Carlow's picture

Hello All,


First post here and new the Linux world.


I am running WordPress with PHP5.6, can anyone please tell me how to upgrade to PHP7.0 ?



Jeremy Davis's picture

Our next version of TurnKey is running way behind schedule, but we've been super busy behind the scenes working on it... That will ship with PHP7.0. Once we've released it, then you''ll be able to use TKLBAM to migrate your data to the new release.

As under the hood, TurnKey is Debian, you could do a dist-upgrade to the current Debian stable (aka Stretch/9). And as I say, that has PHP7.0. Although currently we don't have any Stretch packages published in our repo, so it's likely that something will break during that process.

Another option is to install PHP7.0 from a third party repo. That may have security implications though (depending where you install from). And I imagine you will lose the PHP auto security updates, so you'd need to manually keep an eye out for updates and manually install them when they come out (and hope WordPress is compatible with them).

So unless you have a really good reason (i.e. something is actually broken on PHP5.6, or something explicitly needs PHP7.0) then I recommend you wait.

Stuart Grifenhagen's picture

any ideas on when the next version with php 7.x will be released?




When all is said and done, more will be said, than done!

Jeremy Davis's picture

Sorry if that sounds vague and perhaps a little rude. I don't mean it to come across that way. It's just that there are so many moving parts and things never seem to go according to plan, so it's really hard to estimate. And as we always seem to underestimate the remaining work, providing a concrete date is highly likely to produce disappointment.

If I'd given my best guess in September last year, I would have said by the end of last year, but we're clearly not there yet...

My desire would be yesterday (or actually, last year)! We still have a few core issues we need to resolve which are blocking release. At this point I'm pretty sure we should have them resolved by the end of the week (fingers crossed).

So I'm hopeful that we may have our base appliance (Core) released as an RC (release candidate) late next week. I.e. it should be a fully working v15.0 ISO of Core, but requiring some more testing prior to a "final"/"stable" release.

Once we release that, I'll post on the blog about it, and the more people who assist us with testing, the sooner we'll be able to release a stable version. All the other appliances will be released after that, as soon as they are ready. At this point, it's likely that most (if not all) of the library will be ready for release as soon as stable Core is complete.

Marc Seelinger's picture

My woo commerce install is really pushing me to PHP 7.  Any updates as to the progress of being able to use PHP 7 with TurnKey?
Jeremy Davis's picture

So we're still at least a few weeks away from our updated release.

In the meantime, I can give you a hint on how you could upgrade to PHP7.0 (or 7.1/7.2 if you'd prefer).

As previously noted, for our next major release, PHP7.0 will be the default. But a number of our existing library of appliances are still not compatible with PHP7.0+. So we've needed to investigate how we can support PHP5.6 for those particular appliances.

As it turns out, one of the Debian (and Ubuntu) Developers is one of the lead PHP and Apache packagers. Ondřej Surý also packages various versions of PHP built for Debian (and Ubuntu - but that doesn't concern us) in his own third party repo. The packages included 5.6 for Debian Stretch (which we'll use for the v15.0 appliances that require it). It also packages 7.0/7.1/7.2 for Debian Jessie (the basis of TurnKey v14.x).

To enable PHP7.0 on your current v14.x server, these instructions should do the trick (please note that for AWS Marketplace servers, all these commands will need to be prefaced by sudo):

apt-get update
apt-get install -f apt-transport-https lsb-release ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg
echo "deb jessie main" > /etc/apt/sources.list.d/php.list
apt update
apt install php7.0
Assuming that all goes smoothly, you should now be running PHP7.1. To check:
php -v
If the package update doesn't automatically take care of it, you may also need to restart Apache to ensure that it too is using the new PHP version:
service apache2 restart

Please note, that while we believe Ondřej to be highly trustworthy and have done some of our own vetting (prior to considering including his PHP5.6 in our v15.0 builds), be aware that this is a third party repo. It therefore doesn't have the same level of oversight by others that the default Debian repos do.

It also doesn't provide security updates in the same way that Debian does. Ondřej has assured us that he will continue to provide "best effort" support and timely updates (inc security patches) as long as he can. But he will be stopping support for PHP versions once upstream (i.e. PHP developers) end their support. So in the not too distant future, PHP7.0 may well be removed. When that happens, you'd be advised to migrate your data to a new v15.0 appliance (which will include PHP7.0). Then you can get back the auto security updates that Debian provide (via our default settings). You will likely need to remove some of the config you added above, but I'm happy to assist you with that when you get to that point.

Another alternative, would be to update to a newer PHP version (e.g. 7.1) and remove 7.0.

Either way, it's also worth noting, that once you enable Ondřej's repo, that you will no longer get automatic PHP security updates. You will need to regularly manually check for updates and install them as need be.

Hope that helps and please keep an eye on our blog for upcoming v15.0 release announcements.

Marc Seelinger's picture

The steps you outlined above worked like a charm!  Thank you very much!
Marc Seelinger's picture

Could you point me in the direction as to how to check for the php updates and install them?  I will upgrade to v15 as soon as it is ready, but in the meantime I need manually maintain the site.
Jeremy Davis's picture

There isn't actually a super simple way to just update particular packages. But as a general rule, if you run:
apt-get update
apt-get upgrade
You should be good. However, please note that that will install all updates, including those from Debian. As a general rule, that should be fine.

Having said that, personally, I prefer not to do any updates on a production server, except of course security updates. So to facilitate that, I suggest creating yourself a script to make it easy. This should do the job:

cat > /usr/local/bin/update-php <<"EOF"
#!/bin/bash -e

# options to ensure that only the specific source file is used
opts="-o Dir::Etc::sourcelist=$src_file -o Dir::Etc::sourceparts='-'"

# don't do heuristic list cleanup
update_opts="${opts} -o APT::Get::List-Cleanup='0'" 

# show packages to be upgraded
upgrade_opts="-o APT::Get::Show-Upgraded=true ${opts}"

apt-get update $update_opts
apt-get upgrade $upgrade_opts
chmod +x /usr/local/bin/update-php

Now you should be able to simply run 'update-php' from the commandline and it should only install updates from the PHP third party repo. I haven't extensively tested it, but hopefully I haven't made any mistakes.

If you want to double check after running, you could try the following and look for php package updates.

apt-get update
apt-get -u upgrade --assume-no | grep php
That should show you a list of packages which would be upgraded if you ran 'apt-get upgrade', highlighting any PHP ones in red (only the letters php will be red). If you get nothing returned, you should be good. If you see any php packages listed there at any point, please let me know.

You could automate that running the script if you wanted, but personally I'd rather run the updates manually unless I really trust the source. That way if there are any issues, I can resolve them then and there. I have no reason to believe that Ondrej's packages will cause any issues, but I'm inclined to suggest caution. Which incidentally is why we only automatically install security updates by default.

Add new comment