Professor's picture

Hello guys,,

I just switched to Proxmox and noticed all the Turnkey Linux Appliances templates for LXC.

Does anyone use these? What are your experiences with them?

I had a quick look at some on the Turnkey site and a lot of them seemed to include unnecessary stuff (e.g. web admin consoles for samba) and were running quite old packages in some cases.

Are there any particularly useful or widely used ones in there? Seems like they could be useful for getting g a quick local demo of something before setting it up from scratch (e.g. the observium one piqued my interest.)


Jeremy Davis's picture

I'm one of the core devs, so obviously my opinion is biased! But I'll try to give you my perspective and hopefully some insight.

Yes there are lots of users! We provide builds for a range of platforms (Proxmox is just one, we also build for OpenStack and Xen, among others) and we have many hosting partners (including Amazon) where many users are running TurnKey servers in production. A few of the more popular appliances are WordPress, Observium, LAMP, OpenVPN and Fileserver. Core (our "base" appliance), Redmine, Domain Controller, OpenLDAP and Nextcloud are also quite popular.

Whilst most of our users aren't DevOps specialists, the appliances are intended to be useful for both Linux server newbs (ready to use as is) and seasoned developers (more as a "good starting point" rather than the be all and end all). Having said that most developers tend to have their own development platform of choice, so most TurnKey users tend to be DIYers that want to save themselves some time (and/or money) - hence why we do give some priority to making it easier for less advanced users to get started. Probably the next largest volume of TurnKey users are independent IT consultants and SMB IT managers who manage multiple servers, sometimes for multiple end customers.

You are correct that our appliances include some additional default software that others don't. E.g. Webmin and Webshell (aka Shellinabox) are included in all servers, WebDAV (webUI access to samba shares) in the Fileserver appliance, etc. As noted above, that's often to make life easier for new users. OTOH, the additional software uses few resources and can be disabled, or completely removed with ease. Webmin and Webshell for example, are both removalable via apt (they are both behind stunnel, hence why I note removal of that too), e.g.:

apt purge webmin shellinabox stunnel4

One of the most popular "additional software" features we include is our own backup tool, known as TKLBAM (TurnKey Backup And Migration). By default it (encrypts and) uploads backup data to AWS S3 storage and can facilitate migrating data from a local VM to a remote webserver and/or back again. Many of our users use that functionality to run a local "Dev" (development) server (generally a VM) and a remote "Prod" (production) server online.

Regarding package age, I am guessing that perhaps you aren't super familiar with Linux "stable" distros such as Debian or Red Hat? FWIW TurnKey is based on Debian. Debian has a reputation of being rock solid stable, but as a consequence (with some minor exceptions), all versions are "frozen" at release (i.e new versions are rarely, if ever included in the stable release). This means that all the software has been tested in context of all the other software and things generally "just work". Security updates and bugfixes are carefully backported for the version which was included at release time (so that issues are fixed with the least possible changes). It doesn't make TurnKey completely bug free, but it does mean that we can afford to auto install security updates nightly. As you've possibly guessed, the downside of that degree of stability is that until a new release comes out, the software is "stuck" at a particular version.

Many of the appliances have software that is installed from upstream (i.e. not packaged - generally because Debian don't provide packages) so that tends to be newer versions. In those case, the software is generally updated at build time. Some get rebuilt more often than others so sometimes the software is not completely up to date with upstream, however even then, you should be able to follow upstream's advice to update to their latest version. We aim to rebuild appliances that include upstream security issues ASAP.

All the build code for our appliances is on GitHub if you wish to understand exactly what is included and/or how. I'm also very happy to answer any questions and address and concerns you may have. So please feel free to ask away re any other things you'd like to know abut TurnKey! :)

Add new comment