Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

zelaza's avatar

Best practice for updating Forge servers?

Hi. I have several Laravel apps running on Forge servers. I'm a coder, not a sys admin.

I understand Forge takes care of security updates for me, but not "other" package updates. When I ssh into my servers I see:

109 packages can be updated.
0 updates are security updates.

What is the best practice for updating/upgrading all those other packages? Should I / can I just upgrade them all the time? If I do so is it possible that will break my apps? What are the best apt-get commands to do the updates/upgrades?

Thanks/

0 likes
3 replies
richard@gorbutt.com's avatar

No doubt many answers but here's what I do.

I have a staging/dev server that is identical in OS and setup to a Production server. (I use it to test updates to my app though). I will do the package updates on that box and test, then if all well (and truth is it has never failed on me yet!!) then a few days later I upgrade the prod box.

sudo apt-get update will update the list of repos etc. sudo apt-get upgrade will perform the updates etc.

It will/can affect your app etc.

The only issue I have with Ubuntu on forge is the constant requirement to restart for the security updates whereas my non-Forge AWS flavor linux hasn't needed a restart since I've had it!

1 like
zelaza's avatar

Thanks, Gorby. I have the same setup - Dev and Production servers. So I think I'll follow your advice - upgrade the Dev server, test it, if all looks good then upgrade the Production server...

2 likes
rverrips's avatar

Hi

This is an old post, but as I googled into it pretty easily I trust others may too so hoping this is at least a bit helpful.

One can view details of the updates (packages) that are available by running: apt --list upgradable You should see in that list that the upgrades are all "patch" upgrades, e.g mysql-server/unknown 8.0.15-1ubuntu18.04 amd64 [upgradable from: 8.0.13-1ubuntu18.04]

The forge servers are deployed with an LTS release of ubuntu which specifically is aimed at stability of the packages etc. so you should be pretty safe in applying those updates, however you are just as safe not applying them if everything is functioning as is. (security patches though, as you noted, will be applied regardless)

**Compared to Laravel/php **

apt upgrade == composer update, but with your composer.json versions are set to something like "5.8.*"

If you hardcode your composer.json to a versions (say 5.8.19) and not (5.8.*) then NOT running apt upgrade would suite your workflow best.

As you asked, my personal Practice (call it "best" if you want) is to leave the server packages as they are initially deployed, and then simply deploy new servers to prod when we upgrade a major server component (MySql 5 to 8, or PHP 7.2 to 7.3, etc.) and switch over to those as part of the change management process.

5 likes

Please or to participate in this conversation.