Solved: NGINX The “ssl” directive is deprecated, use the “listen … ssl”

nginx ssl on error

I have seen a lot of threads about this error, none of the solutions worked. Here is the solution.

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/conf.d/vhosts/yourdomain.tld.ssl.conf:8

server {
listen xxx.yyy.zzz.vvv:443 ;
server_name ;
access_log /usr/local/apache/domlogs/ bytes;
access_log /usr/local/apache/domlogs/ combined;
error_log /usr/local/apache/domlogs/ error;

ssl on;
ssl_certificate /etc/pki/tls/certs/hostname.bundle;
ssl_certificate_key /etc/pki/tls/private/hostname.key;

Line 8 is –
ssl on;

The solution is simple.

Remove Line 8 (ssl on)

Modify Line 2 by adding “ssl” as marked in red:

listen xxx.yyy.zzz.vvv:443 ssl ;

Do this in all .ssl.conf files, as well as in the conf.d/hostname-ssl.conf file

Then restart the server and the error will be gone.

Bonus tip: Turning On HTTP/2

If you are already doing this, and your server is set up, you can turn on HTTP/2 at the same time and increase your site speed.

listen xxx.yyy.zzz.vvv:443 ssl http2 ;

How to Upgrade to PHP 7.4 on CentOS 7

I have seen several different versions of this process, but none of them worked… Here is the summary, but make sure you keep track of all changes in case you need to revert.

Version #1

1. Verify current version of PHP

Type in the following to see the current PHP version:

php -v

The output should be something like this:

PHP 5.4.16 (cli) (built: Apr 12 2018 19:02:01)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

2. Install the REMI and EPEL repositories

If you don’t already have them, install the Remi and EPEL repositories:

rpm -Uvh
rpm -Uvh

Enable the Remi repository globally:


Under the section that looks like [remi] make the following changes (enabled=0):

name=Remi's RPM repository for Enterprise Linux 7 - $basearch

Enable the Remi PHP7.4 Repository:


Under the section that looks like [remi-php74] make the following changes (enabled=1):

name=Remi's PHP 7.4 RPM repository for Enterprise Linux 7 - $basearch

3. Install required extensions

You can list the existing extensions using command below :

yum --enablerepo=remi-php73 search php73-

Simply prefix php7.4- with an extension that you need to install.
For example to get the php-curl extension use php7.4-curl

To view enabled modules, run:

$ php --modules

You can run the following command to search other available PHP modules under configured yum repositories. Below example command search for all modules for PHP 7.3.

yum --enablerepo=remi-php73 search php | grep php73
sudo yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysqlnd
yum --enablerepo=remi-php70 install php74-cli php74-common php74w-bcmath php74-dba php74-devel php74-embedded php74-fpm php74-gd php74-imap php74-interbase php74-intl php74-ldap php74-mbstring php74-mcrypt php74-mysql php74-odbc php74-opcache php74-pdo php74-pdo_dblib php74-pear php74-process php74-pspell php74-recode php74-tidy php74-xml php74-xmlrpc

4. Upgrade PHP 5.4 to PHP 7.4

Now we can upgrade PHP. Just type in the following command:

yum -y upgrade php*

This above procedure installed the updated PHP, however it isn’t active.


Version #2

Here is another version. Most steps are similar, but there are additional ones:

1. Download Remi and EPEL Repository packages

First, download Remi and EPEL Repository packages:

$ wget -q
$ wget -q

2. Enable Remi and EPEL Repository

Install both previously downloaded packages and enable Remi PHP 7 repo:

# rpm -i remi-release-7.rpm epel-release-latest-7.noarch.rpm

# yum-config-manager --enable remi-php70
# yum-config-manager --enable remi-php71
# yum-config-manager --enable remi-php72
# yum-config-manager --enable remi-php73
# yum-config-manager --enable remi-php74

Current latest PHP version from Remi repository is 7.4. Amend the above command for any other subsequent PHP releases.

