I currently have in production a server with virtualmin pro on a Centos 7, due to the change of licensing of Centos I am thinking of changing the OS, I can not and do not want to be migrating the server every two years because there is a new version of OS, so in principle Ubuntu I do not think it would be my first choice, I had thought of Debian perhaps …
There are things that I would like to improve in my current server, like being able to offer more speed to Wordpress with http2 or maybe nginx, being able to have a better antispam control, it seems to me that in Centos spamassasin has stopped in an old version, being able to have fail2ban, I was testing with virtualmin but I couldn’t get out, at the moment I have a little mess with the repositories to try to install things that are not “standard”.
My idea would be to set up a server in parallel with the new OS and go testing with some domain and install with normal virtualmin everything I need, configure backups, etc. and when I have everything set up, use virtualmin pro to migrate to the new server.
Is this a good idea? What advice can you give me? I’m all ears
I configured my virtualmin VPS in 2016 with CentOS 7. It is rock solid, supported til 2024. In a couple years I’ll move it to AlmaLinux, but there’s no rush. Take your time, think it out. It’s how pilots get to live to an old age: Plan the flight, fly the plan.
If old software is the problem, make sure you have EPEL enabled and perhaps other repos with newer versions of your needed software. Google is your friend in that regard. Also, instead of fail2ban, you might check out CSF and LFD for a well supported firewall. I’m running an older version of APF/BFD but I’ll go CSF/LFD in the future.
I really don’t know where I had read that Centos 7 would stop receiving updates at the end of this year and that it would receive security updates until 2024, now I see that it is simply EOL until the end of 2024.
I greatly appreciate your comments, it is nice to see that we are not alone. @geocrasher I show you the repositories that I have enabled, so you can contrast with yours, maybe I can improve something here …
Webmin Webmin Distribution Neutral 194
base/7/x86_64 CentOS-7 - Base 10.072
centos-sclo-rh/x86_64 CentOS-7 - SCLo rh 7.656
centos-sclo-sclo/x86_64 CentOS-7 - SCLo sclo 816
epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13.679
extras/7/x86_64 CentOS-7 - Extras 500
mariadb MariaDB 100
remi-safe Safe Remi’s RPM repository for Enterprise Linux 7 4.636
updates/7/x86_64 CentOS-7 - Updates 2.884
virtualmin/7/x86_64 RHEL/CentOS/Scientific 7 - x86_64 - Virtualmin 195
virtualmin-universal Virtualmin Distribution Neutral Packages 235
webtatic/x86_64 Webtatic Repository EL7 - x86_64 789
repolist: 41.756
Check with @Joe before you do anything with repositories. He’s usually a stickler for not touching those as there have been a number of issues from people that do.
Thank you, do you have fail2ban working with this repos ?? i have a server behind pfsense, maybe make an snapshot and try to change repositories, php5 are obsolete, i don’t have but i have last php7 and php8
There are a couple of things you have to keep in mind when enabling other repos. It cannot be done before installing Virtualmin; it will absolutely break the installation, possibly in subtle ways. And, you should not enable additional repos unless you absolutely must have something in that repo. It should never be standard practice to just randomly enable a bunch of repos. That’s asking for disaster. One should also be specific about what you get from third-party repos, using include and exclude rules to make sure you’re not pulling in stuff you don’t need to.
It’s just such a common source of problems that it gets frustrating to see people go to such great lengths to break their systems, when there isn’t a compelling reason to do so. There’s a strong urge among some folks to have the latest and greatest of every service on their system…even though, most of the time, applications don’t need it, and you don’t gain anything of note by running a newer version. If you need newer versions of packages, it is much better to use a newer version of the distribution (CentOS 8, in this case).
And, finally, while we’re on the subject: People seem to be avoiding CentOS 8 and either migrating to Ubuntu or sticking with CentOS 7 and then patching it up with a bunch of third party repos. Both of these are probably mistakes. You almost certainly would be better off installing CentOS 8. If you’re migrating from an earlier CentOS, CentOS 8 is the only sensible choice (migrating between CentOS versions is trivial, between completely different distros is likely several hours of work and a bunch of reading and experimenting, even though Virtualmin papers over a lot of the differences, they are still very different operating systems). If you’re installing a fresh system with CentOS today, CentOS 8 is the only sensible choice. If you are starting fresh with no prior Virtualmin experience or backups to migrate, pick whichever supported OS you want. But, if you’re on the CentOS track, pick CentOS 8.
I cannot disagree with Joe of course! It’s good to know about enabling extra repos after installing Virtualmin. This, I did not know. I’ve always done it this way, however. I also know that Remi’s PHP repos are out of favor here, but it works for me which is obviously subjective.
@geocrasher Do you have last version os Spamassassin? i still in i 3.4.0 because repos Centos not have @Joe But Centos8 its different now its a tester version of redhat, maybe rocky or almalinux when the issue becomes clearer…
Nonsense. CentOS 8 (not Stream) is a complete and stable OS, and it is the version of CentOS you should be installing if you are installing a new CentOS system today (and there is no reason to switch to Ubuntu or Debian, just because things are getting shaken up a little bit in CentOS land). You will need to switch to Alma or Rocky (or some other rebuild) in the next few months, but that’s a minor thing…it only takes a few minutes.
Thanks @Joe Joe but i’m not hurry, my server with centos7 its stable, I am not going to make the switch to centos 8 which ends eol this year to make a switch to rocky or alma, I prefer to wait and test a server in parallel while I decide, maybe I continue with centos but in soul or rocky version and I will test with virtualmin to mount a better hosting server, with http2, last spamassasin version, take advantage of improving the security, etc…
I think this would be the best roadmap from what I’ve been reading, what do you think?
Yup me to but not PHP8 in centos7 have there also with http2 coditguru httpd repo while lot of other things in centos way don’t support php 8 very well, it is just starting to become supported by more and more.
IN CENTOS 8 ofcourse PHP8.
And no i don’t want php 5.x in Centos8 for same reason, better do new / newer stuff on real newer OS , and old / older on old OS knowing EOL things en of support or looking for payed extra longer (security) support from some …
That is only a delay , so no excuse to not update, if not ready you know you should be ready in x seconds haha.
Ok Ok doing myself one old php 5.6x remi , in Migration now, Remi has some backported security but still also Warning to Upgrade ofcourse.
For those who are on centos7 the Letsencrypt solution after 30 sep 2021 with the older openssl from Centos 7 is a hmm not 100percent one. (
The trust chain of your website certificate is not complete and/or not signed by a trusted root certificate authority.)
I have http2 and openssl newer version httpd and … so no problem with that on centos7 box
alternative for that could be zerossl…
Oyea the only thing i didn’t realy like centos8 alma, was the MARIADB 10.3x so installed MARIADB repo, is not as easy as folowing the MARIADB MANUAL so i don’t advice this if not needed!
Here in test MARIADB 10.6.x hopefully it is realy faster then the 10.3
You could also say some in the httpd version is … as this one: more current version of mod_md which supports wildcard ACME – sadly this requires apache 2.4.41
UH don’t use other REPO’s is best Advice, if needed though you should be ready knowing you need more time then.
