
The site is built in an EC2 instance in AWS. I looked at the sizing and settled on a Micro instance for both this site and my personal blog site (blog.randybear.com). Nginx is running as the reverse proxy server to manage traffic from either domain to the appropriate WordPress site. I also have put in place TLS encryption using a Let’s Encrypt certificate. Still some work to do there as the connections only go as high as TLSv1.1 instead of 1.2.
Based on reading, it seems I can modify the Let’s Encrypt Nginx configuration file to manage that upgrade in strength. However, there are some warning messages about the issue of future updates from Let’s Encrypt. Based on some of the chatter in the boards, I don’t think the Let’s Encrypt tech team is too happy about this approach and favors stronger TLS encryption.
There is one shared database for the two WordPress instances. It’s not exposed to the outside world and requires either CLI access or an SSH tunnel using my SSH keys to connect to it. That’s probably the best approach for sites since the security is pretty air tight using SSH keys.There is no other way into the site other than using the key. The downside is that if that key is lost, there is no way to get back into the instance.
I’ll have more information as I build out the details of the site. There are still things I want to configure to improve the security of it as well as usability.