Is it possible to use ISPConfig with an alternate httpd installation

Discussion in 'Installation/Configuration' started by Voodoo Priest, Jun 23, 2019.

  1. Voodoo Priest

    Voodoo Priest New Member

    Greetings,
    I am setting up a new CentOS 7 server in order to migrate an old server (running CentOS6) and shut the latter down.

    On the old server, I had the standard httpd package from official repos. Due to how packages from official pre-configured repos lagged behind, I am thinking of using the httpd24-httpd package from SCL.

    However, judging from what I can read in the manual, and from my past experience running the old server, I am wondering whether ISPConfig (3.1.13 at this time) can operate on a different httpd installation than the default one. In particular, default httpd has its configuration in /etc/httpd/conf/httpd.conf whereas httpd24-httpd adds a prefix to all standard relevant paths, for instance /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf, even though the rest seems identical (for instance, I can still run apachectl status and it'll report the status of the non-default Apache, i.e. the one from SCL).

    Is it possible to use a non-default installation of httpd with ISPConfig?
    If someone has tried this or has an answer, please, share it. Thank you!
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My guess is ISPConfig needs the exact versions of applications that come with CentOS 7.
    What reason do you have not to use those? Except that newer versions exist somewhere.
     
  3. Voodoo Priest

    Voodoo Priest New Member

    The reason is exactly that: newer versions exist, with security changes or features that make their way into "official" repos with a delay that is too long in my eyes. My concern is strictly security: in a world in which a newly created VPS sees 10+ failed login attempts within 2 minutes of being created, I would like to not take chances with security. It's only that.

    I will do a test in a VM and report back here.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Linux distributions address security issues by patching the programs without increasing the version number. CentOS is a bit special in this regard indeed as its software is very very old as their release cycle is so long, but they patch security issues in their versions too. If you want to have a stable system with good security patch support, better use the Distributions which are recommended for ISPConfig: Debian and Ubuntu.

    Using third-party packages for security reasons makes not much sense in my opinion and is not nescessary for security. That you see failed login attempts immediately on a server that is connected to the internet is normal as well.

    So if you want to more recent packages, don't use CentOS, use e.g. Ubuntu LTS.
     
    ahrasis likes this.
  5. Voodoo Priest

    Voodoo Priest New Member

    Thank you for your input. I've reverted a couple of days ago to using the default httpd package, and removed SCL altogether.

    Indeed CentOS is not the right distribution. Unfortunately, my Ansible description is complete and I need to move on for now. The next time I migrate this server, I will choose a better-suited distributions.

    Also, for people who are where I stood a few days ago, I came across a reference about security (search for "Security Backporting Practice" on access.redhat.com – I'm not allowed to post links).
     
    till likes this.

Share This Page