diff --git a/centmin-cli.sh b/centmin-cli.sh index b294fedb..51b5713c 100755 --- a/centmin-cli.sh +++ b/centmin-cli.sh @@ -27,7 +27,7 @@ DT=$(date +"%d%m%y-%H%M%S") branchname='124.00stable' SCRIPT_MAJORVER='124' SCRIPT_MINORVER='00' -SCRIPT_INCREMENTVER='4' +SCRIPT_INCREMENTVER='11' SCRIPT_VERSIONSHORT="${branchname}" SCRIPT_VERSION="${SCRIPT_VERSIONSHORT}.s${SCRIPT_INCREMENTVER}" SCRIPT_DATE='08/05/22' diff --git a/centmin.sh b/centmin.sh index 4b82db83..b5c7bbe4 100755 --- a/centmin.sh +++ b/centmin.sh @@ -27,7 +27,7 @@ DT=$(date +"%d%m%y-%H%M%S") branchname='124.00stable' SCRIPT_MAJORVER='124' SCRIPT_MINORVER='00' -SCRIPT_INCREMENTVER='4' +SCRIPT_INCREMENTVER='11' SCRIPT_VERSIONSHORT="${branchname}" SCRIPT_VERSION="${SCRIPT_VERSIONSHORT}.s${SCRIPT_INCREMENTVER}" SCRIPT_DATE='08/05/22' diff --git a/inc/brotli.inc b/inc/brotli.inc index afb1eb29..530263a5 100644 --- a/inc/brotli.inc +++ b/inc/brotli.inc @@ -462,6 +462,9 @@ brdep_update() { ngxbrotli_download() { if [[ "$NGINX_LIBBROTLI" = [yY] && "$(uname -m)" = 'x86_64' ]]; then + # update system cmake with cmake3 alternative setup + # https://community.centminmod.com/posts/92826/ + cmake_alternatives if [[ "$DEVTOOLSETSEVEN" = [yY] && -f /opt/rh/devtoolset-7/root/usr/bin/gcc && -f /opt/rh/devtoolset-7/root/usr/bin/g++ ]] && [[ "$(gcc --version | head -n1 | awk '{print $3}' | cut -d . -f1,2 | sed "s|\.|0|")" -gt '407' ]]; then if [[ "$INITIALINSTALL" != [yY] ]]; then diff --git a/inc/csfinstall.inc b/inc/csfinstall.inc index ab862c29..638eb402 100644 --- a/inc/csfinstall.inc +++ b/inc/csfinstall.inc @@ -14,7 +14,7 @@ csf_maxmind_geolite_two_download() { csf_maxmind_silent=$1 if [[ -f /etc/csf/csf.conf && -d /var/lib/csf/ ]] && [[ ! -f /var/lib/csf/Geo/GeoLite2-Country-Blocks-IPv4.csv || ! -f /var/lib/csf/Geo/GeoLite2-Country-Blocks-IPv6.csv || ! -f GeoLite2-Country-Locations-en.csv ]]; then if [[ "$csf_maxmind_silent" = 'silent' ]]; then - wget -q -4 https://centminmod.com/centminmodparts/geoip2-lite/csf-geolite2.tar.gz -O /svr-setup/csf-geolite2.tar.gz + wget${ipv_forceopt_wget} https://centminmod.com/centminmodparts/geoip2-lite/csf-geolite2.tar.gz -O /svr-setup/csf-geolite2.tar.gz tar xf /svr-setup/csf-geolite2.tar.gz -C /var/lib/csf/ csf --profile backup cmm-before-maxmind-csf-database-download >/dev/null 2>&1 sed -i 's|CC_INTERVAL = .*|CC_INTERVAL = "14"|' /etc/csf/csf.conf diff --git a/inc/nginx_addvhost.inc b/inc/nginx_addvhost.inc index 03d670b8..83df9766 100644 --- a/inc/nginx_addvhost.inc +++ b/inc/nginx_addvhost.inc @@ -1333,7 +1333,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then echo fi # run lestdebug.net API check - run_letsdebug "$vhostname" + if [[ "$vhostssl" = 'le' || "$vhostssl" = 'led' || "$vhostssl" = 'lelive' || "$vhostssl" = 'lelived' ]]; then + run_letsdebug "$vhostname" + fi fi echo diff --git a/inc/nginx_upgrade.inc b/inc/nginx_upgrade.inc index c5fb282f..f2713ff1 100644 --- a/inc/nginx_upgrade.inc +++ b/inc/nginx_upgrade.inc @@ -1,3 +1,31 @@ +nginx_maintenance_on(){ + # if you set /etc/centminmod/custom_config.inc file to + # NGINX_UPDATEMAINTENANCE=y + # then whenever you run nginx upgrade, you put all sites + # on server into 503 maintenance mode first and once + # updated, disable 503 maintenance mod after + if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then + if [ -f /usr/bin/sitestatus ]; then + /usr/bin/sitestatus off + fi + fi +} + +nginx_maintenance_off(){ + # if you set /etc/centminmod/custom_config.inc file to + # NGINX_UPDATEMAINTENANCE=y + # then whenever you run nginx upgrade, you put all sites + # on server into 503 maintenance mode first and once + # updated, disable 503 maintenance mod after + if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then + if [ -f /usr/bin/sitestatus ]; then + /usr/bin/sitestatus on + fi + fi +} + + + pcre_check_nginx(){ # checks for $NGINX_PCRE_TWO='y' { @@ -526,16 +554,7 @@ elif [[ "$CLI_NGINX_VER" ]]; then ngver="$LASTEST_NGINXVERS" fi - # if you set /etc/centminmod/custom_config.inc file to - # NGINX_UPDATEMAINTENANCE=y - # then whenever you run nginx upgrade, you put all sites - # on server into 503 maintenance mode first and once - # updated, disable 503 maintenance mod after - if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then - if [ -f /usr/bin/sitestatus ]; then - /usr/bin/sitestatus off - fi - fi + nginx_maintenance_on # auto check if static compiled Nginx openssl version matches # the one defined in centmin.sh OPENSSL_VERSION variable @@ -571,16 +590,7 @@ else ngver="$LASTEST_NGINXVERS" fi - # if you set /etc/centminmod/custom_config.inc file to - # NGINX_UPDATEMAINTENANCE=y - # then whenever you run nginx upgrade, you put all sites - # on server into 503 maintenance mode first and once - # updated, disable 503 maintenance mod after - if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then - if [ -f /usr/bin/sitestatus ]; then - /usr/bin/sitestatus off - fi - fi + nginx_maintenance_on # auto check if static compiled Nginx openssl version matches # the one defined in centmin.sh OPENSSL_VERSION variable @@ -740,6 +750,7 @@ fi echo "make sure you type the correct nginx version" echo "report errors on the forums at community.centminmod.com/forums/8/" echo "with info asked at community.centminmod.com/threads/17778/" + nginx_maintenance_off echo free -m echo @@ -775,6 +786,7 @@ fi echo "make sure you type the correct nginx version" echo "report errors on the forums at community.centminmod.com/forums/8/" echo "with info asked at community.centminmod.com/threads/17778/" + nginx_maintenance_off echo free -m echo @@ -830,6 +842,7 @@ fi echo -e "\n`date`\nError: $ERR, Nginx configure failed\n" echo "report errors on the forums at community.centminmod.com/forums/8/" echo "with info asked at community.centminmod.com/threads/17778/" + nginx_maintenance_off echo free -mlt echo @@ -942,6 +955,7 @@ fi echo -e "\n`date`\nError: $ERR, Nginx make failed\n" echo "report errors on the forums at community.centminmod.com/forums/8/" echo "with info asked at community.centminmod.com/threads/17778/" + nginx_maintenance_off echo free -mlt echo @@ -1077,6 +1091,7 @@ fi echo -e "\n`date`\nError: $ERR, Nginx wasn't installed properly\n" echo "report errors on the forums at community.centminmod.com/forums/8/" echo "with info asked at community.centminmod.com/threads/17778/" + nginx_maintenance_off echo free -m echo @@ -1328,16 +1343,7 @@ fi fi echo "*************************************************" - # if you set /etc/centminmod/custom_config.inc file to - # NGINX_UPDATEMAINTENANCE=y - # then whenever you run nginx upgrade, you put all sites - # on server into 503 maintenance mode first and once - # updated, disable 503 maintenance mod after - if [[ "$NGINX_UPDATEMAINTENANCE" = [yY] ]]; then - if [ -f /usr/bin/sitestatus ]; then - /usr/bin/sitestatus on - fi - fi + nginx_maintenance_off if [[ "$NGINX_NJS" = [yY] && -f "$DIR_TMP/njs/build/njs" ]]; then cp -af "$DIR_TMP/njs/build/njs" /usr/local/bin/njs fi diff --git a/inc/openssl_install.inc b/inc/openssl_install.inc index 9d31ac6d..a475a785 100644 --- a/inc/openssl_install.inc +++ b/inc/openssl_install.inc @@ -1,20 +1,22 @@ cmake_alternatives() { - if [ ! -f /usr/bin/cmake3 ]; then - yum -q -y install cmake3 - fi - if [[ -f /usr/bin/cmake3 && ! "$(alternatives --display cmake | grep 'link currently points to /usr/bin/cmake3')" ]]; then - echo - echo "setup cmake to cmake3 alternatives mapping" - # Nginx HTTP/3 + Quiche dependency library requires building with cmake version 3+ however - # CentOS uses cmake 2.8 and cmake3 3.x binaries which Quiche can't find so need to setup - # alternatives to change CentOS system cmake to link to cmake3 - alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake 30 --slave /usr/local/bin/ctest ctest /usr/bin/ctest --slave /usr/local/bin/cpack cpack /usr/bin/cpack --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake --family cmake - alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake3 50 --slave /usr/local/bin/ctest ctest /usr/bin/ctest3 --slave /usr/local/bin/cpack cpack /usr/bin/cpack3 --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake3 --family cmake - alternatives --set cmake /usr/bin/cmake3 - # alternatives --remove cmake /usr/bin/cmake3 - echo "cmake --version" - cmake --version - echo "cmake to cmake3 alternatives mapping complete" + if [ "$CENTOS_SEVEN" -eq '7' ]; then + if [ ! -f /usr/bin/cmake3 ]; then + yum -q -y install cmake3 + fi + if [[ -f /usr/bin/cmake3 && ! "$(alternatives --display cmake | grep 'link currently points to /usr/bin/cmake3')" ]]; then + echo + echo "setup cmake to cmake3 alternatives mapping" + # Nginx HTTP/3 + Quiche dependency library requires building with cmake version 3+ however + # CentOS uses cmake 2.8 and cmake3 3.x binaries which Quiche can't find so need to setup + # alternatives to change CentOS system cmake to link to cmake3 + alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake 30 --slave /usr/local/bin/ctest ctest /usr/bin/ctest --slave /usr/local/bin/cpack cpack /usr/bin/cpack --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake --family cmake + alternatives --install /usr/local/bin/cmake cmake /usr/bin/cmake3 50 --slave /usr/local/bin/ctest ctest /usr/bin/ctest3 --slave /usr/local/bin/cpack cpack /usr/bin/cpack3 --slave /usr/local/bin/ccmake ccmake /usr/bin/ccmake3 --family cmake + alternatives --set cmake /usr/bin/cmake3 + # alternatives --remove cmake /usr/bin/cmake3 + echo "cmake --version" + cmake --version + echo "cmake to cmake3 alternatives mapping complete" + fi fi } diff --git a/inc/php_configure.inc b/inc/php_configure.inc index 9206b892..abafc259 100644 --- a/inc/php_configure.inc +++ b/inc/php_configure.inc @@ -646,10 +646,6 @@ if [[ "$PHPMVER" = 5.[23456] ]]; then NEWLIBICU='n' echo "NEWLIBICU=$NEWLIBICU" fi -if [[ "$PHPMUVER" = 5.[23456] ]]; then - NEWLIBICU='n' - echo "NEWLIBICU=$NEWLIBICU" -fi if [[ "$PHPMVER" = '7.0' ]]; then NEWLIBICU='n' echo "NEWLIBICU=$NEWLIBICU" @@ -674,6 +670,10 @@ if [[ "$PHPMVER" = '8.0' || "$PHPMVER" = '8.1' || "$PHPVER_ID" -ge '80000' ]]; t NEWLIBICU='y' echo "NEWLIBICU=$NEWLIBICU" fi +if [[ "$PHPMUVER" = 5.[23456] ]]; then + NEWLIBICU='n' + echo "NEWLIBICU=$NEWLIBICU" +fi if [[ "$PHPMUVER" = '7.0' ]]; then NEWLIBICU='n' echo "NEWLIBICU=$NEWLIBICU" diff --git a/inc/wpsetup-fastcgi-cache.inc b/inc/wpsetup-fastcgi-cache.inc index c534da48..ba13cf31 100644 --- a/inc/wpsetup-fastcgi-cache.inc +++ b/inc/wpsetup-fastcgi-cache.inc @@ -3684,7 +3684,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then echo fi # run lestdebug.net API check - run_letsdebug "$vhostname" + if [[ "$vhostssl" = 'le' || "$vhostssl" = 'led' || "$vhostssl" = 'lelive' || "$vhostssl" = 'lelived' ]]; then + run_letsdebug "$vhostname" + fi fi if [[ "$wpcli_ssldefault" = '1' ]]; then diff --git a/inc/wpsetup.inc b/inc/wpsetup.inc index 74777d54..715a1468 100644 --- a/inc/wpsetup.inc +++ b/inc/wpsetup.inc @@ -3127,7 +3127,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then echo fi # run lestdebug.net API check - run_letsdebug "$vhostname" + if [[ "$vhostssl" = 'le' || "$vhostssl" = 'led' || "$vhostssl" = 'lelive' || "$vhostssl" = 'lelived' ]]; then + run_letsdebug "$vhostname" + fi fi if [[ "$wpcli_ssldefault" = '1' ]]; then diff --git a/tools/cmupdate.sh b/tools/cmupdate.sh index 9e07146c..e90aff43 100755 --- a/tools/cmupdate.sh +++ b/tools/cmupdate.sh @@ -113,6 +113,7 @@ case "$1" in ;; * ) fupdate + exit ;; esac diff --git a/tools/nginx-binary-backup.sh b/tools/nginx-binary-backup.sh index e1dc3876..2ae7f278 100755 --- a/tools/nginx-binary-backup.sh +++ b/tools/nginx-binary-backup.sh @@ -107,8 +107,16 @@ bin_backup() { LIBSATOMICOPS_LIBRARY_PATHDIR=$(dirname $(ldd $(which nginx) | awk '/libatomic/ {print $3}')) LIBSATOMICOPS_LIBRARY_WILDCARD='libatomic_ops' fi + + # check if nginx binary built with jemalloc custom RPM + CHECK_NGINX_CUSTOM_JEMALLOC_BUILT=$(ldd $(which nginx) | grep -w -o '/usr/local/nginx-dep/lib/libjemalloc.so.2' | uniq | grep -o 'libjemalloc') + if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then + NGX_JEMALLOC_LABEL='-je' + JEMALLOC_LIBRARY_PATHDIR=$(dirname $(ldd $(which nginx) | awk '/libjemalloc/ {print $3}')) + JEMALLOC_LIBRARY_WILDCARD='libjemalloc' + fi - backup_tag="${NGINXBIN_VER}-${NGINXBIN_COMPILERNAME}-${NGINXBIN_CRYPTO}-${DDT}${NGXDEBUG_LABEL}${NGXHPACK_LABEL}${NGXZLIB_LABEL}${NGXLTO_LABEL}${NGXFATLTO_LABEL}${NGX_PCRETWO_LABEL}" + backup_tag="${NGINXBIN_VER}-${NGINXBIN_COMPILERNAME}-${NGINXBIN_CRYPTO}-${DDT}${NGXDEBUG_LABEL}${NGXHPACK_LABEL}${NGXZLIB_LABEL}${NGXLTO_LABEL}${NGXFATLTO_LABEL}${NGX_PCRETWO_LABEL}${NGX_JEMALLOC_LABEL}" if [ ! -d "${NGINXBIN_BACKUPDIR}/${backup_tag}" ]; then echo "--------------------------------------------------------" echo "backup current Nginx binary and dynamic modules" @@ -120,6 +128,9 @@ bin_backup() { cp -af "$NGINXBIN_MODULESDIR" "${NGINXBIN_BACKUPDIR}/${backup_tag}" cp -af ${PCRE_LIBRARY_PATHDIR}/${PCRE_LIBRARY_WILDCARD}.* "${NGINXBIN_BACKUPDIR}/${backup_tag}/libs" cp -af ${LIBSATOMICOPS_LIBRARY_PATHDIR}/${LIBSATOMICOPS_LIBRARY_WILDCARD}.* "${NGINXBIN_BACKUPDIR}/${backup_tag}/libs" + if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then + cp -af ${JEMALLOC_LIBRARY_PATHDIR}/${JEMALLOC_LIBRARY_WILDCARD}.* "${NGINXBIN_BACKUPDIR}/${backup_tag}/libs" + fi # remove .so.old older dynamic nginx modules from backup # https://community.centminmod.com/posts/66124/ if [ -d "${NGINXBIN_BACKUPDIR}/${backup_tag}/modules" ]; then @@ -171,6 +182,13 @@ bin_restore() { LIBSATOMICOPS_LIBRARY_PATHDIR=$(dirname $(ldd ${backup_path}/bin/nginx | awk '/libatomic/ {print $3}')) LIBSATOMICOPS_LIBRARY_WILDCARD='libatomic_ops' fi + # check if nginx binary built with jemalloc custom RPM + CHECK_NGINX_CUSTOM_JEMALLOC_BUILT=$(ldd ${backup_path}/bin/nginx | grep -w -o '/usr/local/nginx-dep/lib/libjemalloc.so.2' | uniq | grep -o 'libjemalloc') + if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then + NGX_JEMALLOC_LABEL='-je' + JEMALLOC_LIBRARY_PATHDIR=$(dirname $(ldd ${backup_path}/bin/nginx | awk '/libjemalloc/ {print $3}')) + JEMALLOC_LIBRARY_WILDCARD='libjemalloc' + fi echo "--------------------------------------------------------" echo "Restore Nginx binary/module from backups" echo "--------------------------------------------------------" @@ -212,6 +230,11 @@ bin_restore() { echo "cp -af ${backup_path}/libs/* $LIBSATOMICOPS_LIBRARY_PATHDIR" cp -af ${LIBSATOMICOPS_LIBRARY_PATHDIR}/${LIBSATOMICOPS_LIBRARY_WILDCARD}.* "$LIBSATOMICOPS_LIBRARY_PATHDIR" ls -lah "$LIBSATOMICOPS_LIBRARY_PATHDIR" | grep "$LIBSATOMICOPS_LIBRARY_WILDCARD" + if [[ "$CHECK_NGINX_CUSTOM_JEMALLOC_BUILT" = 'libjemalloc' ]]; then + echo "cp -af ${backup_path}/libs/* $JEMALLOC_LIBRARY_PATHDIR" + cp -af ${JEMALLOC_LIBRARY_PATHDIR}/${JEMALLOC_LIBRARY_WILDCARD}.* "$JEMALLOC_LIBRARY_PATHDIR" + ls -lah "$JEMALLOC_LIBRARY_PATHDIR" | grep "$JEMALLOC_LIBRARY_WILDCARD" + fi fi if [ -d "${backup_path}/modules" ]; then echo diff --git a/tools/nv.sh b/tools/nv.sh index d39e3b8d..4d681d0c 100755 --- a/tools/nv.sh +++ b/tools/nv.sh @@ -1506,7 +1506,9 @@ if [[ "$LETSENCRYPT_DETECT" = [yY] ]]; then echo fi # run lestdebug.net API check - run_letsdebug "$vhostname" + if [[ "$sslconfig" = 'le' || "$sslconfig" = 'led' || "$sslconfig" = 'lelive' || "$sslconfig" = 'lelived' ]]; then + run_letsdebug "$vhostname" + fi fi echo