TheHolbi

Just a note: With the above script and the pre run and external modules, I have already installed PHP-FPM 8.3.28 and PHP-FPM 8.4.15 versions on 6 different AlmaLinux 9.6 based VPSs, and they run flawlessly.

We need Pre Run modules, the ZIP also added.

Hello @Sandeep B. Thank you for the tutorial. I ran into a few problems under AlmaLinux 9.6, which this installation script has already fixed. #!/bin/bash set -euo pipefail set -x # For el9 only : dnf config-manager --set-enabled crb # run these for el8 and el9 dnf -y groupinstall "Development Tools" dnf -y install glibc-devel elfutils-libelf-devel dnf -y install git make gcc gcc-c++ \ binutils glibc-devel autoconf libtool \ bison re2c automake libxml2-devel openssl-devel \ sqlite-devel bzip2-devel libcurl-devel libpng-devel \ libavif-devel libwebp-devel libjpeg-devel \ libXpm-devel freetype-devel gmp-devel \ libicu-devel openldap-devel oniguruma-devel \ libargon2-devel libtidy-devel libxslt-devel # Build PHP 8.4 switcher: rm -rf /usr/local/php-84 mkdir -p /usr/local/php-84 cd /usr/local/php-84 wget http://php.net/distributions/php-8.4.15.tar.gz tar zxvf php-8.4.15.tar.gz cd php-8.4.15 # For el9 mandatory: --with-openssl=/usr/lib64 ./configure --with-config-file-path=/usr/local/php \ --enable-cgi \ --with-config-file-scan-dir=/usr/local/php/php.d \ --with-zlib=/usr \ --enable-mbstring \ --with-zip \ --enable-bcmath \ --enable-pcntl \ --enable-ftp \ --enable-exif \ --enable-calendar \ --enable-sysvmsg \ --enable-sysvsem \ --enable-sysvshm \ --with-tidy \ --with-curl \ --with-iconv \ --with-gmp \ --enable-gd \ --with-avif \ --with-jpeg \ --with-freetype \ --enable-gd-jis-conv \ --with-webp \ --with-xpm \ --with-openssl=/usr/lib64 \ --with-pdo-mysql=mysqlnd \ --with-gettext=/usr \ --with-bz2=/usr \ --with-mysqli \ --enable-soap \ --enable-phar \ --with-xsl \ --enable-posix \ --enable-sockets \ --with-external-pcre \ --with-libdir=lib64 \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --enable-intl \ --with-password-argon2 \ --enable-litespeed \ --with-ldap=/usr \ --with-ldap-sasl=/usr \ --with-pear \ --with-sodium # These settings will break on el9 - AlmaLinux 9.6 # export CFLAGS="-O2 -fPIE -DPIC" # export CXXFLAGS="-O2 -fPIE -DPIC" # export LDFLAGS="-pie -Wl,--as-needed" export PKG_CONFIG_PATH=/usr/lib64/pkgconfig export CFLAGS="-O2" export CXXFLAGS="-O2" export LDFLAGS="-L/usr/lib64 -Wl,--as-needed" make -j$(nproc) make install # ---------- remove old .ini from PHP 5.x, 7.x ----- rm -f /usr/local/php/php.d/sodium.ini # ---------- PECL IMAGICK INSTALL ---------- echo "Installing Imagick dependencies…" dnf -y install ImageMagick ImageMagick-devel echo "Installing Imagick via PECL…" /usr/local/bin/pecl install imagick echo "Adding imagick.ini…" mkdir -p /usr/local/php/php.d echo "extension=imagick.so" > /usr/local/php/php.d/imagick.ini echo "PHP CLI build with Imagick completed successfully!" php -v php -m | grep imagick --with-openssl=/usr/lib64 --with-pear --with-sodium without the switches and with the recommended FLAG settings, PHP 8.4.15 did not compile properly. And it may also be necessary to remove the old sodium.ini if it was left in the directory from PHP 5.x, 7.x. rm -f /usr/local/php/php.d/sodium.iniBut with the above settings, all parts of PHP 8.4.15 are compiling properly in AlmaLinux 9.6. [root@vps ~]# php -i | grep -i sodium Configure Command => './configure' '--with-config-file-path=/usr/local/php' '--enable-cgi' '--with-config-file-scan-dir=/usr/local/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-iconv' '--with-gmp' '--enable-gd' '--with-avif' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-xpm' '--with-openssl=/usr/lib64' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-password-argon2' '--enable-litespeed' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--with-pear' '--with-sodium' sodium sodium support => enabled libsodium headers version => 1.0.18 libsodium library version => 1.0.18 [root@vps ~]# php -i | grep -i openssl Configure Command => './configure' '--with-config-file-path=/usr/local/php' '--enable-cgi' '--with-config-file-scan-dir=/usr/local/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-iconv' '--with-gmp' '--enable-gd' '--with-avif' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-xpm' '--with-openssl=/usr/lib64' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-password-argon2' '--enable-litespeed' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--with-pear' '--with-sodium' SSL Version => OpenSSL/3.5.1 libSSH Version => libssh/0.10.4/openssl/zlib openssl OpenSSL support => enabled OpenSSL Library Version => OpenSSL 3.5.1 1 Jul 2025 OpenSSL Header Version => OpenSSL 3.5.1 1 Jul 2025 Openssl default config => /etc/pki/tls/openssl.cnf openssl.cafile => no value => no value openssl.capath => no value => no value OpenSSL support => enabled

