I have some experience with hosting a website with Digital Ocean, but I’m no server administrator or cyber security expert at all. However, I am completely paranoid about server security.
So i was wondering: how safe is it to run a “one click install” of Discourse on Digital Ocean. Is it still necessary to harden the security of the app, or is it safe out of the box.
Guess I want to ask if even without security knowledge, it’s safe to run an own Discourse app on Digital Ocean.
I’d suggest to utilise their image plans instead of the one-click as it’s so simple, trust me, no knowledge needed but otherwise it’s fine as Discourse has built-in security measures for sites and tools that are useful but you could also describe your singular issues and we can always help you, it’s completely safe to fully answer your question.
On the installs that I do I enable auto-security upgrades and automatic reboots when they are required. I don’t recommend it, but I’ve had people leave those sites running for years without doing even a single upgrade.
I’d recommend creating the droplet with an SSH key so that password logins via SSH are disabled by default or endeavoring to do that. You can also install fail2ban, but disabling passwords completely is a good idea.
I’d recommend following the offical install guidelines if only so you see how things work so you can do rebuilds.
Thanks! Only using SSH and keeping Discourse up-to-date are certainly things that I planned on doing Good to hear that just the basic security rules are enough, and that you don’t have to be a cyber security expert to run a safe version of Discourse.
They go to great lengths to see that things are safe. If you keep up with upgrades for both Discourse and your OS as it sounds like you’ll do, you should be in good shape!