Skip to content
Menu
Randy's Tech Blog
  • Privacy Policy
Randy's Tech Blog

Starting a New Site

Posted on December 23, 2019December 23, 2019

The site is built in an EC2 instance in AWS. I looked at the sizing and settled on a Micro instance for both this site and my personal blog site (blog.randybear.com). Nginx is running as the reverse proxy server to manage traffic from either domain to the appropriate WordPress site. I also have put in place TLS encryption using a Let’s Encrypt certificate. Still some work to do there as the connections only go as high as TLSv1.1 instead of 1.2.

Based on reading, it seems I can modify the Let’s Encrypt Nginx configuration file to manage that upgrade in strength. However, there are some warning messages about the issue of future updates from Let’s Encrypt. Based on some of the chatter in the boards, I don’t think the Let’s Encrypt tech team is too happy about this approach and favors stronger TLS encryption.

There is one shared database for the two WordPress instances. It’s not exposed to the outside world and requires either CLI access or an SSH tunnel using my SSH keys to connect to it. That’s probably the best approach for sites since the security is pretty air tight using SSH keys.There is no other way into the site other than using the key. The downside is that if that key is lost, there is no way to get back into the instance.

I’ll have more information as I build out the details of the site. There are still things I want to configure to improve the security of it as well as usability.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Log4j Could Have Been A Lot Worse
  • Are We Leaving Ourselves Open For Attack?
  • A Digital Immunity Certificate
  • A Collection of Breached Data
  • The Growth of the Cloud

Categories

  • Cloud Computing
  • Healthcare
  • New Technology
  • Security
  • Uncategorized

Tags

2020 predictions (1) AI and ML (1) APT29 (1) AWS (2) Azure (1) Blogging (1) Chinese APT (1) COVID-19 (1) Data Breach (1) Equifax (1) GCP (1) Log4j (1) Network Security (2) Robotics (1) Self-Driving Vehicles (1) Solarwinds (1) Vaccine (1) Wordpress (1)

Recent Comments

  • Randy Bear on Are We Leaving Ourselves Open For Attack?
  • Q on Are We Leaving Ourselves Open For Attack?

Archives

  • January 2022
  • December 2020
  • November 2020
  • February 2020
  • January 2020
  • December 2019
©2022 Randy's Tech Blog | WordPress Theme by Superbthemes.com