -q -y install cmake3
-    fi
-    if [[ -f /usr/bin/cmake3 && ! "$(alternatives --display cmake | grep 'link currently points to /usr/bin/cmake3')" ]]; then
-      echo
-      echo "setup cmake to cmake3 alternatives mapping"    
-      # Nginx HTTP/3 + Quiche dependency library requires building with cmake version 3+ however
-      # CentOS uses cmake 2.8 and cmake3 3.x binaries which Quiche can't find so need to setup
-      # alternatives to change CentOS system cmake to link to cmake3
-      alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake 30 --slave /usr/local/bin/ctest ctest /usr/bin/ctest --slave /usr/local/bin/cpack cpack /usr/bin/cpack --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake --family cmake
-      alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake3 50 --slave /usr/local/bin/ctest ctest /usr/bin/ctest3 --slave /usr/local/bin/cpack cpack /usr/bin/cpack3 --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake3 --family cmake
-      alternatives --set cmake /usr/bin/cmake3
-      # alternatives --remove cmake /usr/bin/cmake3
-      echo "cmake --version"
-      cmake --version
-      echo "cmake to cmake3 alternatives mapping complete"
+    if [ "$CENTOS_SEVEN" -eq '7' ]; then
+        if [ ! -f /usr/bin/cmake3 ]; then
+            yum -q -y install cmake3
+        fi
+        if [[ -f /usr/bin/cmake3 && ! "$(alternatives --display cmake | grep 'link currently points to /usr/bin/cmake3')" ]]; then
+        echo
+        echo "setup cmake to cmake3 alternatives mapping"    
+        # Nginx HTTP/3 + Quiche dependency library requires building with cmake version 3+ however
+        # CentOS uses cmake 2.8 and cmake3 3.x binaries which Quiche can't find so need to setup
+        # alternatives to change CentOS system cmake to link to cmake3
+        alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake 30 --slave /usr/local/bin/ctest ctest /usr/bin/ctest --slave /usr/local/bin/cpack cpack /usr/bin/cpack --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake --family cmake
+        alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake3 50 --slave /usr/local/bin/ctest ctest /usr/bin/ctest3 --slave /usr/local/bin/cpack cpack /usr/bin/cpack3 --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake3 --family cmake
+        alternatives --set cmake /usr/bin/cmake3
+        # alternatives --remove cmake /usr/bin/cmake3
+        echo "cmake --version"
+        cmake --version
+        echo "cmake to cmake3 alternatives mapping complete"
+        fi
     fi
 }
 

diff --git a/inc/php_configure.inc b/inc/php_configure.inc
@@ -646,10 +646,6 @@ if [[ "$PHPMVER" = 5.[23456] ]]; then
   NEWLIBICU='n'
   echo "NEWLIBICU=$NEWLIBICU"
 fi
-if [[ "$PHPMUVER" = 5.[23456] ]]; then
-  NEWLIBICU='n'
-  echo "NEWLIBICU=$NEWLIBICU"
-fi
 if [[ "$PHPMVER" = '7.0' ]]; then
   NEWLIBICU='n'
   echo "NEWLIBICU=$NEWLIBICU"
@@ -674,6 +670,10 @@ if [[ "$PHPMVER" = '8.0' || "$PHPMVER" = '8.1' || "$PHPVER_ID" -ge '80000' ]]; t
   NEWLIBICU='y'
   echo "NEWLIBICU=$NEWLIBICU"
 fi
+if [[ "$PHPMUVER" = 5.[23456] ]]; then
+  NEWLIBICU='n'
+  echo "NEWLIBICU=$NEWLIBICU"
+fi
 if [[ "$PHPMUVER" = '7.0' ]]; then
   NEWLIBICU='n'
   echo "NEWLIBICU=$NEWLIBICU"

diff --git a/inc/wpsetup-fastcgi-cache.inc b/inc/wpsetup-fastcgi-cache.inc
@@ -3684,7 +3684,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then
     echo
   fi
   # run lestdebug.net API check
-  run_letsdebug "$vhostname"
+  if [[ "$vhostssl" = 'le' || "$vhostssl" = 'led' || "$vhostssl" = 'lelive' || "$vhostssl" = 'lelived' ]]; then
+    run_letsdebug "$vhostname"
+  fi
 fi
 
 if [[ "$wpcli_ssldefault" = '1' ]]; then

diff --git a/inc/wpsetup.inc b/inc/wpsetup.inc
@@ -3127,7 +3127,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then
     echo
   fi
   # run lestdebug.net API check
-  run_letsdebug "$vhostname"
+  if [[ "$vhostssl" = 'le' || "$vhostssl" = 'led' || "$vhostssl" = 'lelive' || "$vhostssl" = 'lelived' ]]; then
+    run_letsdebug "$vhostname"
+  fi
 fi
 
 if [[ "$wpcli_ssldefault" = '1' ]]; then

diff --git a/tools/cmupdate.sh b/tools/cmupdate.sh
@@ -113,6 +113,7 @@ case "$1" in
     ;;
   * )
     fupdate
+    exit
     ;;
 esac
 

diff --git a/tools/nginx-binary-backup.sh b/tools/nginx-binary-backup.sh
@@ -107,8 +107,16 @@ bin_backup() {
     LIBSATOMICOPS_LIBRARY_PATHDIR=$(dirname $(ldd $(which nginx) | awk '/libatomic/ {print $3}'))
     LIBSATOMICOPS_LIBRARY_WILDCARD='libatomic_ops'
   fi
+
+  # check if nginx binary built with jemalloc custom RPM
+  CHECK_NGINX_CUSTOM_JEMALLOC_BUILT=$(ldd $(which nginx) | grep -w -o '/usr/local/nginx-dep/lib/libjemalloc.so.2' | uniq | grep -o 'libjemalloc')
+  if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then
+    NGX_JEMALLOC_LABEL='-je'
+    JEMALLOC_LIBRARY_PATHDIR=$(dirname $(ldd $(which nginx) | awk '/libjemalloc/ {print $3}'))
+    JEMALLOC_LIBRARY_WILDCARD='libjemalloc'
+  fi
 