Added the final, three-tier, fully robust PHP source download module: ✔ 1. CWP CDN (if there → fast) ✔ 2. php.net CDN (official) ✔ 3. GitHub codeload (always works in tar.gz format) Since PHP 8.4.14 package was found by the download section of the script, but for PHP 8.4.15 it gave a false not found signal.

@Starburst @Sandeep B. here is the working for me manual PHP update of CWP: https://www.alphagnu.com/topic/614-how-to-add-custom-php-84-85-support-to-cwp-on-almalinux-9x/

Full tutorial with GUI integration, fixed OpenSSL support, external modules, and a working custom PHP builder. This guide explains how to properly add PHP 8.4 and PHP 8.5 to Control Web Panel (CWP) on EL9-based systems. Unlike older CWP releases, CWP does not provide official PHP 8.4/8.5 packages yet — but with the steps below you can fully integrate them into and you can also fix the PHP 8.3 OpenSSL problem based on this: ✔ the CWP PHP Selector GUI ✔ Apache / Nginx vhosts ✔ external PECL modules ✔ system services ✔ CSF/Monit integration This article provides everything: file paths, scripts, corrections, and the build steps. ⚙️ Step 1 — Extend the CWP GUI to Support PHP 8.4 and 8.5CWP reads available PHP versions from: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/versions.iniAdd the new PHP versions like: [8.3] version[]=8.3.28 version[]=8.3.27 version[]=8.3.25 version[]=8.3.21 version[]=8.3.20 version[]=8.3.19 version[]=8.3.17 version[]=8.3.16 version[]=8.3.15 version[]=8.3.14 version[]=8.3.13 version[]=8.3.12 version[]=8.3.11 version[]=8.3.10 version[]=8.3.9 version[]=8.3.8 version[]=8.3.7 version[]=8.3.6 version[]=8.3.4 version[]=8.3.3 version[]=8.3.2 version[]=8.3.1 version[]=8.3.0 [8.4] version[]=8.4.15 version[]=8.4.14 version[]=8.4.13 version[]=8.4.12 version[]=8.4.11 version[]=8.4.10 version[]=8.4.9 version[]=8.4.8 version[]=8.4.7 version[]=8.4.6 version[]=8.4.4 version[]=8.4.3 version[]=8.4.2 version[]=8.4.1 version[]=8.4.0 [8.5] version[]=8.5.0 This makes the versions selectable in the GUI. If you don't want to make previous PHP 8.4 versions optional under 8.4.14, you can leave them out of the list. ⚙️ Step 2 — Create 8.4.ini and 8.5.ini GUI TemplatesLocation: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/Create these files based on the sample and content of 8.3.ini: 8.4.ini 8.5.ini Both must contain a corrected OpenSSL section: [openssl] default=1 option="--with-openssl=/usr" info-file=openssl.txt (Older CWP templates use deprecated OpenSSL paths that break EL9 builds. The corrected version above is mandatory. And similarly, the OpenSSL section in the 8.3.ini file must be corrected.) These files provide the GUI-driven configure flags that our builder script will later use. ⚙️ Step 3 — Create External and Pre Run Modules for PHP 8.4 and 8.5Create these directories and update the content of 8.3 folder with the linked ZIP file: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/external_modules/8.3 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/external_modules/8.4 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/external_modules/8.5Populate each directory with the updated scripts: apcu.sh imagick.sh memcache.sh memcached.sh mailparse.sh mongodb.sh redis.sh ssh2.sh uploadprogress.sh xdebug.sh yaz.sh sodium.sh sourceguardian.sh sqlsrv.sh ioncube.sh (With proper loader URL handling: stable for 8.4, beta for 8.5.) 