Hi! Thank you for your fork of VestaCP!
Is is possible to make Hestia installation without adding any external repositories? I see no reason why to force the Ondrej PHP PPA repository (and others) to be installed. In terms of server security and stability, this is a big minus.
For example, Ondrej PHP PPA repository can raise current version of the PHP during an upgrade without any notice, and this will lead to the inoperability of sites.
Also, if custom PHP modules are used, changing the version will cause the server to fail.
Thanks for your post and welcome to the forum!
You can adjust the installer and remove the part, that adds the ondrej repository. I can understand your conserns about stability, because Ondrej ships new versions verry fast - but this does not happen automatically, it is still your decission when you want to install the upgrades. But if you remove the repository, you will not be able to use the multiphp feature.
The only thing what I can’t understand is the security part, Ondrej PHP PPA is stable and the most secure php ppa, that is available for Debian/Ubuntu. Maybe you can explain here your concerns.
Thank you! I will try to remove the repository from the installation script. Is it possible to make external repository installation only when the multi-PHP option is enabled?
On the issue of stability and security. If you install “php-fpm” package (and php modules to it) it points to php7.2-fpm and php7.2 will be installed. But if you enable Ondrej PHP PPA, it will change default php-fpm point to 7.3 and other version in the future. This will happen without any notice while system update.
As a result you will get new php as default interpreter in the system and lose all your custom php-modules, settings, etc. I had this problem on many servers. I wrote to Ondrej and got answer that he posted notice about default php version change on his site. But who read that?
HOW TO DISABLE ONDREJ PHP PPA
DURING THE INSTALLATION ON UBUNTU 18.04
Download installation script
Comment this line:
#LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php > /dev/null 2>&1
Use installation generator script. Change
sudo bash hst-install.sh to
sudo bash hst-install-ubuntu.sh