16.04

How to install PHP 7.2.latest on Ubuntu 16.04

May 6, 2018 by Simon

How to install PHP 7.2.latest on Ubuntu 16.04

I have a number of guides on moving away from CPanel, Setting up VM’s on UpCloud, AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. PHP is my programming language of choice.

PHP has a support page that declares the support date ranges and support types: http://php.net/supported-versions.php

A version of PHP is either actively supported, security fix supported or end of life.

From time to time vulnerabilities come up that require PHP updates to be applied.

Multiple flaw found in #PHP, most severe of which could allow arbitrary code execution
Affected Versions:
PHP 7.2 —prior to 7.2.5
PHP 7.1 —prior to 7.1.17
PHP 7.0 —prior to 7.0.30
PHP 5.0 —prior to 5.6.36https://t.co/TtiqXePoHu
Upgrade to the latest version of PHP immediately
— The Hacker News (@TheHackersNews) May 1, 2018

Source Link here

I have guides on setting up PHP 7 here on Digital Ocean, here on AWS and here on Vultr. I have tried upgrading to PHP 7.1 in the past with no luck (I forgot to change something and rolled back to 7.0).

FYI: I have a guide on setting up PHP child workers so the output from some commands below may be different than yours. Here are the steps I performed to install PHP 7.2 alongside 7.0 then switch. to 7.2.

Backup your system

Perform a Snapshot or Backup before proceeding. Nothing beats a quick restore if things fail.

Note: Use this information at your own risk.

Update your Ubuntu systems

apt-get update && apt-get upgrade

1	apt-get update && apt-get upgrade

Backup PHP

cd /etc/php
zip -r php7.0backup.zip 7.0/

1 2	cd /etc/php zip -r php7.0backup.zip 7.0/

Install Helper

This software provides an abstraction of the used apt repositories. It allows you to easily manage your distribution and independent software vendor software sources. More Info

apt-get install python-software-properties

1	apt-get install python-software-properties

Add the main PHP repo (more information)

add-apt-repository ppa:ondrej/php

1	add-apt-repository ppa:ondrej/php

Update the package lists

“In a nutshell, apt-get update doesn’t actually install new versions of software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.” from here

apt-get update

1	apt-get update

Verify New Packages

dpkg -l

dpkg -l

Install PHP 7.2

apt-get install php7.2

1	apt-get install php7.2

Install common PHP modules

apt-get install php-pear php7.2-curl php7.2-dev php7.2-mbstring php7.2-zip php7.2-mysql php7.2-xml

1	apt-get install php-pear php7.2-curl php7.2-dev php7.2-mbstring php7.2-zip php7.2-mysql php7.2-xml

Install PHP FPM

apt-get install php7.2-fpm

1	apt-get install php7.2-fpm

Update all packages (may be needed to update from php 7.2.4 to 7.2.5)

sudo apt-get upgrade

1	sudo apt-get upgrade

Edit your NGINX sites-available config

sudo nano /etc/nginx/sites-available/default
# I set: fastcgi_pass /run/php/php7.2-fpm.sock;

1 2	sudo nano /etc/nginx/sites-available/default # I set: fastcgi_pass /run/php/php7.2-fpm.sock;

Edit your NGINX sites-enabled config

sudo nano /etc/nginx/sites-enabled/default
# I set: fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

1 2	sudo nano /etc/nginx/sites-enabled/default # I set: fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

I edited these lines

location ~ \.php$ {
    ...
    fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    ...
}

location ~ \.php$ {

...

fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

...

}

Edit your PHP config (and make desired changes)

sudo nano /etc/php/7.2/fpm/php.ini

1	sudo nano /etc/php/7.2/fpm/php.ini

Edit your PHP pool config file (as required). See this guide here.

sudo nano /etc/php/7.2/fpm/pool.d/www.conf

1	sudo nano /etc/php/7.2/fpm/pool.d/www.conf

Make sure you set: listen = /run/php/php7.2-fpm.sock

Set PHP 7.2 as the default PHP

update-alternatives --set php /usr/bin/php7.2

1	update-alternatives --set php /usr/bin/php7.2

Check your PHP version

php -v

php -v

Reload PHP

sudo service php7.2-fpm reload

1	sudo service php7.2-fpm reload

Reload NGINX

nginx -t
nginx -s reload
/etc/init.d/nginx restart

nginx -t

nginx -s reload

/etc/init.d/nginx restart

Check the status of your PHP (and child workers)

sudo service php7.2-fpm status
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-05-04 19:02:27 AEST;
     Docs: man:php-fpm7.2(8)
  Process: 123456 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)
 Main PID: 123456 (php-fpm7.2)
   Status: "Processes active: 0, idle: 10, Requests: 0, slow: 0, Traffic: 0req/sec"
    Tasks: 11
   Memory: 30.5M
      CPU: 10.678s
   CGroup: /system.slice/php7.2-fpm.service
           ├─16494 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
           ├─16497 php-fpm: pool www
           ├─16498 php-fpm: pool www
           ├─16499 php-fpm: pool www
           ├─16500 php-fpm: pool www
           ├─16501 php-fpm: pool www
           ├─16502 php-fpm: pool www
           ├─16503 php-fpm: pool www
           ├─16504 php-fpm: pool www
           ├─16505 php-fpm: pool www
           └─16506 php-fpm: pool www

sudo service php7.2-fpm status

● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager

Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)

Active: active (running) since Fri 2018-05-04 19:02:27 AEST;

Docs: man:php-fpm7.2(8)

Process: 123456 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)

Main PID: 123456 (php-fpm7.2)

Status: "Processes active: 0, idle: 10, Requests: 0, slow: 0, Traffic: 0req/sec"

Tasks: 11

Memory: 30.5M

CPU: 10.678s

CGroup: /system.slice/php7.2-fpm.service

├─16494 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)

├─16497 php-fpm: pool www

├─16498 php-fpm: pool www

├─16499 php-fpm: pool www

├─16500 php-fpm: pool www

├─16501 php-fpm: pool www

├─16502 php-fpm: pool www

├─16503 php-fpm: pool www

├─16504 php-fpm: pool www

├─16505 php-fpm: pool www

└─16506 php-fpm: pool www

Check your website.

