Ainsofs Blog: Technology insights from the Pacific Islands

  I had a chance to check out the Talking Drupal: Drupal security podcast. These were my key takeaways. Top 3 tips Its stuff we already know about but don't do. Lets educate and remind ourselves and others. Do not write down passwords (especially on sticky notes). Use a Password Manager e.g. LastPass , Bitwarden , Passbolt Patch your modules. Security patches are released every 3rd Tuesday of the month by the Drupal Security team . Sign up to security announcements. You can use RSS feeds to bring updates to your slack, teams, etc. There is also a Discord site . Use tools that make your code better. e.g. CI to make it more readable (coding styles, comments). Code reviews. Write the least amount of code as possible. No code is best ie only using Core and Contrib modules. (IMO, as a developer this is impossible 😂)    Contrib modules to help improve Drupal security Cloudsec - Uses the Crowdsec service to block malicious traffic Username enumeration prevention - ...

Today I deployed a Laravel 10 Jetstream Inertia based app on LEMP stack and Ubuntu 22. Here is the gist of what I went through. Deploy server with Ubuntu 22 I deployed a private Github repo so I needed to generate a public ssh key for your user . ssh-keygen -t ed25519-sk -C "YOUR_EMAIL" . Next add that key to your Github repo deploy tokens. Clone repo to /var/www/[your-site] git clone [myrepo] . Install Basic Laravel with LEMP stack and Composer with this tutorial . Also handy to refer to Laravel's recommended Nginx config Used strong (level 2) password for mysql setup which required logging in using sudo mysql and setting the root password before continuing with the usual sudo mysql_secure_installation process. Also needed additional php plugins for my app php-gd, php-zip My public folder was not in the root so I have to set it to ./laravel/public for my vhost file. In order to mock my production domain (which does not have DNS records yet). I edited my local...

  SSH ports Self hosted Gitlab normally uses port 22 for SSH access. When running docker this is not ideal as its usually used by the server. Its best to map it to another port. The Gitlab docs provides an example of using port 2224. Gitlab Web UI booted up great! But I could not clone or push to the repos using port 2224. First this port is blocked by my organisations firewall. Using online tools I checked if it was accessible outside of our network. Nada! We proxy our traffic using Cloudflare. To get it working, I used one of the allowed non-caching ports. This allows me to have my Web UI proxied but still have access to SSH for git cloning. There are other options available . Server specs I used a cloud server and initially set the specs too low. Ensure to check the minimum server requirements before selecting your specs. Boot time Although docker compose reports that the container is running as soon as you issue the docker compose up -d command, it takes a while f...