Jump to content

Diário de Bordo - Servidor FNF


Revenge
 Share

Recommended Posts

Este tópico tem o intuito de dar a informação sempre que faço uma actualização de uma aplicação relevante no servidor que pode eventualmente mexer com o funcionamento do FNF.

Assim se encontrarem algo que de um momento para o outro deixou de funcionar bem, podem ver aqui as alterações que houve desde que repararam e colocar no tópico dos bugs.

Versões Actuais:

Centos 7.2
Nginx 1.9.12
PHP 7.0.3
MariaDB 10.1.11
Memcached 1.4.25
Fail2ban 0.9.3

 


 

Hoje foi feita actualização do Nginx para a versão 1.9.12. Esta versão dá erro ao compilar com o LibreSSL e a equipa do Nginx descarta-se dizendo que só suportam o OpenSSL. Como tal regressamos ao OpenSSL 1.0.2f e adicionei este patch do Cloudflare para adicionar o suporte ao chacha20 poly1305. Por acaso este patch tem uma vantagem em que apenas os dispositivos sem suporte AES-NI usam este protocolos. Os que suportam, o AES128 é bastante mais rapido.

Quote

Changes with nginx 1.9.12                                        24 Feb 2016

    *) Feature: Huffman encoding of response headers in HTTP/2.
       Thanks to Vlad Krasnov.

    *) Feature: the "worker_cpu_affinity" directive now supports more than
       64 CPUs.

    *) Bugfix: compatibility with 3rd party C++ modules; the bug had
       appeared in 1.9.11.
       Thanks to Piotr Sikora.

    *) Bugfix: nginx could not be built statically with OpenSSL on Linux;
       the bug had appeared in 1.9.11.

    *) Bugfix: the "add_header ... always" directive with an empty value did
       not delete "Last-Modified" and "ETag" header lines from error
       responses.

    *) Workaround: "called a function you should not call" and "shutdown
       while in init" messages might appear in logs when using OpenSSL
       1.0.2f.

    *) Bugfix: invalid headers might be logged incorrectly.

    *) Bugfix: socket leak when using HTTP/2.

    *) Bugfix: in the ngx_http_v2_module.

 

Quote

[root@fastnewsforum ~]# nginx -V
nginx version: nginx/1.9.12
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with OpenSSL 1.0.2f  28 Jan 2016
TLS SNI support enabled
configure arguments: --prefix=/opt --with-openssl=/src/openssl-1.0.2f/ --with-openssl-opt=enable-tlsext --with-pcre=/src/pcre-8.38/ --with-pcre-jit --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings'

 

  • Like 1
Link to comment
Share on other sites

Actualização PHP 7.0.4

Quote

# php -v
PHP 7.0.4 (cli) (built: Mar 2 2016 18:03:26) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
with Xdebug v2.4.0RC4, Copyright (c) 2002-2016, by Derick Rethans

 

Quote

The PHP development team announces the immediate availability of PHP 7.0.4. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

For source downloads of PHP 7.0.4 please visit our downloads page, Windows source and binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.

  • Like 2
Link to comment
Share on other sites

  • 3 weeks later...

Configurei múltiplas php-fpm pools para "internal load balancing".

Basicamente o Nginx passa a distribuir os requests pelas varias pools. Em vez de termos uma única pool com vários childrens, passamos a ter varias pools, cada uma delas com menos childrens.

Link to comment
Share on other sites

Actualização MariaDB 10.1.13

Quote

Notable Changes

 

Link to comment
Share on other sites

Actualização Nginx 1.9.13

Quote

Changes with nginx 1.9.13 29 Mar 2016

*) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer
passed to the next server by default if a request has been sent to a
backend; the "non_idempotent" parameter of the "proxy_next_upstream"
directive explicitly allows retrying such requests.

*) Feature: the ngx_http_perl_module can be built dynamically.

*) Feature: UDP support in the stream module.

*) Feature: the "aio_write" directive.

*) Feature: now cache manager monitors number of elements in caches and
tries to avoid cache keys zone overflows.

*) Bugfix: "task already active" and "second aio post" alerts might
appear in logs when using the "sendfile" and "aio" directives with
subrequests.

*) Bugfix: "zero size buf in output" alerts might appear in logs if
caching was used and a client closed a connection prematurely.

*) Bugfix: connections with clients might be closed needlessly if
caching was used.
Thanks to Justin Li.

*) Bugfix: nginx might hog CPU if the "sendfile" directive was used on
Linux or Solaris and a file being sent was changed during sending.

*) Bugfix: connections might hang when using the "sendfile" and "aio
threads" directives.

*) Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives when using variables.
Thanks to Piotr Sikora.

*) Bugfix: in the ngx_http_sub_filter_module.

*) Bugfix: if an error occurred in a cached backend connection, the
request was passed to the next server regardless of the
proxy_next_upstream directive.

*) Bugfix: "CreateFile() failed" errors when creating temporary files on
Windows.

 

Link to comment
Share on other sites

31 de Março - Actualização PHP 7.0.5


Actualização Nginx 1.9.14

Quote

Changes with nginx 1.9.14                                        

    *) Feature: OpenSSL 1.1.0 compatibility.

    *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
       "scgi_request_buffering", and "uwsgi_request_buffering" directives
       now work with HTTP/2.

    *) Bugfix: "zero size buf in output" alerts might appear in logs when
       using HTTP/2.

    *) Bugfix: the "client_max_body_size" directive might work incorrectly
       when using HTTP/2.

    *) Bugfix: of minor bugs in logging.

 

Link to comment
Share on other sites

  • 2 weeks later...

Actualização Nginx 1.9.15

Quote

Changes with nginx 1.9.15                                        19 Apr 2016

    *) Bugfix: "recv() failed" errors might occur when using HHVM as a
       FastCGI server.

    *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
       directives a timeout or a "client violated flow control" error might
       occur while reading client request body; the bug had appeared in
       1.9.14.

    *) Workaround: a response might not be shown by some browsers if HTTP/2
       was used and client request body was not fully read; the bug had
       appeared in 1.9.14.

    *) Bugfix: connections might hang when using the "aio threads"
       directive.
       Thanks to Mindaugas Rasiukevicius.

 

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Actualização Nginx 1.11.0

Quote

Changes with nginx 1.11.0                                        24 May 2016

    *) Feature: the "transparent" parameter of the "proxy_bind",
       "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind"
       directives.

    *) Feature: the $request_id variable.

    *) Feature: the "map" directive supports combinations of multiple
       variables as resulting values.

    *) Feature: now nginx checks if EPOLLRDHUP events are supported by
       kernel, and optimizes connection handling accordingly if the "epoll"
       method is used.

    *) Feature: the "ssl_certificate" and "ssl_certificate_key" directives
       can be specified multiple times to load certificates of different
       types (for example, RSA and ECDSA).

    *) Feature: the "ssl_ecdh_curve" directive now allows specifying a list
       of curves when using OpenSSL 1.0.2 or newer; by default a list built
       into OpenSSL is used.

    *) Change: to use DHE ciphers it is now required to specify parameters
       using the "ssl_dhparam" directive.

    *) Feature: the $proxy_protocol_port variable.

    *) Feature: the $realip_remote_port variable in the
       ngx_http_realip_module.

    *) Feature: the ngx_http_realip_module is now able to set the client
       port in addition to the address.

    *) Change: the "421 Misdirected Request" response now used when
       rejecting requests to a virtual server different from one negotiated
       during an SSL handshake; this improves interoperability with some
       HTTP/2 clients when using client certificates.

    *) Change: HTTP/2 clients can now start sending request body
       immediately; the "http2_body_preread_size" directive controls size of
       the buffer used before nginx will start reading client request body.

    *) Bugfix: cached error responses were not updated when using the
       "proxy_cache_bypass" directive.

 

  • Like 1
Link to comment
Share on other sites

Actualização PHP 7.0.7

Quote

26 May 2016

The PHP development team announces the immediate availability of PHP 7.0.7. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

For source downloads of PHP 7.0.7 please visit our downloads page, Windows source and binaries can be found onwindows.php.net/download/. The list of changes is recorded in the ChangeLog.

 

Link to comment
Share on other sites

Actualização Nginx 1.11.1

Quote

Changes with nginx 1.11.1                                        31 May 2016

    *) Security: a segmentation fault might occur in a worker process while
       writing a specially crafted request body to a temporary file
       (CVE-2016-4450); the bug had appeared in 1.3.9.

 

Link to comment
Share on other sites

  • 4 weeks later...

Actualização PHP 7.0.8

Quote

23 Jun 2016

The PHP development team announces the immediate availability of PHP 7.0.8. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

For source downloads of PHP 7.0.8 please visit our downloads page, Windows source and binaries can be found onwindows.php.net/download/. The list of changes is recorded in the ChangeLog.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.