General system administration on Digital Ocean droplet?


#1

Outside of managing Discourse (updates, plug-ins, backups), how much system administration is require when using a Digital Ocean droplet to host Discourse?
Do you need to do your own OS and other security and maintenance patches and updates?


(Kane York) #2

Not much. Discourse upgrades are a one-click “push the button” deal, and updates to libraries require a brief SSH session: cd /var/discourse ; ./launcher rebuild app ; exit

The recommended setup turns on unattended-upgrades which will automatically install security updates on the host.


#3

So basically, if I regularly make an off-line backup of the Discourse database + uploaded files, the worst thing that can happen after I screw something up or get compromised by an exploitable bug is to re-created the droplet and upload the Discourse backup?


(Kane York) #4

Well, not quite.

That depends on the scope of the bug. If it’s host-level, and the attackers don’t bother trying to steal your database, then all you need to do is nuke the droplet and start over with the backup, yes.

In the worst-case scenario, the attackers somehow manage to install a persistent backdoor into the database (I honestly don’t know how that would work, but let’s pretend it’s possible) and deleted all the on-server backups, which would make you have to … fall back to one you downloaded before. You’d also be dealing with the fact that they obtained passwords (PBKDF2 with salt) for the users who have passwords and will likely work on cracking those.

They could try mining the drafts and private messages for PII.

In other words, based on what you just said? Worst-case is that you tell people password hashes were stolen, which is heavily mitigated by users who (guess what?) don’t have Discourse passwords.