-  backup_tag="${NGINXBIN_VER}-${NGINXBIN_COMPILERNAME}-${NGINXBIN_CRYPTO}-${DDT}${NGXDEBUG_LABEL}${NGXHPACK_LABEL}${NGXZLIB_LABEL}${NGXLTO_LABEL}${NGXFATLTO_LABEL}${NGX_PCRETWO_LABEL}"
+  backup_tag="${NGINXBIN_VER}-${NGINXBIN_COMPILERNAME}-${NGINXBIN_CRYPTO}-${DDT}${NGXDEBUG_LABEL}${NGXHPACK_LABEL}${NGXZLIB_LABEL}${NGXLTO_LABEL}${NGXFATLTO_LABEL}${NGX_PCRETWO_LABEL}${NGX_JEMALLOC_LABEL}"
   if [ ! -d "${NGINXBIN_BACKUPDIR}/${backup_tag}" ]; then
     echo "--------------------------------------------------------"
     echo "backup current Nginx binary and dynamic modules"
@@ -120,6 +128,9 @@ bin_backup() {
     cp -af "$NGINXBIN_MODULESDIR" "${NGINXBIN_BACKUPDIR}/${backup_tag}"
     cp -af ${PCRE_LIBRARY_PATHDIR}/${PCRE_LIBRARY_WILDCARD}.* "${NGINXBIN_BACKUPDIR}/${backup_tag}/libs"
     cp -af ${LIBSATOMICOPS_LIBRARY_PATHDIR}/${LIBSATOMICOPS_LIBRARY_WILDCARD}.* "${NGINXBIN_BACKUPDIR}/${backup_tag}/libs"
+    if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then
+      cp -af ${JEMALLOC_LIBRARY_PATHDIR}/${JEMALLOC_LIBRARY_WILDCARD}.* "${NGINXBIN_BACKUPDIR}/${backup_tag}/libs"
+    fi
     # remove .so.old older dynamic nginx modules from backup
     # https://community.centminmod.com/posts/66124/
     if [ -d "${NGINXBIN_BACKUPDIR}/${backup_tag}/modules" ]; then
@@ -171,6 +182,13 @@ bin_restore() {
       LIBSATOMICOPS_LIBRARY_PATHDIR=$(dirname $(ldd ${backup_path}/bin/nginx | awk '/libatomic/ {print $3}'))
       LIBSATOMICOPS_LIBRARY_WILDCARD='libatomic_ops'
     fi
+    # check if nginx binary built with jemalloc custom RPM
+    CHECK_NGINX_CUSTOM_JEMALLOC_BUILT=$(ldd ${backup_path}/bin/nginx | grep -w -o '/usr/local/nginx-dep/lib/libjemalloc.so.2' | uniq | grep -o 'libjemalloc')
+    if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then
+      NGX_JEMALLOC_LABEL='-je'
+      JEMALLOC_LIBRARY_PATHDIR=$(dirname $(ldd ${backup_path}/bin/nginx | awk '/libjemalloc/ {print $3}'))
+      JEMALLOC_LIBRARY_WILDCARD='libjemalloc'
+    fi
     echo "--------------------------------------------------------"
     echo "Restore Nginx binary/module from backups"
     echo "--------------------------------------------------------"
@@ -212,6 +230,11 @@ bin_restore() {
             echo "cp -af ${backup_path}/libs/* $LIBSATOMICOPS_LIBRARY_PATHDIR"
             cp -af ${LIBSATOMICOPS_LIBRARY_PATHDIR}/${LIBSATOMICOPS_LIBRARY_WILDCARD}.* "$LIBSATOMICOPS_LIBRARY_PATHDIR"
             ls -lah "$LIBSATOMICOPS_LIBRARY_PATHDIR" | grep "$LIBSATOMICOPS_LIBRARY_WILDCARD"
+            if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then
+              echo "cp -af ${backup_path}/libs/* $JEMALLOC_LIBRARY_PATHDIR"
+              cp -af ${JEMALLOC_LIBRARY_PATHDIR}/${JEMALLOC_LIBRARY_WILDCARD}.* "$JEMALLOC_LIBRARY_PATHDIR"
+              ls -lah "$JEMALLOC_LIBRARY_PATHDIR" | grep "$JEMALLOC_LIBRARY_WILDCARD"
+            fi
           fi
           if [ -d "${backup_path}/modules" ]; then
             echo

diff --git a/tools/nv.sh b/tools/nv.sh
@@ -1506,7 +1506,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then
     echo
   fi
   # run lestdebug.net API check
-  run_letsdebug "$vhostname"
+  if [[ "$sslconfig" = 'le' || "$sslconfig" = 'led' || "$sslconfig" = 'lelive' || "$sslconfig" = 'lelived' ]]; then
+    run_letsdebug "$vhostname"
+  fi
 fi
 
 echo