Troubleshooting

Guides that helped me.

https://thishosting.rocks/install-php-on-ubuntu/

https://websiteforstudents.com/wordpress-supports-php-7-2-heres-how-to-install-with-nginx-and-mariadb-support/

Check your log files

tail /var/log/nginx/error.log

1	tail /var/log/nginx/error.log

Debug FPM Service

systemctl status php7.2-fpm.service
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-05-06 00:18:55 AEST; 7min ago
     Docs: man:php-fpm7.2(8)
  Process: 123456 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)
 Main PID: 123 (php-fpm7.2)
   Status: "Processes active: 0, idle: 10, Requests: 44, slow: 0, Traffic: 0req/sec"
    Tasks: 11
   Memory: 212.6M
      CPU: 12.052s
   CGroup: /system.slice/php7.2-fpm.service
           ├─438 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
           ├─441 php-fpm: pool www
           ├─442 php-fpm: pool www
           ├─443 php-fpm: pool www
           ├─444 php-fpm: pool www
           ├─445 php-fpm: pool www
           ├─446 php-fpm: pool www
           ├─447 php-fpm: pool www
           ├─449 php-fpm: pool www
           ├─450 php-fpm: pool www
           └─451 php-fpm: pool www

May 06 00:18:55 server systemd[1]: Stopped The PHP 7.2 FastCGI Process Manager.
May 06 00:18:55 server systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...
May 06 00:18:55 server systemd[1]: Started The PHP 7.2 FastCGI Process Manager.

systemctl status php7.2-fpm.service

● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager

Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)

Active: active (running) since Sun 2018-05-06 00:18:55 AEST; 7min ago

Docs: man:php-fpm7.2(8)

Process: 123456 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)

Main PID: 123 (php-fpm7.2)

Status: "Processes active: 0, idle: 10, Requests: 44, slow: 0, Traffic: 0req/sec"

Tasks: 11

Memory: 212.6M

CPU: 12.052s

CGroup: /system.slice/php7.2-fpm.service

├─438 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)

├─441 php-fpm: pool www

├─442 php-fpm: pool www

├─443 php-fpm: pool www

├─444 php-fpm: pool www

├─445 php-fpm: pool www

├─446 php-fpm: pool www

├─447 php-fpm: pool www

├─449 php-fpm: pool www

├─450 php-fpm: pool www

└─451 php-fpm: pool www

May 06 00:18:55 server systemd[1]: Stopped The PHP 7.2 FastCGI Process Manager.

May 06 00:18:55 server systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...

May 06 00:18:55 server systemd[1]: Started The PHP 7.2 FastCGI Process Manager.

Remove PHP 7.0

sudo apt-get purge php7.0-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libaspell15 libauthen-pam-perl libc-client2007e libio-pty-perl libmcrypt4 librecode0 libtidy-0.99-0 libxmlrpc-epi0 linux-headers-4.4.0-109
  linux-headers-4.4.0-109-generic linux-headers-4.4.0-112 linux-headers-4.4.0-112-generic linux-headers-4.4.0-87
  linux-headers-4.4.0-87-generic linux-headers-4.4.0-96 linux-headers-4.4.0-96-generic linux-image-4.4.0-109-generic
  linux-image-4.4.0-112-generic linux-image-4.4.0-87-generic linux-image-4.4.0-96-generic linux-image-extra-4.4.0-109-generic
  linux-image-extra-4.4.0-112-generic linux-image-extra-4.4.0-87-generic linux-image-extra-4.4.0-96-generic mlock
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  php7.0-cli* php7.0-common* php7.0-curl* php7.0-fpm* php7.0-gd* php7.0-imap* php7.0-intl* php7.0-json* php7.0-mbstring* php7.0-mcrypt*
  php7.0-mysql* php7.0-opcache* php7.0-pspell* php7.0-readline* php7.0-recode* php7.0-sqlite3* php7.0-tidy* php7.0-xml* php7.0-xmlrpc*
  php7.0-xsl*

sudo apt-get purge php7.0-common

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following packages were automatically installed and are no longer required:

libaspell15 libauthen-pam-perl libc-client2007e libio-pty-perl libmcrypt4 librecode0 libtidy-0.99-0 libxmlrpc-epi0 linux-headers-4.4.0-109

linux-headers-4.4.0-109-generic linux-headers-4.4.0-112 linux-headers-4.4.0-112-generic linux-headers-4.4.0-87

linux-headers-4.4.0-87-generic linux-headers-4.4.0-96 linux-headers-4.4.0-96-generic linux-image-4.4.0-109-generic

linux-image-4.4.0-112-generic linux-image-4.4.0-87-generic linux-image-4.4.0-96-generic linux-image-extra-4.4.0-109-generic

linux-image-extra-4.4.0-112-generic linux-image-extra-4.4.0-87-generic linux-image-extra-4.4.0-96-generic mlock

Use 'sudo apt autoremove' to remove them.

