[BlueOnyx:25699] BlueOnyx 5211R Released

Michael Stauber mstauber at blueonyx.it
Tue Nov 22 00:59:19 -05 2022 

Hi all,

[ HTML-Version of this text:                                   ]
[ https://www.blueonyx.it/news/310/54/BlueOnyx-5211R-Released  ]


BlueOnyx 5211R has been released today! \o/
============================================

After a 12 month development ordeal (starting on RHEL9 Beta!) BlueOnyx 
5211R for EL9 (RHEL9, AlmaLinux 9, Rocky Linux 9) we finally have a 
release candidate ready to present.

We don't have an ISO image yet (will follow in the next few days), but 
we do have VMDK and VDI images as well as a procedure for a manual 
install of BlueOnyx 5211R onto an existing (minimal) install of RHEL9, 
AlmaLinux 9 or Rocky Linux 9:

https://www.blueonyx.it/5211r-manual-install


Differences between 5211R and its predecessor 5210R:
====================================================

Let us start with some changes on the OS level: EL9 now ships with 
PHP-8.0.20 and "upstream" (RedHat) decided that this release was a good 
time to finally deprecate the PHP DSO module from their build. After 
all: Apache cannot use the faster HTTP/2 protocol if PHP is loaded as 
DSO module. We debated a bit back and forth if we should ignore this, 
make DSO or HTTP/2 mode electable and provide our own PHP DSO. In the 
end we bowed to the wisdom of the decision to deprecate PHP as DSO. The 
only benefit would have been the continued usage of DSO + mod_ruid2. 
But: Even mod_ruid2 is on its way out and can be considered as good as 
dead as far as the further development of it goes.

So this leaves us with HTTP/2 for Apache out of the box for BlueOnyx 
5211R and we no longer need to use Nginx as HTTP/2 proxy. You still can, 
but there is no real reason to do so anymore. On the PHP side BlueOnyx 
5211R can run Vsites now with suPHP or PHP-FPM (which is the new default).

The days when our PHP-FPM implementation had issues with .htaccess files 
are long gone, so PHP-FPM is the best choice anyway.

Under the hood EL9 behaves much the same as EL8 and there aren't really 
any new tricks to learn. While EL9 is newer than EL8, it doesn't blow us 
out of the water as far as OS related improvements go. Daemons and 
libraries are newer, OpenSSL 3.0 is now used for SSL, Python 2 had been 
deprecated and removed for good, but that's mostly it.


The new BlueOnyx 5211R GUI
===========================

It looks the same as before, right? Yeah, but under the hood it's all 
new. That alone was a three months round the clock (weekends included) 
coding effort.

The new BlueOnyx GUI uses the latest CodeIgniter 4.2.10, brings its own 
PHP-8.1.12 aboard (installed in /home/solarspeed/admserv-php-8.1/) and 
AdmServ (now with HTTP/2) uses a separate AdmServ-PHP-FPM daemon to run 
the new PHP just for the GUI.

This unshackles the OS provided PHP from the GUI and you can do with 
that whatever you want. It may break your Vsites PHP implementation if 
you upgrade PHP yourself, but the GUI will still work as it now brings 
its own.

The new CodeIgniter 4 that we use made it necessary that all GUI pages 
were rewritten entirely to match the new format. This allowed us to do a 
thorough cleanup job and re-think how we did certain things before. The 
new GUI is leaner and meaner, has less baggage, a CCEd cache for 
speeding up certain very often used transactions and re-uses and 
combines function calls into a so called "BaseController" that is used 
by all GUI pages.

The end result is a 2-3x speed improvement of the GUI.

While the GUI still looks the same as far as optics go, here are some 
notable differences. Some of it has already been mentioned:

- GUI uses separate PHP-8.1 instance unrelated to OS PHP

- Vsite PHP options are now suPHP and PHP-FPM

- Net2FTP and its GUI integration has been deprecated

- Mailman functionality has been removed until a suitable EL9 Mailman
   RPM surfaces

- /root/network_settings.sh now requires you to set the server name
   as this is required for the new GUI.

- GUI now has a brute force login prevention mechanism.

- GUI now ONLY works via HTTPS (HTTP directly redirects to HTTPS).

- GUI CSRF protection is enabled by default.

- API and WHMCS module are fully working.

- Easy-Migrate for migrations to and from BlueOnyx 5211R is provided.

- Postfix is now the default MTA, although Sendmail can still be
   selected in the GUI.

- NTPd has been replaced with Chronyd.


What's next?
============

Although BlueOnyx 5211R is now officially released, our plate is still 
full and these are the things that we need to tackle in the next 2-3 weeks:

     - Bugfixes (there may be some - there always are on a new release)
     - Rolling up of an AlmaLinux 9.1 ISO image of BlueOnyx 5211R
     - Porting existing BlueOnyx Shop PKGs over to BlueOnyx 5211R
       (AV-SPAM, PHP, Firewalld GUI, WebApps, Fail2ban and so on)
     - We will try to release some older PHP versions for BlueOnyx
       5211R as well for downward compatibility

That should keep us busy until Christmas 2022. However, the new GUI had 
us thinking a little "What if?"

Now what if we port this back to BlueOnyx 5210R as well?

The speed improvements are so dramatic that it's almost a crime that the 
older BlueOnyx 5210R should continue to drag an anchor until its EOL 
many, many years down the road. If we release (more or less) the same 
GUI for 5210R as well, then it would also make code maintenance a LOT 
easier for us. Both BlueOnyx 5210R and 5211R then would share 38 
identical modules and only a dozen would need to be maintained 
separately due to OS related differences.

We haven't yet decided if we do this, but it's likely.


So stay tuned and if you can: Give BlueOnyx 5211R a try and let us know 
what you think! If you know BlueOnyx 5210R, then you should feel right 
at home in BlueOnyx 5211R as well and we hope that you like the speed 
improvements of the GUI.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list