[CentOS] Apache/PHP Installation - opinions

Wed Apr 27 07:41:53 UTC 2016
Alice Wonder <alice at domblogger.net>

On 04/27/2016 12:30 AM, James Hogarth wrote:
*snip*
>
> Unless you have a very specific requirement for a very bleeding edge
> feature it's fundamentally a terrible idea to move away from the
> distribution packages in something as exposed as a webserver ...

I use to believe that.

However I no longer.

First of all, advancements in TLS happen too quickly.

The RHEL philosophy of keeping API stability for as long as the release 
is supported means you end up running old protocols and old cipher 
suites and don't have the new protocols and cipher suites available.

That's a problem.

With respect to Apache and PHP -

There is a lot of benefit to HTTP/2 but you can't get that with the 
stock Apache in RHEL / CentOS 7. You just can't.

The PHP in stock RHEL / CentOS is so old that web application developers 
largely are not even using it anymore, resulting in some web 
applications that just simply don't work unless you update the PHP to 
something more modern.

It's a nice idealistic philosophy to want to keep the same versions and 
backport security fixes and keep everything API compatible but in real 
world practice, it makes your server stale.