The following packages will be REMOVED:

php7.0-cli* php7.0-common* php7.0-curl* php7.0-fpm* php7.0-gd* php7.0-imap* php7.0-intl* php7.0-json* php7.0-mbstring* php7.0-mcrypt*

php7.0-mysql* php7.0-opcache* php7.0-pspell* php7.0-readline* php7.0-recode* php7.0-sqlite3* php7.0-tidy* php7.0-xml* php7.0-xmlrpc*

php7.0-xsl*

PHP 7.0 Removed 🙂

Remove other unused packages

sudo apt autoremove

1	sudo apt autoremove

At the time of writing (Sep 2018) PHP 7.2.9 is the latest version of PHP and PHP 7.3 will be out at the end of the year.

Good luck and I hope this guide helps someone

Ask a question or recommend an article

Revision History

v1.2 PHP 7.2.9 and PHP 7.2 updates

v1.1 Remove PHP 7.0 steps

v1.0 Initial post

Moving an Ubuntu 16.04 VM on Vultr from one data centre to another via snapshots

April 17, 2018 by Simon

This guide will show how you can move an Ubuntu VM server domain between Vultr data centres via snapshots.

I have a number of guides on moving away from CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Sometimes you need to move a sever between locations and/or upgrade the server (to have more memory t install WordPress).

Moving an existing Vultr server

If you don’t have an Ubuntu server click here (follow this guide).

Login to Vultr and specify a source server, click Snapshots and click Take Snapshot.

Wait for the snapshot to finish (It may take 1 hour).

Great, the snapshot is done.

Now I can create a new server (in a different data centre).

Deploy New Instance

Choose a location (Australia is at capacity, so I’ll deploy to Silicon Valley then move again in a few weeks), choose the snapshot to restore, choose a plan, I enabled IPV6/Auto Backups and Private Networking.

TIP: The password for the server will be the same as the source server so write it down.

Click Deploy Now

After a few minutes, you can see the new servers IP address, you can log in to your domain name provider (in my case Namecheap) and update the target IPV4 and IPV6 address.

You can find IPV4 and IPV6 addresses by opening your server, clicking settings then IPxV4 or IPV6.

You will need to update Vultr DNS settings (login to Vultr, Click Servers, Click DNS then edit your existing Domain DNS entry). Add you’re new serves IP addresses.

Update: I added an IPV6/AAAA record too.

Wait for DNS Replication

Goto https://www.whatsmydns.net/ and check the global DNS propagation for your new domain’s server.

If you are happy that the server has been migrated (snapshot restored) and that the domain DNS is pointing to your new server you can delete the old server in the Vultr server list.

Post-Migrate Actions

Setup Daily backups.
Review firewall settings (guide here).
Optional: Install MySQL
Optional: Install PHP
Optional: Install PHP Pooled Connections
Optional: Install WordPress
Optional: Install WordPress CDN
Optional: Configure Cloudflare
etc

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.1 Vultr Link

v1.0 Initial post

Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare

April 5, 2018 by Simon

This guide will show you how to enable the latest Transport Layer Security (TLS) 1.3 protocol with it’s predecessor Secure Sockets Layer (SSL) with NGINX and OpenSSL for better website security on an Ubuntu 16.04 server

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Making sure your server is up to date and running the latest SSL software is important. I have updated Open SSL before and blogged about this here. Do backup your server before changing settings and if you use Cloudflare (if you don’t do it now) enable Development Mode (and disable caching until changes are made).

For the best performing VM host (UpCloud) read my guide on the awesome UpCloud VM hosts (get $25 free credit by signing up here).

TLS 1.3 is the latest SSL security protocol that can be used between clients and servers to encrypt connections on the web.

TLS 1.3 uptake is only 60% according to https://caniuse.com/#search=TLS%201.3

Read why TLS 1.3 is important and news on TLS 1.3 can be found here: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/

The Good and Bad

Done be like this commercial site with very poor security (tested with SSL labs and asafaweb)

Here is what the top 1 million sites do

Here it is!! Alexa Top 1 Million Analysis – February 2018 https://t.co/TjBHNX7zTi
— Scott Helme (@Scott_Helme) February 26, 2018

Installing Open SSL on Ubuntu

Connect to your Ubuntu 16.04 server via SSH (I connected to my Vultr server)

Check what version of OpenSSL you have? My OpenSSL is out of date.

# openssl version
OpenSSL 1.1.0g  2 Nov 2017

1 2	# openssl version OpenSSL 1.1.0g 2 Nov 2017

Tip: What Ciphers does your Open SSL Support?

openssl ciphers -s -v
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

openssl ciphers -s -v

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD

DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD

ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD

ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD

DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD

ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD

ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD

DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD

ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384

ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384

DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256

ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256

ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256

DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256

ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1

ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1

DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1

ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1

ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1

DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1

AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD

AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD

AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256

AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256

AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

Time to update Open SSL

OpenSSL 1.1.1 beta is available and supports TLS 1.3 but it is n BETA form. OpenSSL code is available here.

I did the following to download and build the latest version of OpenSSL.

mkdir /openssltemp
cd /openssltemp
sudo git clone git://git.openssl.org/openssl.git
cd openssl/
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib
make
sudo make install

mkdir /openssltemp

cd /openssltemp

sudo git clone git://git.openssl.org/openssl.git

cd openssl/

./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib

make

sudo make install

I tried to check the open SSL version but had an error?

openssl version 
openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)
openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

openssl version

openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

A quick GitHub ticket revealed I needed to set a path variable.

export LD_LIBRARY_PATH=/usr/local/lib
echo "export LD_LIBRARY_PATH=/usr/local/bin/openssl" >> ~/.bashrc

1 2	export LD_LIBRARY_PATH=/usr/local/lib echo "export LD_LIBRARY_PATH=/usr/local/bin/openssl" >> ~/.bashrc

Open SSL now reports it’s version.

openssl version
OpenSSL 1.1.1-pre3 (beta) 20 Mar 2018

1 2	openssl version OpenSSL 1.1.1-pre3 (beta) 20 Mar 2018

What version NGINX do you have (1.13 supports TLS 1.3) read here

# nginx -v
nginx version: nginx/1.13.9

1 2	# nginx -v nginx version: nginx/1.13.9

Backup your NGINX

Do backup your server files and take a snapshot if need be. I am not responsible;e for a broken server,

sudo cp -R /etc/nginx/ /nginx-backup-26thMar-2018

1	sudo cp -R /etc/nginx/ /nginx-backup-26thMar-2018

Edit NGINX Configuration

Update NGINX configuration: /etc/nginx/sites-available/default

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp384r1;

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;

ssl_prefer_server_ciphers on;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

ssl_ecdh_curve secp384r1;

tip: Review other NGINX hardening settings here. Also remove TLSv1.0

I tested my NGINX config loaded them and restarted NGINX

nginx -t
nginx -s reload
/etc/init.d/nginx restrat

nginx -t

nginx -s reload

/etc/init.d/nginx restrat

Check the status of NGINX

# /etc/init.d/nginx status

[ ok ] Restarting nginx (via systemctl): nginx.service.
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) 
     Docs: man:nginx(8)
  Process: 15154 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 15162 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 15159 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 15166 (nginx)
    Tasks: 4
   Memory: 2.3M
      CPU: 27ms
   CGroup: /system.slice/nginx.service
           ├─15166 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─15170 nginx: worker process
           ├─15171 nginx: cache manager process
           └─15172 nginx: cache loader process

# /etc/init.d/nginx status

[ ok ] Restarting nginx (via systemctl): nginx.service.

● nginx.service - A high performance web server and a reverse proxy server

Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)

Active: active (running)

Docs: man:nginx(8)

Process: 15154 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)

Process: 15162 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)

Process: 15159 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)

Main PID: 15166 (nginx)

Tasks: 4

Memory: 2.3M

CPU: 27ms

CGroup: /system.slice/nginx.service

├─15166 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;

├─15170 nginx: worker process

├─15171 nginx: cache manager process

└─15172 nginx: cache loader process

If you have configured Cloudflare then log in and enable TLS support.

Enable TLS 1.3 in Chrome by visiting chrome://flags/#tls13-variant This should be automatic in later versions of Chrome and other browsers.

Verify TLS

I used the developer tools in Chrome to confirm the page was verified in TLS 1.3.

Updated to 1.1.1-pre6-dev

mkdir /temp
cd /temp
sudo git clone https://github.com/openssl/openssl.git
cd openssl/
./config --prefix=/usr/local --openssldir=/usr/local -Wl,-rpath,/usr/local
make
sudo make install
openssl
OpenSSL> version
OpenSSL 1.1.1-pre6-dev  xx XXX xxxx
OpenSSL> exit

mkdir /temp

cd /temp

sudo git clone https://github.com/openssl/openssl.git

cd openssl/

./config --prefix=/usr/local --openssldir=/usr/local -Wl,-rpath,/usr/local

make

sudo make install

openssl

OpenSSL> version

OpenSSL 1.1.1-pre6-dev xx XXX xxxx

OpenSSL> exit

Don’t forget to test your SSL strength with https://dev.ssllabs.com/ssltest/

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.3 added bad ssl cert.

v1.2 ssl test v1.1 updated to 1.1.1-pre6-dev

v1.0 Initial post

Ubuntu 16.04: Spectre, Meltdown Security Vulnerabilities (and how to patch).

January 10, 2018 by Simon

Below is a post about the Spectre and Meltdown Security vulnerabilities and mostly how it relates to Ubuntu.

Spectre and Meltdown Background

Google Project Zero found a server-side hardware bug (undocumented feature) that allows reading of privileged memory by leveraging a CPU (and possibly any GPU and SOC) feature to execute code ahead of time in “if” code branches before the result of the “if” case is known. This execute code ahead of demand feature was added to speed up processors to assists the FETCH, DECODE, EXECUTE and WRITE-BACK stages in the execution pipeline preparation.

Processors hate reading from main memory (it is too slow) so if data can be PREFETCHED or CACHED before being executed in the CPU allowing the CPU can do more work. This bug/flaw is not really a bug/flaw IMHO but an insecure efficiency feature.

Read more on the Spectre and Meltdown bug here at Wired.

CPU History

Aside: Check out the Red Hill Hardware guide and the evolution (documentation) of early CPU’s.

You can read more about the Pentium 4’s cache, rapid execution engine and instruction set additions to learn more about the evolution of CPU efficiency here.

Making processors faster (adding more MHZ) may be futile if the cache is too small or slow, and simply adding more cache can increase costs. Branch prediction was a way to increase performance (by using idle clock cycles or saving clock cycles) without adding extra cache or silicone (extra cost). I suspect in the future branch prediction and read ahead features may be locked down or processor manufacturers may swing back to adding more MHZ/Cores/Cache.

Anandtech https://www.anandtech.com have a great article on branch prediction (I can’t find the article now but will add it when I find it later) but this guide gives the gist.

CPU 101

A CPU is much like a checkout area at a grocery store, and a multi-core CPU is like a grocery store with multiple checkouts.

