Up until now, you have focused on building your server. But once a server is running, you need to maintain it. One of the best parts about this setup is that you can update your website or fix a database bug without having to reboot image mode for Red Hat Enterprise Linux—your server can check for new versions of your application on its own.

Prerequisites:

• A bootable virtual machine (VM).

In this lesson, you will:

• Turn on automatic updates.
• Check the schedule.
• Change the update time.

Manage and update your application

Update your website or fix a database bug without having to reboot image mode for Red Hat Enterprise Linux.

Step 1: Turn on automatic updates

Your server comes with a tool to check for updates, but it is turned off at first. You need to turn on a timer that tells the system to look for new versions. Run this command inside your server:

sudo systemctl enable --now podman-auto-update.timer

Step 2: Check the schedule

Now that the timer is on, you can see when the next update check will happen. Run this to see the schedule:

systemctl list-timers podman-auto-update.timer

Step 3:  Change the update time

You might want the server to update only at a specific time, like late at night when no one is using your website. You can create a rule to change the schedule.

First, make a folder to hold your new rule:

sudo mkdir -p /etc/systemd/system/podman-auto-update.timer.d/

Next, create a file named override.conf in that folder and paste these lines inside. This example tells the server to check for updates every Sunday at 3:00 AM:

[Timer]
OnCalendar=
OnCalendar=Sun *-*-* 03:00:00

Finally, tell the system to read your new rule:

 sudo systemctl daemon-reload

Step 4. Update manually any time

If you don't want to wait for the timer and want to instantly update, you can trigger a check yourself:

sudo podman auto-update

The system will check for new versions. If it finds one, it will download the changes and restart only the specific part of your application that changed. Everything else on your server will keep running.

This setup keeps your server protected and up-to-date. You get the latest security fixes without having to manually download files or turn the server off and on again. It lets you focus on building your application while the system handles the maintenance.

Learning path summary

Congratulations!  You have moved an application from a simple local script to a fully hardened, bootable Red Hat Enterprise Linux 10 server. Because you used Red Hat Hardened Images, your application starts with a verified foundation and far fewer security alerts to worry about.

This learning path introduced a workflow that focuses on a hardened security posture.  You used Red Hat Hardened Images to create your application, then packaged those containers into an immutable bootable container using image mode for Red Hat Enterprise Linux .

Hardened Images let you spend your time writing code, not chasing down alerts for parts of the operating system (OS) you aren't even using. They are stripped of "extra junk," so there are fewer parts that can break or be attacked, and they have reduced alerts from security scanners—if a file isn't in your container, a scanner can't flag it. This helps you focus on your code rather than managing potential vulnerabilities.

To turn this prototype into a functional production application, consider adding routes, logic, and APIs to your application. PHP: The Right Way is a community-driven resource that provides a quick reference for PHP coding standards and authoritative tutorials. 

Ready to build more?

Find the full list of trusted, minimal images—from Python and Node.js to Java and various databases—at the Red Hat Hardened Images catalog. 

• Learn more and get updates about Red Hat Hardened Images.
• Build a Python Flask application with Red Hat Hardened Images.
• Build and run a bootable container image with image mode for RHEL and Podman Desktop.