BlueOnyx 5211R Released

Posted by: mstauber Category: General

The first release candidate of BlueOnyx 5211R for Enterprise Linux 9.1 has been released today.


After a 12 month development ordeal (starting on RHEL9 Beta!) BlueOnyx 5211R for EL9 (RHEL9, AlmaLinux 9, Rocky Linux 9) we finally have a release candidate ready to present. We don't have an ISO image yet (will follow in the next few days), but we do have VMDK and VDI images as well as a procedure for a manual install of BlueOnyx 5211R onto an existing (minimal) install of RHEL9, AlmaLinux 9 or Rocky Linux 9.

Differences between 5211R and its predecessor 5210R:

Let us start with some changes on the OS level: EL9 now ships with PHP-8.0.20 and "upstream" (RedHat) decided that this release was a good time to finally deprecate the PHP DSO module from their build. After all: Apache cannot use the faster HTTP/2 protocol if PHP is loaded as DSO module. We debated a bit back and forth if we should ignore this, make DSO or HTTP/2 mode electable and provide our own PHP DSO. In the end we bowed to the wisdom of the decision to deprecate PHP as DSO. The only benefit would have been the continued usage of DSO + mod_ruid2. But: Even mod_ruid2 is on its way out and can be considered as good as dead as far as the further development of it goes.

So this leaves us with HTTP/2 for Apache out of the box for BlueOnyx 5211R and we no longer need to use Nginx as HTTP/2 proxy. You still can, but there is no real reason to do so anymore. On the PHP side BlueOnyx 5211R can run Vsites now with suPHP or PHP-FPM (which is the new default).

The days when our PHP-FPM implementation had issues with .htaccess files are long gone, so PHP-FPM is the best choice anyway.

Under the hood EL9 behaves much the same as EL8 and there aren't really any new tricks to learn. While EL9 is newer than EL8, it doesn't blow us out of the water as far as OS related improvements go. Daemons and libraries are newer, OpenSSL 3.0 is now used for SSL, Python 2 had been deprecated and removed for good, but that's mostly it.

The new BlueOnyx 5211R GUI

It looks the same as before, right? Yeah, but under the hood it's all new. That alone was a three months round the clock (weekends included) coding effort.

The new BlueOnyx GUI uses the latest CodeIgniter 4.2.10, brings its own PHP-8.1.12 aboard (installed in /home/solarspeed/admserv-php-8.1/) and AdmServ (now with HTTP/2) uses a separate AdmServ-PHP-FPM daemon to run the new PHP just for the GUI.

This unshackles the OS provided PHP from the GUI and you can do with that whatever you want. It may break your Vsites PHP implementation if you upgrade PHP yourself, but the GUI will still work as it now brings its own.

The new CodeIgniter 4 that we use made it necessary that all GUI pages were rewritten entirely to match the new format. This allowed us to do a thorough cleanup job and re-think how we did certain things before. The new GUI is leaner and meaner, has less baggage, a CCEd cache for speeding up certain very often used transactions and re-uses and combines function calls into a so called "BaseController" that is used by all GUI pages.

The end result is a 2-3x speed improvement of the GUI.

While the GUI still looks the same as far as optics go, here are some notable differences. Some of it has already been mentioned:

  • GUI uses separate PHP-8.1 instance unrelated to OS PHP
  • Vsite PHP options are now suPHP and PHP-FPM
  • Net2FTP and its GUI integration has been deprecated
  • Mailman functionality has been removed until a suitable EL9 Mailman RPM surfaces
  • /root/ now requires you to set the server name as this is required for the new GUI.
  • GUI now has a brute force login prevention mechanism.
  • GUI now ONLY works via HTTPS (HTTP directly redirects to HTTPS).
  • GUI CSRF protection is enabled by default.
  • API and WHMCS module are fully working.
  • Easy-Migrate for migrations to and from BlueOnyx 5211R is provided.
  • Postfix is now the default MTA, although Sendmail can still be selected in the GUI.
  • NTPd has been replaced with Chronyd.

If you know BlueOnyx 5210R, then you should feel right at home in BlueOnyx 5211R as well and we hope that you like the speed improvements of the GUI.

What's next?

Although BlueOnyx 5211R is now officially released, our plate is still full and these are the things that we need to tackle in the next 2-3 weeks:

  • Bugfixes (there may be some - there always are on a new release)
  • Rolling up of an AlmaLinux 9.1 ISO image of BlueOnyx 5211R
  • Porting existing BlueOnyx Shop PKGs over to BlueOnyx 5211R (AV-SPAM, PHP, Firewalld GUI, WebApps, Fail2ban and so on)
  • We will try to release some older PHP versions for BlueOnyx 5211R as well for downward compatibility

That should keep us busy until Christmas 2022. However, the new GUI had us thinking a little "What if?" - What if we port this back to BlueOnyx 5210R as well? The speed improvements are so dramatic that it's almost a crime that the older BlueOnyx 5210R should continue to drag an anchor until its EOL many, many years down the road. If we release (more or less) the same GUI for 5210R as well, then it would also make code maintenance a LOT easier for us. Both BlueOnyx 5210R and 5211R then would share 38 identical modules and only a dozen would need to be maintained separately due to OS related differences. We haven't yet decided if we do this, but it's likely.

So stay tuned and if you can: Give BlueOnyx 5211R a try and let us know what you think!

Nov 21, 2022 Category: General Posted by: mstauber
Previous page: Development Next page: Mailing List