Things (processing and reading to/from memory) happen sequentially (per core).
Only one item can be scanned (processed) at a time (per core).
Customers trolleys and items are like program threads and items to scan (to be calculated in the CPU).
Customers trolleys (programs with things to calculate) line up and wait for the CPU (attendant) to scan (execute) items. PRE-FETCH and other CPU tasks help organize data related to instructions.
One checkout line (core) cannot read or affect items at another checkout (thread safety).

When a price check is called on an item (causing huge delays while the price is being checked by a runner (reading from main memory)) the checkout attendant (CPU core) processes the next items at the checkout (items in the processor execution pipeline). Branch predicting will read ahead in idle times to prevent idle delays or cache-misses to prevent slowdown. Processors usually make sure things are in the processors L3, L2 or L1 memory before they are executed but some commands with pre-requisite data cannot be pre-cached.

CPU instruction information

Here is a list of x86 instructions

Troy Hunt in Weekly Update 68 https://www.troyhunt.com/weekly-update-68/ mentioned a twitter thread by Graham Sutherland (@gsuberland) https://twitter.com/gsuberland/status/948907452786933762 that summaries speculative execution more succinctly. Meltdown and Spectre bugs are due to the speculative execution in the processor.

Official Information on Spectre and Meltdown

Spectre (Security Vulnerability Wikipedia Article)

Meltdown (Security Vulnerability Wikipedia Article)

Proof of concepts exploits in the wide

Proof of concept and exploits are no doubt in the wild (as reported by Michael Schwarz – @misc0110)

Ubuntu Impact

I have a number of Ubuntu servers and I have updated them to fix Spectre and Meltdown issues.

UpCloud is my favourite cloud provider.

Setting up a Vultr VM (Ubuntu) and configuring it

How to buy a new domain and SSL cert from NameCheap, (Ubuntu) Server from Digital Ocean and configure it

Creating and configuring a CentOS server on Digital Ocean

Creating an AWS EC2 Ubuntu 14.04 server with NGINX, Node and MySQL and phpMyAdmin

Ubuntu said here that is has been notified by Intel of this issue since November 09 2017.

Ubuntu Timeline (16.04 related snip from here)

2017 Nov 09: the Ubuntu Security team is notified by Intel under NDA.

2017 Nov 20: the CRD is established as 2018-01-09.

2017 Dec: the Ubuntu Security team receives notifications from additional silicon vendors about the impact to their products.

2018 Jan 03: issue becomes public a few days before the CRD.

2018 Jan 04: Canonical publicly communicates the planned update schedule.

2018 Jan 04: Mozilla releases timing attack mitigations.

2018 Jan 05: Ubuntu Firefox updates are made available in USN 3516-1.

2018 Jan 07: Candidate kernels are beginning to be made available for testing at ppa:canonical-kernel-team/pti. This initial round will address CVE-2017-5754 (aka Meltdown or Variant 3) for x86_64. We will address CVE-2017-5715 and CVE-2017-5753 (aka Spectre or Variant 1 & 2) in a subsequent round. We will also address additional architectures in subsequent rounds. Kernels currently available are as follows. We will continue to update this table as more become available:

Package: linux, Version: 4.4.0-108.131, Series: Xenial 16.04

-2018 Jan 09: NVIDIA driver updates published, see USN-3521-1.

Cloud image updates.

Core image updates.

At this time it looks like this has been fixed on Ubuntu 16.04 LTS (Xenial Xerus) with released (57.0.4+build1-0ubuntu0.16.04.1). Consider updating your Ubuntu servers.

You can follow the Ubuntu CVE listing here to be ahead of future security issues.
https://people.canonical.com/~ubuntu-security/cve/main.html

Spectre and Meltdown related Ubuntu CVE’s

Spectre – CVE-2017-5715

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html

Spectre – CVE-2017-5753

Description: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Ubuntu-Description: Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via side-channel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.

Link: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html

Meltdown – CVE-2017-5754

Ubuntu-Description: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via side-channel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

Link: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html

Links

Ubuntu Security News https://usn.ubuntu.com/usn/

Subscribe to the Ubuntu Security Announcement Distribution List https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Ubuntu CVE Tracker (Main) http://people.canonical.com/~ubuntu-security/cve/main.html

Links from CVE articles

https://spectreattack.com/
https://meltdownattack.com/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
http://www.amd.com/en/corporate/speculative-execution
https://developer.arm.com/support/security-update
https://www.qemu.org/2018/01/04/spectre/
https://usn.ubuntu.com/usn/usn-3516-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
https://usn.ubuntu.com/usn/usn-3521-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
https://github.com/IAIK/KAISER
https://gruss.cc/files/kaiser.pdf
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

FYI: Ubuntu 17.04 will not be getting the Spectre and Meltdown fixes, this is a good reason why not to use a non-LTS (long time support) release of Ubuntu (abandoned after 9 months):
https://lists.ubuntu.com/archives/ubuntu-announce/2018-January/000227.html

How to update Ubuntu

As always backup your server and configuration first (consider taking a snapshot). I run the following command to update my system and reboot.

Warning: Some packages may overwrite in-production configuration files (or break production servers) so take your time updating, use test servers (green and blue or dev, test and prod) and only upgrade production when you are ready.

sudo apt update && sudo apt upgrade && shutdown -r now

1	sudo apt update && sudo apt upgrade && shutdown -r now

fyi: AWS related Speculative Execution post: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

Impact on Future Program Build Times

Twitter user Peter Czanik (@PCzanik https://twitter.com/PCzanik) reports that compile times that fix speculative execution have increased his build times from 4 minutes to 21 minutes.

