Changes in KUSANAGI Security Edition

In addition to the existing KUSANAGI, built on the latest version of AlmaLinux OS 9, this change will allow for a wider selection of middleware.

In addition to the middleware provided by KUSANAGI, it will also be possible to use middleware provided by the base OS or by third parties as-is.
It will be possible to combine and operate multiple versions of middleware provided by KUSANAGI.

This document reflects the Changes in "KUSANAGI 9.5.0" as well as Planned changes after "KUSANAGI 9.5.0".
For completeness, the changes in "KUSANAGI 9.5.0" are also included here.

Service Name, Path Name and Configuration File Paths Change for Nginx

Changes in service name for Nginx

The Nginx service name will be changed to nginx128.service in Nginx 1.28 and nginx129.service in Nginx 1.29 respectively.
Also, the service name of future versions of Nginx will be changed to nginxXXX.service (where XXX is the version).

Because of this change, when targeting Nginx on KUSANAGI with the systemctl command, it is necessary to specify a service name that matches the version of Nginx you are using.

To restart and reload Nginx

Use kusanagi nginx command instead of systemctl command.

To restart
# systemctl restart nginx
↓
# kusanagi nginx

To reload
# systemctl reload nginx
↓
# kusanagi nginx --reload

Changes in path name for Nginx

The Nginx path name will be changed to /opt/kusanagi/nginx128/sbin/nginx for Nginx 1.28 and /opt/kusanagi/nginx129/sbin/nginx for Nginx 1.29 respectively.
Also, the path name of future versions of Nginx will be changed to /opt/kusanagi/nginxXXX/sbin/nginx (where XXX is the version).

As a result of this change, when executing the nginx command directly, you must specify the path corresponding to the version of Nginx in use.

To test Nginx

Use kusanagi nginx command instead of nginx command.

To test
# /opt/kusanagi/sbin/nginx -t
↓
# kusanagi nginx --test

Changes in configuration file paths for Nginx

The path to the Nginx configuration files has been changed as follows:
for Nginx 1.28, it is now /etc/opt/kusanagi/nginx128, and for Nginx 1.29, it is /etc/opt/kusanagi/nginx129.
Future Nginx versions will also use the format /etc/opt/kusanagi/nginxXXX (where XXX represents the version).
These configuration files are provided by KUSANAGI RPM packages and may be overwritten during RPM updates.

The path to Nginx configuration files generated for each profile remains /etc/opt/kusanagi/nginx as before.
If configuration files reference other files using relative paths via include, note that the base path will be the Nginx configuration directory ( /etc/opt/kusanagi/nginxXXX ).
If you need to include files from the previous configuration directory ( /etc/opt/kusanagi/nginx ), be sure to specify the absolute path.

Service Name, Path Name and Configuration File Paths Changed for Apache HTTP Server

Changes in service name for Apache HTTP Server

The Apache HTTP Server service name will be changed to httpd24.service.
Also, the service name of future versions of Apache HTTP Server will be changed to httpdXX.service (where XX is the version).

Because of this change, when targeting Apache HTTP Server on KUSANAGI with the systemctl command, it is necessary to specify a service name that matches the version of Apache HTTP Server you are using.

To restart and reload Apache HTTP Server

Use kusanagi httpd command instead of systemctl command.

To restart
# systemctl restart httpd
↓
# kusanagi httpd

To reload
# systemctl reload httpd
↓
# kusanagi httpd --reload

Changes in path name for Apache HTTP Server

The Apache HTTP Server path name will be changed to /opt/kusanagi/httpd24/sbin/httpd.
Also, the path name of future versions of Apache HTTP Server will be changed to /opt/kusanagi/httpdXX/sbin/httpd (where XX is the version).

As a result of this change, when executing the httpd command directly, you must specify the path corresponding to the version of Apache HTTP Server in use.

To test Apache HTTP Server

Use kusanagi httpd instead of apachectl command.

