KUSANAGI 7.8 version upgrade details

KUSANAGI 7.8 version upgrade details

KUSANAGI version 7.8 is now available. On every cloud service, if you are a new user, perform the yum system update covered in the “KUSANAGI Initialization” guide to automatically upgrade to 7.8.
If you are currently using a previous version, please enter the following command as root user to upgrade to 7.8.

# yum update -y kusanagi*

The new features of 7.8 are as follows:

  1. HTTP/2 support
  2. Let’s Encrypt installation
  3. KUSANAGI command “update cert” added
  4. Middleware/applications updates

1. HTTP/2 support

It is now possible to use HTTP/2 while transmitting via HTTPS.
HTTP/2  is a new protocol that allows the multiplexing of transmissions to the browser, and shortens the time for onload.

* For details about HTTP/2, please see the Wikipedia page.

* If a site was created using an version before 7.8 it will not be provisioned to use HTTP/2. If you would like to use HTTP/2 for such a site, please revise the following web server setup files.

Nginx setup file

/etc/nginx/conf.d/~~~~~_http.conf
* ~~~~~  is the value you set during provisioning

Before revision
location ~* /\. {
deny all;
}

After revision
location ~* /\.well-known/ {
allow all;
}


location ~* /\. {
deny all;
}

/etc/nginx/conf.d/~~~~~_ssl.conf
* ~~~~~  is the value you set during provisioning

Before revision
location ~* /\. {
deny all;
}

After revision
location ~* /\.well-known/ {
allow all;
}


location ~* /\. {
deny all;
}

Before revision
listen 443 ssl;
After revision
listen 443 ssl http2;

Before revision
ssl_ciphers HIGH:!aNULL:!MD5;
After revision
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;

Apache setup file

/etc/httpd/conf.d/~~~~~_ssl.conf
* ~~~~~  is the value you set during provisioning

<VirtualHost *:443>  the following was added
Protocols h2 http/1.1

Before revision
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

After revision
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

2. Let’s Encrypt installation

The free SSL certificate software Let’s Encrypt  is now available. During provisioning you will be asked to enter an email address to automatically install and configure a Let’s Encrypt SSL certificate. Also, once the certificate has been installed, it will automatically be updated so that you may continue to use Let’s Encrypt SSL.

* In order to install or update your Let’s Encrypt SSL certificate, access to your FQDN server (set up in provisioning) is required. If you have a Basic certificate or have not configured your FQDN DNS, then you will not be able to install or update Let’s Encrypt SSL.

* If you prefer not to use Let’s Encrypt SSL, just hit Enter without typing an email address and you can skip installation.

* Let’s Encrypt  SSL certificate is a domain authentication. If you need a stronger authentication, please use a certificate authority.

* Let’s Encrypt is currently in beta. This may change in the future.

* The installation and updating of Let’s Encrypt SSL uses API. This API has  usage limits, so frequent requests will be restricted.

3. KUSANAGI command “update cert” added

With the installation of Let’s Encrypt, the KUSANAGI command “update cert” has been added.

# kusanagi update cert
This will update the Let’s Encrypt SSL certificate of the currently targeted database.

* You can use “kusanagi target” to confirm the targeted database.

# kusanagi update cert {target}
With the {target} parameter you can directly update the Let’s Encrypt SSL certificate of the targeted database.

4. Middleware/applications updates

The upgrade to 7.8 comes with the following updates to middleware and applications.

Nginx
1.9.10
Apache
2.4.18
HHVM
3.11.0
PHP7
7.0.2
WP-CLI
0.22.0

We will offer any new updates to middleware and applications with a new version upgrade when they become available.