Windows Impacts

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

OSX Impacts
Report: Intel CPUs suffer from major security flaw, fix could bring notable performance hit to macOS

Web Browser and JavaScript Impacts

General

Here’s what every Chrome user should do in the wake of #Spectre

http://mashable.com/2018/01/04/google-chrome-spectre-precaution-meltdown/

Microsoft reveals how Spectre updates can slow your PC down

https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown

Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs

Review: https://twitter.com/search?q=spectre%20meltdown

Viewing the Change log of updatable packages

View the change log of updatable packages for a certain Cve.

sudo apt-get update

sudo apt-get changelog ntp | grep CVE-2017-5715

The output will show matches of updatable packages that match.

Ubuntu Cloud Tips

Read my guide on Useful Linux Terminal Commands https://fearby.com/article/useful-linux-terminal-commands/

Read my guide on how to setting up a Vultr VM (Ubuntu) and configuring it https://fearby.com/article/setting-vultr-vm-configuring/

Good luck.

Scott Manleys breakdown of Spectre and Meltdown

More Reading

Anandtech – Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs.

More Fearby.com Reading

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.4 Scott Manleys link

v1.3 Added Anandtech article.

v1.2 Wired link.

v1.1 view the changelog of updatable packages.

v1.0 Initial Copy.

Hope this helps someone.

Updating PHP 7.0 to 7.1 on an Ubuntu 16.04 Vultr VM

November 21, 2017 by Simon

Here is how you can quickly update PHP 7.0 to 7.1 on a Vultr Ubuntu domain.

I have configured a number of Vultr domains with NGINX and PHP 7.1 FPM and today I realised I need to update PHP 7.0 to 7.1 to fix a few security exploits (read more here and here on securing Ubuntu in the cloud). PHP has a good page where you can keep up to date with PHP news here https://secure.php.net/. You can also view the PHP bug tracker to view bugs here. PHP aggregation user @php_net on twitter is good to follow, the official PHP twitter account is @official_php.

I have not noticed in daily Ubuntu package updates no option to update PHP 7.0 to 7.1, I must have to update manually.

WARNING: Backup your site and test this on a non production server before doing it on a live server. I had an issue with PHP 7.1 breaking WordPress 3.9 (mysql issues with some plugins) and I had to roll back to 7.0 (see rollback tips in troubleshooting below). WordPress says it is PHP 7.1 compatible but issues exist. WordPress 3.9 ditches “mysql” and used “mysqli” and when instead PHP 7.1 WordPress could not find “mysqli”?

List packages with updates

sudo /usr/lib/update-notifier/apt-check -p
linux-libc-dev
python3-apport
python3-problem-report

sudo /usr/lib/update-notifier/apt-check -p

linux-libc-dev

python3-apport

python3-problem-report

You can run the following to view upgradable packages (TIP: Backup NGINX and other configuration files before any upgrades).

apt list --upgradable
Listing... Done
apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
linux-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-headers-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-image-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-libc-dev/xenial-updates,xenial-security 4.4.0-101.124 amd64 [upgradable from: 4.4.0-98.121]
nginx/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]
nginx-common/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]
nginx-core/xenial 1.13.4-1chl1~xenial1 amd64 [upgradable from: 1.13.3-1chl1~xenial1]
procmail/xenial-updates,xenial-security 3.22-25ubuntu0.16.04.1 amd64 [upgradable from: 3.22-25]
python-cryptography/xenial 1.9-1+ubuntu16.04.1+certbot+2 amd64 [upgradable from: 1.7.1-2+certbot~xenial+1]
python-openssl/xenial,xenial 17.3.0-1~0+ubuntu16.04.1+certbot+1 all [upgradable from: 17.0.0-0+certbot~xenial+1]
python-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]
python-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]
python3-apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
python3-problem-report/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
python3-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]
python3-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]

apt list --upgradable

Listing... Done

apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]

linux-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]

linux-headers-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]

linux-image-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]

linux-libc-dev/xenial-updates,xenial-security 4.4.0-101.124 amd64 [upgradable from: 4.4.0-98.121]

nginx/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]

nginx-common/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]

nginx-core/xenial 1.13.4-1chl1~xenial1 amd64 [upgradable from: 1.13.3-1chl1~xenial1]

procmail/xenial-updates,xenial-security 3.22-25ubuntu0.16.04.1 amd64 [upgradable from: 3.22-25]

python-cryptography/xenial 1.9-1+ubuntu16.04.1+certbot+2 amd64 [upgradable from: 1.7.1-2+certbot~xenial+1]

python-openssl/xenial,xenial 17.3.0-1~0+ubuntu16.04.1+certbot+1 all [upgradable from: 17.0.0-0+certbot~xenial+1]

python-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]

python-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]

python3-apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]

python3-problem-report/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]

python3-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]

python3-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]

Update your server packages

sudo apt-get update && sudo apt-get upgrade

1	sudo apt-get update && sudo apt-get upgrade

Reboot

sudo shutdown -r now

1	sudo shutdown -r now

You should now see this on startup

0 packages can be updated.
0 updates are security updates.

1 2	0 packages can be updated. 0 updates are security updates.

You can view your installed PHP configuration file and installed version by typing to following in your servers command line.