??? This may be an alternative comman:

yum --enablerepo=remi update remi-release

These are the missing steps cut from another tutorial:

Step 5 – Now delete current PHP installation but make sure you stopped Apache first:

service httpd stop

yum -y remove php

Step 6 – Finally, issue this command to install PHP 7.4 with all necessary modules:

yum –enablerepo=remi-php74 install php74-php php74-php-pear php74-php-bcmath php74-php-pecl-jsond-devel php74-php-mysqlnd php74-php-gd php74-php-common php74-php-fpm php74-php-intl php74-php-cli php74-php php74-php-xml php74-php-opcache php74-php-pecl-apcu php74-php-pecl-jsond php74-php-pdo php74-php-gmp php74-php-process php74-php-pecl-imagick php74-php-devel php74-php-mbstring

Step 7 – Next, at this point, you can simply stop the old PHP-fpm service and start the newly installed PHP74-fpm

(Obviously you should use the alternative if you have php-cgi)

service php-fpm stop

service php70-php-fpm start

Step 8 – Finally you can delete the old php symblink and create a new one:

rm /usr/bin/php
ln -s /usr/bin/php70 /usr/bin/php

Also do not forget to restart Apache service / httpd:

service httpd restart

These may or may not be relevant:

If you are using Apache as your web server then just restart the Apache service using the following command and you are good to go:

sudo systemctl restart httpd

Unlike Apache, Nginx doesn’t have built-in support for processing PHP files so we need to install a separate application such as PHP FPM which will handle the PHP file

To install the PHP FPM package run the following command:

sudo yum install php-fpm

By default PHP FPM will run as user apache on port 9000. We’ll change the user to nginx and switch from TCP socket to Unix socket. To do so edit the lines highlighted in yellow:

user = nginx
group = nginx
listen = /run/php-fpm/www.sock
listen.owner = nginx = nginx

Make sure the /var/lib/php directory has the correct ownership:

chown -R root:nginx /var/lib/php

Once you made the changes, enable and start the PHP FPM service:

sudo systemctl enable php-fpm
sudo systemctl start php-fpm

Next, edit the Nginx virtual host directive and add the following location block so that Nginx can process PHP files:

server {

    # . . . other code

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

For the new configuration to take effect, restart the Nginx service:

sudo systemctl restart nginx


Apache and NGINX Together

Apache behind Nginx

Using Nginx as the primary frontend webserver can increase performance regardless if you choose to keep Apache running on the system. One of Nginx’s greatest advantage is how well it serves static content. It does so much more efficiently than Apache, and with very little cost to memory or processing. So placing Nginx in front will remove that burdern off Apache, leaving it to concentrate on dynamic request or special scenarios. Read More

Handling Excessive Resource Usage Emails on CWP7

Excessive Resource Usage: RPC

The rpcbind package is not required unless you use NSF mounts on the server. You can disable them:


  • # systemctl disable rpcbind
  • # systemctl disable rpcbind.socket
  • # systemctl stop rpcbind
  • # systemctl stop rpcbind.socket


Turning Off Excessive Resource Emails

Firewall main configuration:

Contents of File: /etc/csf/csf.conf

# This User Process Tracking option sends an alert if any linux user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
# Set to 0 to disable this feature
PT_USERTIME = “1800”

1800 = 30 min

You can set it to 0 to turn it off also set it to a higher value.

How to install CentOS Web Panel in CentOS 7


CentOS Web Panel (CWP) is a free web hosting panel for RPM-based distributions like CentOS, and provides an easy-to-use interface to manage your server. CWP comes with a huge variety of features/services, and unlike other control panels, it can automatically install a LAMP stack with a Varnish cache. Some of its other features include:

  • CSF firewall
  • File system lock
  • User management
  • DNS management
  • SSL generator
  • System & services monitoring
  • File manager
  • SQL services

In this tutorial, we will look at how to install CentOS Web Panel in CentOS 7 and configure some of its services once the installation is complete. Read More

What is SSH?


Security always plays a major role on the internet: That’s why the SSH security procedure is firmly anchored in the TCP/IP protocol stack. The SSH protocol allows users to establish a secure connection between two computers. The network protocol has been in use since 1995 and has been revised several times since then. We explain the most important terminology of the SSH protocol and how encryption works.

What do you need SSH for?

SSH enables two computers to establish a secure and direct connection within a potentially unsecure network, such as the internet. This is necessary so that third parties can’t access the data stream, which would result in sensitive data falling into the wrong hands. Even before secure shell, there were ways to establish direct connection between two computers, but the corresponding applications such as Telnet, Remote Shell, or rlogin were all unsecure. SSH encrypts the connection between two computers and enables a second one to be operated from one computer.

Read More

Change SSH port in CWP

SSH Port 22

CWP comes with the OpenSSH server. This is using by default port 22. CWP doesn’t modify this at installation time but notifies you to change it as soon as possible. The message looks like:


WARNING: Security vulnerability! Your server is using default SSH Port 22, to make your server more secure change SSH port in config file /etc/ssh/sshd_config and in CSF firewall ! After changes are done don’t forget to restart SSH and CSF Firewall.

Read More