Simply Fast WordPress [14] – Using KUSANAGI – Adding Always-On SSL and HTTP/2 (Part 2. SSL Server Certificates for Business)

This is a series of articles explaining how to speed up WordPress, the use of which is growing rapidly for CMS-based business sites and media sites. This time, we will explain how to install Always-On SSL with SSL server certificates for business, and HTTP/2.

Last time, we explained how to install Always-On SSL and HTTP/2 using free SSL certificates from Let’s Encrypt.

This time, we will explain the significance of using SSL server certificates for business-use from services like Digicert, Globalsign, Network solutions, and Symantec. We will also explain how to install them along with HTTP/2. In this article, we assume that you have provisioned WordPress with KUSANAGI, so it is recommended that you read “Using KUSANAGI – Adding Always-On SSL and HTTP2 (Part 1. Let’s Encrypt)” first.

KUSANAGI module update

The modules that composed KUSANAGI had been updated. The new versions are as follows.

PHP7 7.0.14 WordPress 4.7

Use the following command to update modules.

# yum update

KUSANAGI version upgrade details 8.0.2-1

KUSANAGI version upgrade details 8.0.2-1

The bug fix of KUSANAGI 8.0.0 is done.
If you are currently using a previous version, please enter the following command as root user to upgrade to 8.0.1-2.

# yum update

KUSANAGI 8.0.2-1 Bug Fixes

  1. Error detection in rootkit check tool

1. Error detection in rootkit check tool

Detected some issues with using chkrootkit,rkhunter tools,
RH-Sharpe’s Rootkit which located in /usr/bin/wp including kusanagi-wp-cli have been detected
As a result, it’s determine as error detection from the following.

  1. chkrootkitandrkhunter
    「RH-Sharpe’s Rootkit」will check only whether the designated file exists, but does not check the contents.
  2. The RPM which created by us is same as checksum which placed in /usr/bin/wp
  3. Virus is not detected when checking /usr/bin/wp included kusanagi wp-cli with Virus Check tool

This erroneous detection will occur in the future if we continue with using “RH – Sharpe’s Rootkit” old rootkit, it’s difficult to notify multiple rootkit detection tool developers , as solution we changed the path to /usr/local/bin/wp.
After this update , it’s confirmed that rootkit is not detected withchkrootkiteitherrkhunter.

Please notice the following after update done

  1. When using the wp command as the root user, change alias of the wp command which set with .bashrc and use /usr/local/bin/wp.
    After executing yum update, please login again to make sure the alias of the new wp command is valid.
  2. Make sure to include /usr/local/bin when using wp commands as kusanagi user.

Simply Fast WordPress [13] – Using KUSANAGI – Adding Always-On SSL and HTTP2 (Part 1. Let’s Encrypt)

This is a series of articles explaining how to speed up WordPress, the use of which is growing rapidly for CMS-based business sites and media sites. This time, we will add support for Always-On SSL and HTTP/2 to our WordPress site, and explain how to get a free SSL certificate from Let’s Encrypt.

In the last issue, we verified how fast KUSANAGI, the “1000x speed tuned” virtual machine for WordPress, really is.
In this practical guide, we will enable Always-On SSL and the high-speed transfer protocol HTTP/2 on a WordPress site. We will also explain how to get a free SSL certificate from Let’s Encrypt.

KUSANAGI module update

The modules that composed KUSANAGI had been updated. The new versions are as follows.

NGINX 1.11.6

Use the following command to update modules.

# yum update

Simply Fast WordPress [12] – How fast is KUSANAGI, the “1000x speed” WordPress virtual machine?

This is a series of articles explaining how to speed up WordPress, the use of which is growing rapidly for CMS-based business sites and media sites. In his article, we will verify just how fast KUSANAGI is when operated on a public cloud.

Last time, we introduced seven merits of running a KUSANAGI, the WordPress 1000x speed-tuning virtual machine.
This time, we will launch KUSANAGI on a public cloud service, and verify its speed. We will use KUSANAGI for AWS (Amazon Web Services) and compare the results to the results from our speed-tuning efforts in articles 2-10.

KUSANAGI module update

The modules that composed KUSANAGI had been updated. The new versions are as follows.

WP CLI 0.25.0

Use the following command to update modules.

# yum update

KUSANAGI version upgrade details 8.0.1-2

KUSANAGI version upgrade details 8.0.1-2

The bug fix of KUSANAGI 8.0.0 is done.
If you are currently using a previous version, please enter the following command as root user to upgrade to 8.0.1-2.

# yum update

KUSANAGI 8.0.1-1 Bug Fixes

  1. Apache configuration when kusanagi provision/setting specifies FQDN with www
  2. Kusanagi Package update issue

1. Apache configuration when kusanagi provision/setting specifies FQDN with www

If specifies www.example.com either example.com as FQDN with kusanagi provision/setting both will be set as VirtualHost, but we defined the second FQDN is not set as ServerAlias instead ServerName in Apache configuration.
In this patch, correctly set the second FQDN as ServerAlias ​​issue has been solved in this case.

2. Kusanagi Package update issue

There was a issue that yum update freezes when updating kusanagi package. In this patch , this issue has been solved.

KUSANAGI version upgrade details 8.0.1-1

KUSANAGI version upgrade details 8.0.1-1

The bug fix of KUSANAGI 8.0.0 is done.
If you are currently using a previous version, please enter the following command as root user to upgrade to 8.0.1-1

# yum update

New features in KUSANAGI 8.0.1-1

  1. SSL Certificate Transparency is available(Only For NGINX)
  2. New feature for DH settings on SSL settings in Apache2
  3. Certbot-auto renew is available

1. SSL Certificate Transparency is available(Only For NGINX)

Certificate Transparency is a new technology to enhance the reliability of SSL / TLS proposed by Google.
Now RFC6962 is attracting attention as a new technology to prevent erroneous issuance of certificates.
Kusanagi-nginx previously supported CT, but you can enable / disable it with the option of kusanagi ssl command
kusanagi ssl --ct [on|off]

Creates a Signed Certificate Timestamp (SCT) from the SSL certificate on the configuration file, registers it on the Google site with the certificate, and enables CT with NGINX settings after run kusanagi ssl --ct on
Also, when acquiring SSL certificate of Let’s Encrypt with kusanagi provision / ssl --email, CT will be automatically on.

2. New features DH settings for Apache2 SSL settings

The DH (Diffie-Hellman) key exchange setting was set up previously in NGINX and now it’s also available to setup in Apache 2.
This setup will allow you to exchange encryption keys more securely.

3. Certbot-auto renew is available

Updates of SSL certificates acquired with Let’s Encrypt are registered in crontab for each profile and executed once every two months.
Therefore, there was a issue that the SSL certificate expires when updating the SSL certificate fails.
You can automatically update certificates those expire for SSL certificates obtained from Let’s Encrypt with certbot-auto renew option.

KUSANAGI 8.0.1-1 Bug Fixes

  1. Description error in Apache configuration file when setting ssl
  2. Active hsts will cause http response tab malfunction(Only For NGINX)
  3. Drupal8 error detect
  4. Failure in autorenewal with kusanagi provision/ssl --email
  5. Compete KUSANAGI Plugin between WP Site Manager
  6. Specified php7 have been ignored during the process kusanagi init
  7. Japanese Messages Errors

1. Description error in Apache configuration file when setting ssl

There was a problem with appending to Apache 2 configuration file when kusanagi provision/ssl --email option was specified

2. Active hsts will cause http response tab malfunction(Only For NGINX)

http response header will disappear while kusanagi ssl --hsts is active

3. Drupal8 error detect

Develop version either beta version will install while process of Drupal8 deploy with kusanagi provision --drupal8 command.

4. Failure in autorenewal with kusanagi provision/ssl --email

Autorenewal Let’s Encrypt SSL certificate cron settings was failed to auto renew when used kusanagi provision/ssl --email to get SSL certication.

5. Compete KUSANAGI Plugin between WP Site Manager

Installed WP Site Manager Plugin at same time will be influence by WP Site Manager (default installed by standard KUSANAGI installation).
However, bcache will malfunction by WP Site Manager Plugin installed.
The issues will be solve by this time KUSANAGI Plugin update with using the following command:

# kusanagi target profile
 # kusanagi update plugin

6. Specified php7 have been ignored during the process kusanagi init

php-fpm service won’t have any effective even chose php5 as option while kusanagi init running interactively.
This error won’t happen when --php5 option is choose during kusanagi init.

7. Japanese messages error

Fixed the kusanagi commands messages errors while kusanagi OS language setup in japansese.

Simply Fast WordPress [11] – What is KUSANAGI, the “instantly 1000x faster” speed-tuned WordPress virtual machine?

This is a series of articles explaining how to speed up WordPress, the use of which is growing rapidly for CMS-based business sites and media sites. --Kengyu Nakamura, Prime Strategy Co., Ltd.

In this article, we will introduce seven merits of using KUSANAGI, the speed-tuned virtual machine that achieves 1000x speed right away, without carrying out each individual tuning technique explained in previous articles.

Using these techniques, we increased WordPress’s requests per second from 11.24 (using the default LAMP – Linux, Apache, MySQL and PHP) to 205.2 (using Nginx and HHVM 3.15) to 12672.3 (with Nginx’s FastCGI page cache). In other words, we are able to speed up WordPress to 1127x its speed in the default environment. If you are using WordPress for business, there is no reason not to put these techniques to use.