# locate php.ini
/etc/php/7.0/apache2/php.ini
/etc/php/7.0/cli/php.ini
/etc/php/7.0/fpm/php.ini

# locate php.ini

/etc/php/7.0/apache2/php.ini

/etc/php/7.0/cli/php.ini

/etc/php/7.0/fpm/php.ini

Now let’s install a package viewer

sudo apt-get install apt-show-versions

1	sudo apt-get install apt-show-versions

Search installed packages (or non-installed) PHP packages.

sudo apt-show-versions | grep php | more

libapache2-mod-php7.0:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
libapache2-mod-php7.0:i386 not installed
php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate
php-xdebug:amd64/xenial 2.5.5-3+ubuntu16.04.1+deb.sury.org+1 uptodate
php-xdebug:i386 not installed
php7.0:all/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-cli:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-cli:i386 not installed
php7.0-common:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-common:i386 not installed
php7.0-curl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-curl:i386 not installed
php7.0-dev:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-dev:i386 not installed
php7.0-fpm:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-fpm:i386 not installed
php7.0-gd:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-gd:i386 not installed
php7.0-imap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-imap:i386 not installed
php7.0-intl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-intl:i386 not installed
php7.0-json:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-json:i386 not installed
php7.0-ldap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-ldap:i386 not installed
php7.0-mbstring:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-mbstring:i386 not installed
php7.0-mysql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-mysql:i386 not installed
php7.0-opcache:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-opcache:i386 not installed
php7.0-pgsql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-pgsql:i386 not installed
php7.0-phpdbg:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-phpdbg:i386 not installed
php7.0-pspell:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-pspell:i386 not installed
php7.0-readline:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-readline:i386 not installed
php7.0-recode:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-recode:i386 not installed
php7.0-snmp:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-snmp:i386 not installed
php7.0-tidy:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-tidy:i386 not installed
php7.0-xml:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-xml:i386 not installed
php7.0-zip:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-zip:i386 not installed

sudo apt-show-versions | grep php | more

libapache2-mod-php7.0:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

libapache2-mod-php7.0:i386 not installed

php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate

php-xdebug:amd64/xenial 2.5.5-3+ubuntu16.04.1+deb.sury.org+1 uptodate

php-xdebug:i386 not installed

php7.0:all/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-cli:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-cli:i386 not installed

php7.0-common:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-common:i386 not installed

php7.0-curl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-curl:i386 not installed

php7.0-dev:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-dev:i386 not installed

php7.0-fpm:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-fpm:i386 not installed

php7.0-gd:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-gd:i386 not installed

php7.0-imap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-imap:i386 not installed

php7.0-intl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-intl:i386 not installed

php7.0-json:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-json:i386 not installed

php7.0-ldap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-ldap:i386 not installed

php7.0-mbstring:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-mbstring:i386 not installed

php7.0-mysql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-mysql:i386 not installed

php7.0-opcache:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-opcache:i386 not installed

php7.0-pgsql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-pgsql:i386 not installed

php7.0-phpdbg:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-phpdbg:i386 not installed

php7.0-pspell:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-pspell:i386 not installed

php7.0-readline:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-readline:i386 not installed

php7.0-recode:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-recode:i386 not installed

php7.0-snmp:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-snmp:i386 not installed

php7.0-tidy:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-tidy:i386 not installed

php7.0-xml:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-xml:i386 not installed

php7.0-zip:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.0-zip:i386 not installed

Uninstall all local PHP related packages

sudo apt-get remove php* 
...
After this operation, 35.7 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 139182 files and directories currently installed.)
Removing php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php-xdebug (2.5.5-3+ubuntu16.04.1+deb.sury.org+1) ...
Removing libapache2-mod-php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-zip (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-xml (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-mbstring (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-dev (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-fpm (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-curl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-gd (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-imap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-intl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-phpdbg (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-ldap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-mysql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-pgsql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-pspell (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-recode (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-snmp (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-tidy (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-cli (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-json (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-opcache (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-readline (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-common (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php-common (1:55+ubuntu16.04.1+deb.sury.org+1) ...
Processing triggers for man-db (2.7.5-1) ...

sudo apt-get remove php*

...

After this operation, 35.7 MB disk space will be freed.

Do you want to continue? [Y/n] y

(Reading database ... 139182 files and directories currently installed.)

Removing php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php-xdebug (2.5.5-3+ubuntu16.04.1+deb.sury.org+1) ...

Removing libapache2-mod-php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-zip (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-xml (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-mbstring (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-dev (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-fpm (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-curl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-gd (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-imap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-intl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-phpdbg (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-ldap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-mysql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-pgsql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-pspell (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-recode (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-snmp (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-tidy (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-cli (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-json (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-opcache (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-readline (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php7.0-common (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...

Removing php-common (1:55+ubuntu16.04.1+deb.sury.org+1) ...

Processing triggers for man-db (2.7.5-1) ...

Confirm packages are uninstalled

sudo apt-show-versions | grep php
>

1 2	sudo apt-show-versions \| grep php >

Install PHP 7.1 and common packages

sudo apt-get install php7.1 php7.1-cli php7.1-common libapache2-mod-php7.1 php7.1-mysql php7.1-fpm php7.1-curl php7.1-gd php7.1-bz2 php7.1-mcrypt php7.1-json php7.1-tidy php7.1-mbstring php-redis php-memcached

1	sudo apt-get install php7.1 php7.1-cli php7.1-common libapache2-mod-php7.1 php7.1-mysql php7.1-fpm php7.1-curl php7.1-gd php7.1-bz2 php7.1-mcrypt php7.1-json php7.1-tidy php7.1-mbstring php-redis php-memcached

Verify PHP 7.1 installation

apt-show-versions | grep php
libapache2-mod-php7.1:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
libapache2-mod-php7.1:i386 not installed
php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate
php-igbinary:amd64/xenial 2.0.1-1+ubuntu16.04.1+deb.sury.org+2 uptodate
php-igbinary:i386 not installed
php-memcached:amd64/xenial 3.0.3+2.2.0-1+ubuntu16.04.1+deb.sury.org+3 uptodate
php-memcached:i386 not installed
php-msgpack:amd64/xenial 2.0.2+0.5.7-1+ubuntu16.04.1+deb.sury.org+3 uptodate
php-msgpack:i386 not installed
php-redis:amd64/xenial 3.1.4-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php-redis:i386 not installed
php7.1:all/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-bz2:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-bz2:i386 not installed
php7.1-cli:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-cli:i386 not installed
php7.1-common:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-common:i386 not installed
php7.1-curl:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-curl:i386 not installed
php7.1-fpm:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-fpm:i386 not installed
php7.1-gd:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-gd:i386 not installed
php7.1-json:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-json:i386 not installed
php7.1-mbstring:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mbstring:i386 not installed
php7.1-mcrypt:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mcrypt:i386 not installed
php7.1-mysql:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mysql:i386 not installed
php7.1-opcache:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-opcache:i386 not installed
php7.1-readline:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-readline:i386 not installed
php7.1-tidy:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-tidy:i386 not installed

apt-show-versions | grep php

libapache2-mod-php7.1:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

libapache2-mod-php7.1:i386 not installed

php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate

php-igbinary:amd64/xenial 2.0.1-1+ubuntu16.04.1+deb.sury.org+2 uptodate

php-igbinary:i386 not installed

php-memcached:amd64/xenial 3.0.3+2.2.0-1+ubuntu16.04.1+deb.sury.org+3 uptodate

php-memcached:i386 not installed

php-msgpack:amd64/xenial 2.0.2+0.5.7-1+ubuntu16.04.1+deb.sury.org+3 uptodate

php-msgpack:i386 not installed

php-redis:amd64/xenial 3.1.4-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php-redis:i386 not installed

php7.1:all/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-bz2:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-bz2:i386 not installed

php7.1-cli:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-cli:i386 not installed

php7.1-common:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-common:i386 not installed

php7.1-curl:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-curl:i386 not installed

php7.1-fpm:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-fpm:i386 not installed

php7.1-gd:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-gd:i386 not installed

php7.1-json:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-json:i386 not installed

php7.1-mbstring:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-mbstring:i386 not installed

php7.1-mcrypt:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-mcrypt:i386 not installed

php7.1-mysql:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-mysql:i386 not installed

php7.1-opcache:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-opcache:i386 not installed

php7.1-readline:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-readline:i386 not installed

php7.1-tidy:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate

php7.1-tidy:i386 not installed

Reboot

sudo shutdown -r now

1	sudo shutdown -r now

See if the PHP 7.1 FPM service has started

sudo systemctl | grep php
> php7.1-fpm.service

1 2	sudo systemctl \| grep php > php7.1-fpm.service

Restart PHP 7.1 FPM Service

sudo systemctl restart php7.1-fpm.service

1	sudo systemctl restart php7.1-fpm.service

Edit your /etc/nginx/sites-enabled/default and change the fastcgi_pass from “7.0” to “7.1”

sudo nano /etc/nginx/sites-enabled/default

1	sudo nano /etc/nginx/sites-enabled/default

Edits:

location ~ \.php$ {
    ...
    fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    ...
}

location ~ \.php$ {

...

fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;

...

}

Reload NGINX configuration and restart NGINX

sudo nginx -t && sudo nginx -s reload && sudo /etc/init.d/nginx restart
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ ok ] Restarting nginx (via systemctl): nginx.service.

sudo nginx -t && sudo nginx -s reload && sudo /etc/init.d/nginx restart

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[ ok ] Restarting nginx (via systemctl): nginx.service.

Your website should now be back up and running PHP 7.1

Post Install Tasks

View this blog post on other useful linux commands.

Run a Lynis security scan.

Edit your PHP.ini file and add required changes (e.g upload sizes).

sudo nano /etc/php/7.1/fpm/php.ini
# upload_max_filesize = 2M
+ upload_max_filesize = 8M

sudo nano /etc/php/7.1/fpm/php.ini

# upload_max_filesize = 2M

+ upload_max_filesize = 8M

Troubleshooting

View PHP configuration values (add this to a debug.php and load in in a browser)

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);

?>

<?php

// Show all information, defaults to INFO_ALL

phpinfo();

// Show just the module information.

// phpinfo(8) yields identical results.

phpinfo(INFO_MODULES);

I broke my WordPress 3.9 when I tried to update to PHP 7.1 so I rolled back to 7.0.

sudo apt-get remove php*
sudo apt-get -y install php7.0-fpm
sudo apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache  php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext
service php7.0-fpm reload

sudo apt-get remove php*

sudo apt-get -y install php7.0-fpm

sudo apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext

service php7.0-fpm reload

Google help had me stuck for a while when I had issues purging php 7.1.

Because my blog (with install steps) was down I used this site to help be find the commands to run.

Conclusion

Sometimes going with cutting edge tech you will go out on a limb, ensure you know and can restore a working site if need be.

Always have a backup and restore plan.

Hope this guide helps.

Donate and make this blog better

Ask a question or recommend an article

v1.35 WordPress 3.9 error with PHP 7.1

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

"If you're not still learning, you're already dying."
- Ryan Holiday - Ego is the Enemy

Follow me on Twitter: @FearbySoftware

View All Posts.

16.04

How to install PHP 7.2.latest on Ubuntu 16.04

Moving an Ubuntu 16.04 VM on Vultr from one data centre to another via snapshots

Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare

Ubuntu 16.04: Spectre, Meltdown Security Vulnerabilities (and how to patch).

Updating PHP 7.0 to 7.1 on an Ubuntu 16.04 Vultr VM

Popular

Security

Code

Tech

Wordpress

General

16.04

Footer

Popular

Security

Code

Tech

Wordpress

General