KUSANAGI version upgrade details 8.0.1-1
The bug fix of KUSANAGI 8.0.0 is done.
If you are currently using a previous version, please enter the following command as root user to upgrade to 8.0.1-1
# yum update
New features in KUSANAGI 8.0.1-1
- SSL Certificate Transparency is available(Only For NGINX)
- New feature for DH settings on SSL settings in Apache2
- Certbot-auto renew is available
1. SSL Certificate Transparency is available(Only For NGINX)
Certificate Transparency is a new technology to enhance the reliability of SSL / TLS proposed by Google.
Now RFC6962 is attracting attention as a new technology to prevent erroneous issuance of certificates.
Kusanagi-nginx previously supported CT, but you can enable / disable it with the option of kusanagi ssl command
kusanagi ssl --ct [on|off]
Creates a Signed Certificate Timestamp (SCT) from the SSL certificate on the configuration file, registers it on the Google site with the certificate, and enables CT with NGINX settings after run kusanagi ssl --ct on
Also, when acquiring SSL certificate of Let’s Encrypt with kusanagi provision / ssl --email, CT will be automatically on.
2. New features DH settings for Apache2 SSL settings
The DH (Diffie-Hellman) key exchange setting was set up previously in NGINX and now it’s also available to setup in Apache 2.
This setup will allow you to exchange encryption keys more securely.
3. Certbot-auto renew is available
Updates of SSL certificates acquired with Let’s Encrypt are registered in crontab for each profile and executed once every two months.
Therefore, there was a issue that the SSL certificate expires when updating the SSL certificate fails.
You can automatically update certificates those expire for SSL certificates obtained from Let’s Encrypt with certbot-auto renew option.
KUSANAGI 8.0.1-1 Bug Fixes
- Description error in Apache configuration file when setting ssl
- Active hsts will cause http response tab malfunction(Only For NGINX)
- Drupal8 error detect
- Failure in autorenewal with kusanagi provision/ssl --email
- Compete KUSANAGI Plugin between WP Site Manager
- Specified php7 have been ignored during the process kusanagi init
- Japanese Messages Errors
1. Description error in Apache configuration file when setting ssl
There was a problem with appending to Apache 2 configuration file when kusanagi provision/ssl --email option was specified
2. Active hsts will cause http response tab malfunction(Only For NGINX)
http response header will disappear while kusanagi ssl --hsts is active
3. Drupal8 error detect
Develop version either beta version will install while process of Drupal8 deploy with kusanagi provision --drupal8 command.
4. Failure in autorenewal with kusanagi provision/ssl --email
Autorenewal Let’s Encrypt SSL certificate cron settings was failed to auto renew when used kusanagi provision/ssl --email to get SSL certication.
5. Compete KUSANAGI Plugin between WP Site Manager
Installed WP Site Manager Plugin at same time will be influence by WP Site Manager (default installed by standard KUSANAGI installation).
However, bcache will malfunction by WP Site Manager Plugin installed.
The issues will be solve by this time KUSANAGI Plugin update with using the following command:
# kusanagi target profile # kusanagi update plugin
6. Specified php7 have been ignored during the process kusanagi init
php-fpm service won’t have any effective even chose php5 as option while kusanagi init running interactively.
This error won’t happen when --php5 option is choose during kusanagi init.
7. Japanese messages error
Fixed the kusanagi commands messages errors while kusanagi OS language setup in japansese.