I would love to have the latest security updates for the web server, but don't want to complicate business maintenance in the future. Is it ok to use a backport or ppa repo with ISPConfig or should I stick with the defaults? -John
You get security updates from Ubuntu main repo, so I would stick with it and I do use the main repo on all of my nginx systems.
If you mean security "features" rather than just bugfixes, I'd recommend working to contribute those to the ISPConfig project so you and everyone else benefit. There are numerous security features which have not been implemented even in the current versions.
I will suggest to use main ubuntu repo and ppa that are backed by ubuntu or its main developers. For nginx, apache2 and php it is safe to use ondrej sury ppa (this have hiccups sometimes). For website, you may use latest softwares directly like phpmyadmin (latest debian tutorial covers this). Others like mariadb, it is better to use ubuntu repo. I am not sure about mail server softwares (I am using relay anyway) so ubuntu repo would be my best bet. For ISPConfig, just use follow the announcement in here and upgrade to latest version whenever there is one.
