Re: Web server with PHP setup & mod-ssl
On 2004-01-29, Danny O'Brien penned:
> --Apple-Mail-1-451834990 Content-Transfer-Encoding: 7bit Content-Type:
> text/plain; charset=US-ASCII; format=flowed
> I'm rebuilding a web server with a home-grown PHP site that allows
> users to log in securely, to view, upload, and download files. This is
> my first real foray into Debian.
> Here's the spec:
> Kernel2.4.18-bf2.4 Apache1.3.26-0woo openssl0.9.6c-2.wo
> postgres7.2.1-2wood php4.1.2-6wood
> My questions:
> - does "apt-get upgrade" always provide the most secure versions? The
> reason I ask is:
> - Apache 1.3.26 seems ancient -- is this an OK version to run? I have
> executed apt-get upgrade, and apt.conf is set for "stable."
> - also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient.
> - My previous build ran mod-ssl. However, there is no mod-ssl package
> in Debian. Has anyone installed mod-ssl under Debian, or is there a
> better program for this function?
First of all, I think you need to learn about debian versions. At any
given time, there will be three debian distributions: stable, testing,
and unstable. It sounds like you're running stable.
Please read this link carefully:
For production servers, most people would strongly encourage you to run
stable, as it's been beaten on the most and hence has the fewest bugs.
It *does* contain older versions of packages than do testing or
unstable; however, the debian developers do apply security patches to
these packages, so my understanding is that these older packages,
through debian, should be as secure as anything you're likely to find --
but they may not be as featureful.
As you learn more about debian, you might look into pinning, backports,
and other fun games.