To test
# /opt/kusanagi/sbin/apachectl configtest
↓
# kusanagi httpd --test

Changes in configuration file paths for Apache HTTP Server

The path to the Apache HTTP Server configuration files has been changed to /etc/opt/kusanagi/httpd24.
Future Apache HTTP Server versions will also use the format /etc/opt/kusanagi/httpdXX (where XX represents the version).
These configuration files are provided by KUSANAGI RPM packages and may be overwritten during RPM updates.

The path to Apache HTTP Server configuration files generated for each profile remains /etc/opt/kusanagi/httpd as before.
If configuration files reference other files using relative paths via Include, note that the base path will be the Apache HTTP Server configuration directory ( /etc/opt/kusanagi/httpdXX ).
If you need to include files from the previous configuration directory ( /etc/opt/kusanagi/httpd ), be sure to specify the absolute path.

Service Name, Path Name and Configuration File Paths Changed for PHP

Changes in service name for PHP

The PHP service names have been changed as follows:
for PHP 8.3, php83-fpm.service, and for PHP 8.4, php84-fpm.service.
Future PHP versions will also follow the format phpXX-fpm.service (where XX represents the version).

As a result of this change, when managing KUSANAGI PHP using the systemctl command, you must specify the service name corresponding to the PHP version in use.

To restart and reload PHP

Use kusanagi php command instead of systemctl command.

To restart
# systemctl restart php-fpm
↓
# kusanagi php

To reload
# systemctl reload php-fpm
↓
# kusanagi php --reload

Changes in path name for PHP

The PHP binary path has been changed as follows:
for PHP 8.3, /opt/kusanagi/php83/bin/php, and for PHP 8.4, /opt/kusanagi/php84/bin/php.
Future PHP versions will also use the format /opt/kusanagi/phpXX/bin/php (where XX represents the version).

As a result of this change, when executing the php command directly, you must specify the path corresponding to the PHP version in use.

A symbolic link to the currently active PHP version is provided at /opt/kusanagi/php/bin/php.
If you do not need to specify a version explicitly, use this path.

To test PHP

Use kusanagi php instead of php-fpm command.

To test
# /opt/kusanagi/php/sbin/php-fpm -t
↓
# kusanagi php --test

Changes in configuration file paths for PHP

The paths to the PHP configuration files have been changed as follows:
for PHP 8.3, /etc/opt/kusanagi/php83.d and /etc/opt/kusanagi/php83-fpm.d, and for PHP 8.4, /etc/opt/kusanagi/php84.d and /etc/opt/kusanagi/php84-fpm.d.
Future PHP versions will also use the format /etc/opt/kusanagi/phpXX.d and /etc/opt/kusanagi/phpXX-fpm.d (where XX represents the version).
These configuration files are provided by KUSANAGI RPM packages and may be overwritten during RPM updates.

Changes in Web Server Configurations

KUSANAGI previously supported the following Web Server Configurations:

"nginx" mode
"httpd" mode
"nginx reverse proxy + httpd" mode

In KUSANAGI Security Edition, the Web Server Configurations have been changed as follows:

"nginx reverse proxy + nginx" mode
"nginx reverse proxy + httpd" mode
"nginx reverse proxy + production nginx + staging nginx" mode
"nginx reverse proxy + production php + staging php" mode

The previous Nginx-based setup is now replaced by "nginx reverse proxy + nginx" mode.
The previous Apache HTTP Server-based setup is now replaced by "nginx reverse proxy + httpd" mode.
In KUSANAGI Security Edition, the Apache HTTP Server configuration is equivalent to the previous "nginx reverse proxy + httpd" mode.
In addition, two new modes have been introduced to support SafeUpgrade.

For more details, refer to KUSANAGI Security Edition Web Server Configurations.

Changes in commands

Deprecated Commands

The following commands have been deprecated and are not available in KUSANAGI Security Edition:

addon install
addon remove
addon update
httpd-behind-nginx

New Commands

Commands specific to KUSANAGI Security Edition have been added: