1

I'm trying to setup a OwnCloud Server v9 for my freelancing purpose.

SPECS: - CentOS 7 - nginx - php

I'm a little bit confused. I can find only the info about the PHP Version 5.5 in the ownCloud 9.0 Server Administration Manual. It states following: However, it is highly recommended to upgrade to PHP 5.5+ for best security and performance.

https://doc.owncloud.org/server/9.0/admin_manual/installation/php_55_installation.html

But this seems outdated to me. The current state (April 2016) is:

php 5.5, Active Support Until, 10 Jul 2015, Security Support Until, 10 Jul 2016

php 5.6, Active Support Until, 31 Dec 2016, Security Support Until, 31 Dec 2018

http://php.net/supported-versions.php

PHP: CentOS 7 comes with php 5.4.16-36.el7_1 via yum. This seems dangerous to me regarding security, leaks, etc. because it's outdated.

1) Is it better to use the php-5.6.20.tar.bz2 from php.net/downloads.php#v5.6.20

2) Will it update itself for new security-fixes via „yum update“

nginx: CentOS 7 comes with nginx 1.6.3-8.el7 via yum. Is it safe to install 1.6.x regarding security, leaks, etc. On the official Website I've found stable version nginx-1.8.1

nginx.org/en/download.html

3) Which nginx-version should I choose?

Thank you for your help, regards Hendrik

Improve this question
2
  • 1) A newer (supported) PHP version may be the better choice, but when you don't use PHP version from the distro's repository, you'll have to deal with (security) updates yourself. 2) No. "yum update" only updates packages installed from the enabled repositories. You have to make a choice between trusting your distro or running a linux-from-scratch (and anything inbetween). 3) See answer #2. Personally, I'd go with the distro's choice and whatever they consider to be the best version of PHP/Nginx/libc/etc...
    – ckujau
    Commented Apr 7, 2016 at 3:18
  • ok. I think I will use the packages installed from the repositories. Thank you
    – Hendrik
    Commented Apr 11, 2016 at 14:04

2 Answers 2

Reset to default
2

One of the important responsibilities of the distro maintainers is to pay attention to security issues for the software they package. With a distro like CentOS, when a vulnerability becomes known, the maintainers will either package an updated version of the software or backport a patch into the supported version. Thus, you'll end up with a vulnerability that affects PHP 5.5 but not PHP 5.5-centos.

This is one of the major reasons you shouldn't download and install PHP from php.net, as then you are responsible for keeping up to date with any security issues, rather than the CentOS security team. It can also be painful to get running correctly as a drop-in replacement.

In short, you should be ok with installing the latest version of software that's available in your distro's repositories for a version of the distro that is still supported (CentOS 7 is supported until 2024).

Improve this answer
1

I'm also running Next Cloud latest version on a CentOS 7 box with Nginx, PHP-FPM & PHP 7.0 version. Next Cloud current release is support PHP 7.0 so I'm happy to run it in the latest version. As per the ownCloud documentation OC is also support the latest version of PHP.

When it comes to data it's good to have everything up to date. I'm suggesting you to do the followings as basic.

Use CentOS 7.x, Nginx, PHP-FPM, PHP 7.x latest version.

Always use package manager to install packages. When you are installing something always use package manager because this will help you to keep up to date.

If you are going to install PHP 7.x version I'm suggesting you to use remi repo.

https://blog.remirepo.net/post/2016/12/05/Install-PHP-7.1-on-CentOS-RHEL-or-Fedora

For keep up to date with latest Nginx you can use Nginx official repo.

http://nginx.org/en/linux_packages.html

Just add new repo for Nginx as per the guide & you can use this repo to install & update nginx.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .