v15.0 Stable Release #1 - 47 ISOs including Core, LAMP and WordPress

UPDATE: Stage 2 includes OVA/VM, OpenStack and Xen. Docker and Proxmox/LXC builds published too. More to come soon!

I am overjoyed to announce stage 1 of the TurnKey v15.0 stable release is now available.

turnkey 15.0 banner

Stage 1 of the TurnKey GNU/Linux v15.0 stable release is finally available for public consumption! Stage 1 includes nearly half the library (47 appliances to be precise), albeit only in ISO format so far. We are busily preparing updated Hub builds, as well as Amazon MarketPlace builds which I hope to announce very soon too. All the other build types (i.e. VM/OVA, OpenStack, Proxmox/LXC, Xen & Docker) will follow soon after.

The relevant v15.0 ISOs are all available for download via the "v15.0" links on their respective appliance pages. Updated appliances for this stage include Core LAMP, WordPress, Joomla3, Drupal 7, Drupal 8 [unpublished due to security issue], and more. v15.0 changes worthy of particular note include a new Debian base OS, inclusion of PHP7, MariaDB replaces MySQL, a new Webmin theme, Reproducible Packages and Website upgrades (work in progress), as well as many other tweaks, improvements and upgrades.

Read on for details. Alternatively, jump straight to the list of upgraded appliances to jump straight in! :)

v15.0 Highlights

Based on Debian 9/Stretch

As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages.

PHP 7.0

Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog.

MySQL replaced with MariaDB

Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance!

Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page.

It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set!

But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now.

New Webmin Theme

When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional.

So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details.

We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too.

Reproducible Packages

For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler).

Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case).

For further background reading on Reproducible Builds, please see reproducible-builds.org.

Website upgrade (work in progress)

As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components.

Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available.

Plus much more

As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above):

  • Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS
  • Updates for Confconsole; Let's Encrypt module
  • Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above)
  • Webshell - now using Debian's package (rather than our own fork)
  • SystemD now default init system on all builds (SysvInit was still used on some v14.x builds)
  • Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening)
  • Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start!

Please browse the Core changelog for an overview of all library wide changes for v15.0.

In the meantime, if you'd like to know more about anything that I've noted or hinted above, or you notice something that I haven't even mentioned, please feel free to post below in the comments, or open a new thread in the forums. Same goes if you have any problems or difficulties.

The v15.0 stage 1 appliance ISOs

B2evolution
b2evolution appliance icon
CakePHP
cakephp appliance icon
CodeIgniter
codeigniter appliance icon
Collabtive
collabtive appliance icon
Concrete5
concrete5 appliance icon
Core
core appliance icon
Drupal7
drupal7 appliance icon
Drupal8
[unpublished due to security issue] drupal8 appliance icon
e107
e107 appliance icon
EspoCRM
espocrm appliance icon
Foswiki
foswiki appliance icon
Gallery
gallery appliance icon
GNUsocial
gnusocial appliance icon
Joomla3
joomla3 appliance icon
LAMPStack
lamp appliance icon
LAPPStack
lapp appliance icon
LighttpdPHPFastCGIServer
lighttpd-php-fastcgi appliance icon
LimeSurvey
limesurvey appliance icon
Magento
magento appliance icon
Mahara
mahara appliance icon
Mambo
mambo appliance icon
Mantis
mantis appliance icon
MediaWiki
mediawiki appliance icon
Mibew
mibew appliance icon
Mumble
mumble appliance icon
MySQL
mysql appliance icon
Nextcloud
nextcloud appliance icon
NginxPHPFastCGIServer
nginx-php-fastcgi appliance icon
Observium
observium appliance icon
Omeka
omeka appliance icon
OpenLDAP
openldap appliance icon
ownCloud
owncloud appliance icon
phpList
phplist appliance icon
PostgreSQL
postgresql appliance icon
Prestashop
prestashop appliance icon
ProcessMaker
processmaker appliance icon
Redmine
redmine appliance icon
Revision-control
revision-control appliance icon
Roundup
roundup appliance icon
SilverStripe
silverstripe appliance icon
SiT!SupportIncidentTracker
sitracker appliance icon
TKLDev
tkldev appliance icon
Trac
trac appliance icon
WordPress
wordpress appliance icon
XOOPS
xoops appliance icon
ZenCart
zencart appliance icon
Zurmo
zurmo appliance icon

Let us know what you think

As per always, we welcome user feedback; back-slapping and constructive criticism alike! So spin them up, give them a go and let us know what you think. Comment below, open a new thread in the forums, or open a new feature request or bug report on our issue tracker (requires free GitHub user account).

I hope to hear from you soon! :)

Comments

OnePressTech's picture

Nice work guys. Lots of timely enhancements.

Can't wait for the AWS marketplace AMI upgrade :-)

Any new roadmap for TKLX-Kubernetes or TKLX-Containers or whatever you are planning on calling it?

Cheers,

Tim (Managing Director - OnePressTech)

Jeremy Davis's picture

Apologies that this release is so far behind schedule... We're finally getting there though!

I hope to have the AWS builds up ASAP. I'll likely need to do that in batches of ~10-20 (otherwise they get a bit overwhelmed) so any specific requests on what you'd like to see prioritised?

At this point I was planning on definitely including Core, LAMP and WordPress (our most popular appliances), but I'd welcome any specific requests that you (or anybody else) has on ones to prioritise for the first batch.

I'm not sure when the first batch will be up, but hopefully within the next week or 2 (it's essentially in their hands). Please be aware that there is a chance that their scanner may pick up something it doesn't like. That would delay things a little more as we'd have to work around that. I'll make an effort to keep you updated on that though.

Re TKLX, unfortunately the development of that has again been pushed back, AGAIN :(

A while ago, we made a start in partnership with another organisation. But they ended up changing direction and unfortunately and we parted ways. We also (temporarily) lost the developer (Anton) who was working on it. So under those circumstance, we had to re-prioritise.

I'm still super keen to push forward with it. And Anton is now back with us. Once v15.0 is finalised, I'm hoping that I can get it back on track. See how we go...

OnePressTech's picture

I build GitLab using their omnibus installer running on Core, I build WordPress multisite on LAMP, and I build WordPress on LAMP or using the TKLX WordPress AMI depending on my mood.

Sorry to hear about the container delay. Too many things to do...too little time...always the way :-)

Cheers,

Tim (Managing Director - OnePressTech)

Jeremy Davis's picture

Sounds like I had you covered already! :)

Too true on the "Too many things to do...too little time..."! And everything seems to take way longer than it should. I'm still not sure where the last 6 mths have gone TBH!

Anyway, hopefully we can get the TKLX/Docker stuff back on track soon. Getting the base container ported to Debian Stretch would be a solid start.

Mehdi Bennani's picture

Agree with Tim. I have now OpenVPN, WordPress and Moodle running on AWS and they are great, great job guys on your builds they are the best! Please prioritize Moodle on AWS since the new version requires php7 and it has really nice features. Thanks in advance and good luck going forward with your plans!
Jeremy Davis's picture

We really appreciate the feedback.

Unfortunately Moodle didn't make it into this first batch of appliances, but I will certainly try to ensure that it makes into the next batch. There is an outstanding bug regarding our current install via moosh (a Moodle shell tool).

I haven't yet had a chance to look into it yet and see whether there is something we're doing wrong or a bug in moosh or Moodle. So at this point, I'm totally unclear on what might be required to resolve that. Hopefully it can be fixed fairly easily.

Jeremy Davis's picture

The outstanding bug against Moodle has been resolved. So it will definitely make it into the next round of ISOs published. I'm not 100% sure when they'll be published, but soon hopefully.

Pages

Add new comment