Level 17
please update the step 6 and 7 for php7 thanks :)
Jan 27, 2016
5
Level 5
Forge Server - Securities and Improvements
I made a checklist that I am doing on every Forge Install. I want to specify that I`m not a Linux expert and I get well documented before making this list.
Please fell free to add or comment about this list.
After fresh installation of Forge:
- Install LetEncrypt SSL
- Install RECIPE: Patch LOGJAM Vulnerability
- This is for SSL Log-Jam Fix
- Install RECIPE: SSL Optimization
- The recipe can be found here: https://laravel-news.com/2016/01/optimizing-ssl-laravel-forge/
- Enable HTTP Strict Transport Security (HSTS)
- In your site’s nginx configuration file add this line to your server block:
-
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
- Enable HTTP/2
- This is by far the simplest step. In your site’s nginx configuration file add “http2” to the end of the listen line for the server block.
-
listen 443 ssl http2;
- Install RECIPE: ConfigServer Security & Firewall
- The recipe can be found here: http://forgerecipes.com/recipes/41
- Install RECIPE: Auto Update Server
- The recipe can be found here: http://forgerecipes.com/recipes/56
Level 21
Is ConfigServer Security & Firewall recommended still... doesn't forge configure the firewall automatically already?
Level 21
And as far as I know forge also does the Auto Update Server for critical stuff :
Otherwise it is never a good idea to just update automatically on a production server anyway... just the critical bug/security fixes.
Level 53
Forge is very secure and the only changes you need to make is if you need to open ports or add a sudoer or a small config change for nginx, etc. Security updates are done as well as composer.phar updates. All other non-critical patches/fixes will need to be done by the admin.
Level 5
Hi there, I was just wondering if there was any further update to what is recommended for server hardening as of September 2018?
Please or to participate in this conversation.