👉 Here is the ZIP file with all corrected module scripts to this post for download: External_Modules Create these directories and update the content of 8.3 folder with the linked ZIP file: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/pre_run/8.3 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/pre_run/8.4 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/pre_run/8.5Pre Run Modules ⚙️ Step 4 — Install the Custom Builder ScriptPlace the builder script in: /root/build-php-fpm84-el9.sh This script: ✔ reads the GUI-generated configure template ✔ enforces OpenSSL 3.x for EL9 ✔ builds PHP cleanly under /opt/alt/php-fpm84/usr/ ✔ installs FPM service, ini files, sockets ✔ compiles all external modules ✔ integrates CSF and Monit ✔ logs every step You can rewrite this script to install PHP 8.3.28 or PHP 8.5.0 by changing just a few variables. Here is the corrected PHP compiler script located in /root/build-php-fpm84-el9.sh file: #!/bin/bash set -euo pipefail set -x # --- Basic variables --- PHPMAJOR="84" # php-fpm84 PHPVER="8.4.15" # PHP version FPMDIR="/opt/alt/php-fpm${PHPMAJOR}" CONFBASE="/usr/local/cwp/.conf/php-fpm_conf" arch=$(uname -m) if [[ "$arch" == "x86_64" ]]; then platform="x86-64" libdir="/usr/lib64" else platform="x86" libdir="/usr/lib" fi # --- Packages for Build (EL9) --- dnf -y install \ krb5-devel glibc-common gnutls-devel \ libargon2 libargon2-devel libbsd-devel \ perl libzip libzip-devel pcre2 pcre2-devel \ libavif libavif-devel \ uw-imap-devel \ openssl-devel # If there is any old CWP OpenSSL hack left, don't use it.: if [ -d /usr/local/opensslso ]; then echo "WARN: /usr/local/opensslso exists, but we DO NOT USE for compiling PHP (OpenSSL 1.1 hack)." fi # --- Force OpenSSL 3.x --- export PKG_CONFIG_PATH=/usr/lib64/pkgconfig export OPENSSL_CFLAGS="-I/usr/include" export OPENSSL_LIBS="-L/usr/lib64" export LDFLAGS="-lssl -lcrypto" # --- CWP pre-conf, if exists (e.g.: pcre2, & other libs) --- if [ -e "${CONFBASE}/php${PHPMAJOR}_pre.conf" ]; then bash "${CONFBASE}/php${PHPMAJOR}_pre.conf" fi # --- PHP SOURCE DOWNLOAD CHECK: CWP CDN → OFFICIAL php.net → GitHub fallback --- CWP_URL="http://static.cdn-cwp.com/files/php/php-${PHPVER}.tar.gz" PHPNET_URL="https://www.php.net/distributions/php-${PHPVER}.tar.gz" GITHUB_URL="https://codeload.github.com/php/php-src/tar.gz/refs/tags/php-${PHPVER}" # Function: check HTTP 200 + verify tar.gz content check_and_verify() { local url="$1" local testfile="/tmp/php-test-${PHPVER}.tar.gz" echo "Checking: $url" # First check HTTP status code if ! curl -I -L -s "$url" | grep -q "200"; then echo " → HTTP check failed" return 1 fi # Download temporary test file if ! wget -q "$url" -O "$testfile"; then echo " → Download failed" return 1 fi # Validate MIME type of tar.gz if file "$testfile" | grep -qiE "gzip compressed data|tar archive"; then rm -f "$testfile" echo " → Valid TAR.GZ" return 0 fi echo " → Invalid TAR.GZ (HTML or wrong file)" rm -f "$testfile" return 1 } # Check sources in order (CWP → php.net → GitHub) if check_and_verify "$CWP_URL"; then PHPSOURCE="$CWP_URL" elif check_and_verify "$PHPNET_URL"; then PHPSOURCE="$PHPNET_URL" elif check_and_verify "$GITHUB_URL"; then PHPSOURCE="$GITHUB_URL" else echo "ERROR: Could not download a valid PHP source for version ${PHPVER}" exit 1 fi echo "Using source: $PHPSOURCE" # --- Build directory --- rm -rf /usr/local/src/php-build mkdir -p /usr/local/src/php-build cd /usr/local/src/php-build wget -q "${PHPSOURCE}" -O "php-${PHPVER}.tar.gz" tar -xvf "php-${PHPVER}.tar.gz" cd "php-${PHPVER}" # --- Configure: CWP's own php84.conf, but already wired to OpenSSL 3.x from env --- if [ ! -x "${CONFBASE}/php${PHPMAJOR}.conf" ]; then chmod +x "${CONFBASE}/php${PHPMAJOR}.conf" 2>/dev/null || true fi # IMPORTANT: LDFLAGS + PKG_CONFIG_PATH already exported bash "${CONFBASE}/php${PHPMAJOR}.conf" # --- Compiling --- if command -v nproc >/dev/null 2>&1; then make -j"$(nproc)" else make fi make install # --- PHP.ini + FPM scaffolding --- mkdir -p "${FPMDIR}/usr/php/php.d" mkdir -p "${FPMDIR}/usr/var/sockets" mkdir -p "${FPMDIR}/usr/etc/php-fpm.d" mkdir -p "${FPMDIR}/usr/etc/php-fpm.d/users" rsync php.ini-production "${FPMDIR}/usr/php/php.ini" sed -i 's/^short_open_tag.*/short_open_tag = On/' "${FPMDIR}/usr/php/php.ini" sed -i 's/^;cgi.fix_pathinfo=.*/cgi.fix_pathinfo=1/' "${FPMDIR}/usr/php/php.ini" sed -i 's/.*mail.add_x_header.*/mail.add_x_header = On/' "${FPMDIR}/usr/php/php.ini" sed -i 's@.*mail.log.*@mail.log = /usr/local/apache/logs/phpmail.log@' "${FPMDIR}/usr/php/php.ini" echo "include=${FPMDIR}/usr/etc/php-fpm.d/users/*.conf" > "${FPMDIR}/usr/etc/php-fpm.d/users.conf" echo "include=${FPMDIR}/usr/etc/php-fpm.d/*.conf" > "${FPMDIR}/usr/etc/php-fpm.conf" cat > "${FPMDIR}/usr/etc/php-fpm.d/cwpsvc.conf" <<EOF [cwpsvc] listen = ${FPMDIR}/usr/var/sockets/cwpsvc.sock listen.owner = cwpsvc listen.group = cwpsvc listen.mode = 0640 user = cwpsvc group = cwpsvc pm = ondemand pm.max_children = 25 pm.process_idle_timeout = 15s request_terminate_timeout = 0 EOF # --- Systemd service --- cp sapi/fpm/php-fpm.service "/usr/lib/systemd/system/php-fpm${PHPMAJOR}.service" sed -i "s|\${exec_prefix}|${FPMDIR}/usr|g" "/usr/lib/systemd/system/php-fpm${PHPMAJOR}.service" sed -i "s|\${prefix}|${FPMDIR}/usr|g" "/usr/lib/systemd/system/php-fpm${PHPMAJOR}.service" systemctl daemon-reload systemctl enable "php-fpm${PHPMAJOR}" # --- Loading Apache FPM module if not already present --- if [ ! -e "/usr/local/apache/conf.d/php-fpm.conf" ]; then cat > /usr/local/apache/conf.d/php-fpm.conf <<EOF <IfModule !proxy_fcgi_module> LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so </IfModule> EOF fi # --- External modules (imagick, redis, imap, etc.) --- if [ -e "${CONFBASE}/php${PHPMAJOR}_external.conf" ]; then bash "${CONFBASE}/php${PHPMAJOR}_external.conf" || true fi # --- Monitor integration --- if [ -d "/etc/monit.d" ]; then if [ ! -e "/etc/monit.d/php-fpm${PHPMAJOR}" ]; then if [ -e "/usr/local/cwpsrv/htdocs/resources/conf/monit.d/php-fpm${PHPMAJOR}" ]; then cp "/usr/local/cwpsrv/htdocs/resources/conf/monit.d/php-fpm${PHPMAJOR}" /etc/monit.d/ 2>/dev/null || true monit reload || true fi fi fi systemctl restart "php-fpm${PHPMAJOR}" # --- CSF pignore --- if [ -e "/etc/csf/csf.pignore" ]; then # PHP-FPM + PHP binary if ! grep -q "${FPMDIR}/usr/sbin/php-fpm" /etc/csf/csf.pignore; then echo "exe:${FPMDIR}/usr/sbin/php-fpm" >> /etc/csf/csf.pignore fi if ! grep -q "${FPMDIR}/usr/bin/php" /etc/csf/csf.pignore; then echo "exe:${FPMDIR}/usr/bin/php" >> /etc/csf/csf.pignore fi # memcached daemon if command -v memcached >/dev/null 2>&1; then if ! grep -q "exe:/usr/bin/memcached" /etc/csf/csf.pignore; then echo "exe:/usr/bin/memcached" >> /etc/csf/csf.pignore fi fi # redis-server daemon if command -v redis-server >/dev/null 2>&1; then if ! grep -q "exe:/usr/bin/redis-server" /etc/csf/csf.pignore; then echo "exe:/usr/bin/redis-server" >> /etc/csf/csf.pignore fi fi # Restart CSF/LFD to apply changes csf -r fi rm -rf /usr/local/src/php-build rm -rf /usr/local/src/build-dir echo "PHP ${PHPVER} (php-fpm${PHPMAJOR}) build finished successfully." It is for sample, you can modify it by your needs. ⚙️ Step 5 — Trigger the GUI Build OnceFrom the CWP Admin Panel: PHP-FPM Selector → PHP 8.4 → Choose desired version of PHP → Build CWP will: generate the build configuration files stop early because no packages exist (expected!) but now the config files are ready The GUI selector (Image on the shared link) This step must be done once so the GUI produces: /usr/local/cwp/.conf/php-fpm_conf/php84.conf /usr/local/cwp/.conf/php-fpm_conf/php84_pre.conf /usr/local/cwp/.conf/php-fpm_conf/php84_external.conf Our builder script depends on them. ⚙️ Step 6 — Build PHP 8.4 With LoggingRun the custom builder script manually: bash /root/build-php-fpm84-el9.sh 2>&1 | tee /root/php84-build.log This: logs all output compiles PHP 8.4.14 installs extensions - e.g. IonCube loader if it was selected reloads FPM integrates CSF pignore entries exe:/usr/bin/redis-server exe:/usr/bin/memcached After the build: Test PHP:/opt/alt/php-fpm84/usr/bin/php -v /opt/alt/php-fpm84/usr/sbin/php-fpm -t Verify IonCube:grep -Ri ioncube /opt/alt/php-fpm84/usr/php/php.d/ Verify Imagick:/opt/alt/php-fpm84/usr/bin/php -r "print_r(Imagick::getVersion());"⚙️ Repeat the Process for PHP 8.5The steps are identical, except: PHP version is different ionCube loader uses the beta build ioncube_loaders_lin_x86-64_beta.tar.gz Here is the IonCube documentation. The PHP 8.4 is fully supported, PHP 8.5 is Beta in the moment. 🎉 ResultAfter completing these steps you will have: ✔ Fully working PHP 8.4 or 8.5 ✔ 100% GUI-compatible (PHP Selector, vhost handler, extension manager) ✔ Proper OpenSSL 3.x integration ✔ All external PECL modules working ✔ Systemd FPM services ✔ Clean, isolated alt-PHP folders under /opt/alt ✔ No conflict with AlmaLinux REMI PHP packages And most importantly: You can now run PHP 8.4 / 8.5 safely in production on CWP EL9. I also fixed the PHP - OpenSSL compilation issue in AlmaLinux 9.x with PHP 8.3.28 version of the script. PHP now uses OpenSSL 3.x. Checking the compiled PHP versions (e.g. 8.4.14 and 8.3.28): [root@vps ~]# /opt/alt/php-fpm84/usr/bin/php -v PHP 8.4.14 (cli) (built: Dec 1 2025 22:53:34) (NTS) Copyright (c) The PHP Group Zend Engine v4.4.14, Copyright (c) Zend Technologies with the ionCube PHP Loader v15.0.0, Copyright (c) 2002-2025, by ionCube Ltd. with Zend OPcache v8.4.14, Copyright (c), by Zend Technologies [root@vps ~]# /opt/alt/php-fpm83/usr/bin/php -v PHP 8.3.28 (cli) (built: Dec 1 2025 16:39:53) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.28, Copyright (c) Zend Technologies with Zend OPcache v8.3.28, Copyright (c), by Zend Technologies [root@vps ~]# Checking OpenSSL: [root@vps ~]# /opt/alt/php-fpm84/usr/bin/php -i | grep -i "openssl" Configure Command => './configure' '--prefix=/opt/alt/php-fpm84/usr' '--with-config-file-path=/opt/alt/php-fpm84/usr/php' '--with-config-file-scan-dir=/opt/alt/php-fpm84/usr/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-iconv' '--with-gmp' '--with-pspell' '--enable-gd' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-avif' '--with-zlib-dir=/usr' '--with-xpm' '--with-openssl=/usr' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--with-kerberos' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-imap' '--with-imap-ssl' '--enable-fpm' '--enable-opcache' '--with-password-argon2' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig' 'OPENSSL_CFLAGS=-I/usr/include' 'OPENSSL_LIBS=-L/usr/lib64' SSL Version => OpenSSL/3.5.1 libSSH Version => libssh/0.10.4/openssl/zlib openssl OpenSSL support => enabled OpenSSL Library Version => OpenSSL 3.5.1 1 Jul 2025 OpenSSL Header Version => OpenSSL 3.5.1 1 Jul 2025 Openssl default config => /etc/pki/tls/openssl.cnf openssl.cafile => no value => no value openssl.capath => no value => no value OpenSSL support => enabled [root@vps ~]# If you have any suggestions, please feel free to write to me.

Unfortunately, for some time now, the CSF + LFD firewall has not been installed under AlmaLinux 9.x when installing CWP Pro, so I have installed the last 3 servers under AlmaLinux 8.10. So I don't have a VPS suitable for testing, but I have put together a solution for PHP 8.4 on one of the less busy production AlmaLinux 9.x VPS, which is quite CWP GUI friendly. And this could perhaps be supplemented or improved. I'll post it here in a separate post.

Hello @Sandeep B. What can we expect? Would you have some time to show a PHP 8.4, 8.5 installation that works with the CWP GUI?

When upgrading from 10.1, 10.2, 10.3 to 10.11 to find the proper MariaDB repo you can use this service: curl -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version="mariadb-10.11" Description: Link: https://mariadb.com/kb/en/mariadb/mariadb-package-repository-setup-and-usage/

CSF replacement tested in old Centos 7, AlmaLinux 8.10 and AlmaLinux 9.6The CSF project is continuing as Open Source project, the website is here: https://docs.configserver.dev/ Github: https://github.com/Aetherinox/csf-firewall And as it was suggested in article https://www.jaspreet.net/2025/09/06/3180/how-to-fix-csf-firewall-error-oops-unable-to-download-no-host-option-provided/ you have to update the content of /etc/csf/downloadserver Comment out (or delete) the old content of the file and set the new line of download server: download.configserver.dev Restart CSF and from the GUI of CWP update Firewall. The result will be appear in the screen, and the CFS/LFD will update to the current version: Status: csf: v15.01 (CentOS Web Panel) Or, you can use the solution suggested by @Starburst above.

I did an experiment with Remi based multi PHP. Here is the install script: #!/usr/bin/env bash set -euo pipefail # --- 0. Repos dnf install -y epel-release dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm # --- 1. Which PHP SCL version do you want to install VERSIONS=("php83" "php84") # If only 8.4 needs, let: ("php84") # Base PHP exts (for both PHP versions) BASE_PKGS=( php-fpm php-cli php-common php-opcache php-mysqlnd php-mbstring php-zip php-bcmath php-process php-exif php-calendar php-tidy php-curl php-iconv php-gmp php-pspell php-gd php-xml php-xsl php-soap php-intl php-imap php-sockets php-sodium php-gettext php-bz2 ) # PECL add-ons (Usually used with CWP Pro ) PECL_PKGS=( php-pecl-imagick-im7 php-pecl-memcache php-pecl-redis php-pecl-apcu php-pecl-mcrypt # you may remove it, if no need ) # System libs for GD (webp/avif/jpeg/freetype) and imagick running dnf install -y libavif libwebp libjpeg-turbo freetype ImageMagick aspell aspell-en # --- 2. Install the selected SCL PHP for V in "${VERSIONS[@]}"; do SAFE_PREFIX="${V/83/83}" # for example: V e.g. "php84" echo "===> Installing: ${V} (Remi SCL)" dnf --enablerepo=remi-safe install -y \ $(printf '%s ' "${BASE_PKGS[@]/#/$(echo $V)-}") \ $(printf '%s ' "${PECL_PKGS[@]/#/$(echo $V)-}") done # --- 3. Service start (itt most a 8.4-et engedélyezzük) systemctl daemon-reload systemctl enable php84-php-fpm systemctl restart php84-php-fpm systemctl enable php83-php-fpm systemctl restart php83-php-fpm echo "=== Ready: Remi SCL PHP 8.3, 8.4 installed."The place of php-fpm pool is: `nano /etc/opt/remi/php84/php-fpm.d/%username%.conf` where the %username% is the account name as usually in CWP Pro. php-fpm pool template with manual setup: [%username%] listen = /var/opt/remi/php84/run/php-fpm/%backend%.sock listen.owner = "%username%" listen.group = nobody listen.mode = 0660 user = "%username%" group = "%username%" pm = ondemand pm.max_children = 4 pm.max_requests = 4000 pm.process_idle_timeout = 15s rlimit_files = 131072 rlimit_core = unlimited catch_workers_output = yes env[HOSTNAME] = $HOSTNAME env[TMP] = %home%/%username%/tmp env[TMPDIR] = %home%/%username%/tmp env[TEMP] = %home%/%username%/tmp env[PATH] = /opt/remi/php84/root/usr/bin:/usr/local/bin:/usr/bin:/binIf you use PHP 8.3 change version and set path accordingly. Change in generated Vhost template manually: <FilesMatch \.php$> SetHandler "proxy:unix:/var/opt/remi/php84/run/php-fpm/%username%.sock|fcgi://localhost" </FilesMatch>The only drawback is that we cannot use the excellent GUI features of CWP Pro this way, but everything runs flawlessly, and this PHP (both 8.3 and 8.4) integrates the correct version of OpenSSL 3.x. @Starburst You can try it. @Sandeep B. How we can integrate it into GUI ?

We could also use the PHP packages described in https://blog.remirepo.net/ . Remi's PHP versions are automatically updated, its have everything wee need for AlmaLinux 9.x, we just need to configure the PHP-FPM service and coordinate it with the CWP Apache and NGINX vhost templates. And this can be done even without the GUI. I use a similar setup on my development system under Ubuntu with the multi-php repo there.

🔍 Issue Summary (CSF v15.00):csf and lfd are both properly installed and running: systemctl status csf → active (exited) systemctl status lfd → active (running) Manual commands such as csf -e, csf -r work as expected lfd.log confirms proper startup, log watching, and IP tracking However, the CSF firewall still shows as "Disabled" on the CWP Admin interface. ✅ What Works Correctly (on another server):On a similar environment (CWP Pro + AlmaLinux 9.x), the CSF firewall is correctly shown as active in the CWP interface when using csf v14.24 (CentOS Web Panel) All functionality and UI detection works fine with that version

The CSF project is abandoned, and newly installed CWP Pro already has several issues during installation. Here is the topic: https://www.jaspreet.net/2025/09/06/3180/how-to-fix-csf-firewall-error-oops-unable-to-download-no-host-option-provided/ @Sandeep B. Do you have any idea how to replace CSF in CWP Pro servers?

Hi @Sandeep B. Updated PHP and PHP 8.4 would be very desirable. Is there anything we can do to help make this happen? For example, I manage more than 15 CWP Pro licenses on different servers, and most of them - the owners - are urging me to upgrade.