[BlueOnyx:16958] BlueOnyx 5209R BETA released

Michael Stauber mstauber at blueonyx.it
Wed Feb 4 23:17:39 -05 2015


Hi all,

BlueOnyx 5209R on CentOS 7 has been released today as BETA version.

The HTML version of this message is available here:

http://www.blueonyx.it/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=183&cntnt01origid=15&cntnt01pagelimit=4&cntnt01returnid=54

Several months of development have wrapped up today with the BETA relase
of BlueOnyx 5209R on CentOS 7.

An ISO image and an Aventurin{e}/OpenVZ OS template are available at the
usual download locations. A how-to for a manual install of BlueOnyx
5209R is also available.

The BlueOnyx Live Demo has also been updated to BlueOnyx 5209R.

BlueOnyx 5209R is only available as a 64-bit version, as CentOS 7 also
is only available for 64-bit.

The OS contains the main daemons and services in the following versions:

    Apache 2.4.6
    PHP-5.4.16
    MariaDB 5.5.40 (instead of MySQL)
    Sendmail 8.14.7
    Dovecot 2.2.10
    Mailman 2.1.15
    ProFTPd 1.3.5
    OpenSSH 6.4p1
    OpenSSL 1.0.1e
    Bind 9.9.4

BlueOnyx 5209R uses the same (new) Chorizo GUI that was introduced with
BlueOnyx 5207R and 5208R. However, the GUI has been extended with
several new features and detail enhancements. Some of them will
eventually flow back into 5207R and 5208R.

New PHP implementations:

In the past BlueOnyx supported two methods of how PHP could be activate
for virtual sites:

   - PHP (DSO - via the Apache 2 handler)
   - suPHP

This has been extended to the following options:

   - PHP (DSO)
   ============

    This option provides PHP through libphp5.so, which is also known as
mod_php. This option is usually the fastest way to execute PHP requests.
However, this option uses the apache system user to serve all PHP
requests. This can create problems when PHP scripts create files and
folders, as they will then be owned by apache, too.

   - suPHP
   ========

    This option provides PHP through mod_suphp. It is a very flexible
and secure way to serve PHP requests. If you select suPHP, then the PHP
scripts will run with the UID and GID of the owner of the virtual site.

   - PHP (DSO) + mod_ruid2
   ========================

    This option provides PHP through libphp5.so and the Apache module
mod_ruid2.so. This option is usually the fastest way to execute PHP
requests in a secure fashion. The extra module mod_ruid2 will run the
PHP scripts with the UID and GID of the owner of the virtual site.

   - FPM/FastCGI
   ==============

    This option provides PHP through PHP-FPM and mod_fcgid. This is a
fast and secure way to serve PHP requests. The PHP scripts can be
executed with the UID and GID of the owner of the virtual site. PHP-FPM
runs as a daemon with separate pool files for each virtual site that has
FPM/FastCGI active. There is also a new Active Monitor component that
monitors the PHP-FPM daemon and restarts it if needed.


These modification also extend to the "Server Administrator" menu. If
you create "reseller" accounts (by granting the capability "Virtual Site
Management"), then you can choose which PHP implementation (if any) this
reseller might use. You can grant all of them, just the secure ones or
none. That is up to you.

Other than that BlueOnyx 5209R contains a lot of smaller and larger
modifications and fixes which (at the end of the BETA-test) will
eventually be backported to BlueOnyx 5207R/5208R as well.

The newer Apache and the newer OpenSSL implementation also allow to use
slightly more secure crypto ciphers in BlueOnyx 5209R and it has already
been configured to use them if connecting clients support them. Other
than that BlueOnyx 5209R contains the same crypto related fixes as the
older BlueOnyx versions do. Which includes the disabling of weak crypto
ciphers and protocols.


Is BlueOnyx 5209R ready for production?
========================================

Short answer: Probably not yet.

It sure needs more testing. And we encourage you to help out with the
testing if you can. Please report any bugs you find. Either via the
built in Bugreport feature in the GUI, or by posting your findings to
the BlueOnyx mailing list.

As is you can already cmuImport virtual sites and users from older
BlueOnyx servers to BlueOnyx 5209R (and back).

At this time there are also not yet any commercial packages available
for BlueOnyx 5209R. We are currently working on porting the packages
over to BlueOnyx 5209R and they will become available by NewLinQ within
the next couple of weeks.

The packages with the highest priority at this time are:

    - NewLinQ (needed for PKG installs)
    - WebApp installer
    - AV-SPAM
    - Automated Backup
    - Security Package

The WebApps are already compatible and should be available on NewLinQ
once the first two items on the above list are released.

I'd like to thank all supporters and users of BlueOnyx who helped to
make this happen. Enjoy the new BlueOnyx 5209R!

-- 
With best regards

Michael Stauber



More information about the Blueonyx mailing list